diff --git a/.github/workflows/generate-chart-readme.yml b/.github/workflows/generate-chart-readme.yml index 4eb3e28139..a876109a4f 100644 --- a/.github/workflows/generate-chart-readme.yml +++ b/.github/workflows/generate-chart-readme.yml @@ -30,10 +30,13 @@ on: - 'bitnami/metrics-server/values.yaml' - 'bitnami/minio/values.yaml' - 'bitnami/mongodb/values.yaml' - - "bitnami/oauth2-proxy/values.yaml" + - 'bitnami/mysql/values.yaml' + - 'bitnami/nats/values.yaml' + - 'bitnami/nginx/values.yaml' - 'bitnami/nginx-ingress-controller/values.yaml' - 'bitnami/node/values.yaml' - 'bitnami/node-exporter/values.yaml' + - 'bitnami/oauth2-proxy/values.yaml' - 'bitnami/parse/values.yaml' - 'bitnami/phabricator/values.yaml' - 'bitnami/phpbb/values.yaml' @@ -52,7 +55,7 @@ jobs: - name: Checkout bitnami-labs/readme-generator-for-helm uses: actions/checkout@v2 with: - repository: "bitnami-labs/readme-generator-for-helm" + repository: 'bitnami-labs/readme-generator-for-helm' path: readme-generator-for-helm - name: Cache node modules @@ -78,7 +81,7 @@ jobs: id: pr-file-changes uses: trilom/file-changes-action@v1.2.3 with: - fileOutput: " " + fileOutput: ' ' - name: Prepare readme-generator-for-helm inputs run: | diff --git a/bitnami/mysql/Chart.yaml b/bitnami/mysql/Chart.yaml index 53e42b5e9d..74195960d0 100644 --- a/bitnami/mysql/Chart.yaml +++ b/bitnami/mysql/Chart.yaml @@ -25,4 +25,4 @@ name: mysql sources: - https://github.com/bitnami/bitnami-docker-mysql - https://mysql.com -version: 8.7.1 +version: 8.7.2 diff --git a/bitnami/mysql/README.md b/bitnami/mysql/README.md index 8e8f15224a..39e7fed314 100644 --- a/bitnami/mysql/README.md +++ b/bitnami/mysql/README.md @@ -46,222 +46,275 @@ The command removes all the Kubernetes components associated with the chart and ## Parameters -The following table lists the configurable parameters of the MySQL chart and their default values. +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `nil` | -| Parameter | Description | Default | -|---------------------------|-------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | ### Common parameters -| Parameter | Description | Default | -|---------------------|-----------------------------------------------------------------------------|-----------------| -| `nameOverride` | String to partially override common.names.fullname | `nil` | -| `fullnameOverride` | String to fully override common.names.fullname | `nil` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `commonLabels` | Labels to add to all deployed objects | `nil` | -| `commonAnnotations` | Annotations to add to all deployed objects | `[]` | -| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `nil` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `nil` | -| `priorityClassName` | Name of priority class | `nil` | +| Name | Description | Value | +| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname template | `nil` | +| `clusterDomain` | Cluster domain | `cluster.local` | +| `commonAnnotations` | Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `commonLabels` | Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `nil` | + ### MySQL common parameters -| Parameter | Description | Default | -|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `image.registry` | MySQL image registry | `docker.io` | -| `image.repository` | MySQL image name | `bitnami/mysql` | -| `image.tag` | MySQL image tag | `{TAG_NAME}` | -| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` | -| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ | -| `auth.database` | Name for a custom database to create | `my_database` | -| `auth.username` | Name for a custom user to create | `""` | -| `auth.password` | Password for the new user. Ignored if existing secret is provided | _random 10 character long alphanumeric string_ | -| `auth.replicationUser` | MySQL replication user | `nil` | -| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | _random 10 character long alphanumeric string_ | -| `auth.forcePassword` | Force users to specify required passwords | `false` | -| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` | -| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | -| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `image.registry` | MySQL image registry | `docker.io` | +| `image.repository` | MySQL image repository | `bitnami/mysql` | +| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.25-debian-10-r37` | +| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` | +| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` | +| `auth.database` | Name for a custom database to create | `my_database` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | +| `auth.replicationUser` | MySQL replication user | `replicator` | +| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` | +| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `nil` | +| `auth.forcePassword` | Force users to specify required passwords | `false` | +| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | +| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | + ### MySQL Primary parameters -| Parameter | Description | Default | -|----------------------------------------------|-----------------------------------------------------------------------------------------------------------------|--------------------------------| -| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `nil` | -| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `nil` | -| `primary.configuration` | MySQL Primary configuration to be injected as ConfigMap | Check `values.yaml` file | -| `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration | `nil` | -| `primary.updateStrategy` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | -| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` (evaluated as a template) | -| `primary.hostAliases` | Add deployment host aliases | `[]` | -| `primary.podLabels` | Additional pod labels for MySQL primary pods | `{}` (evaluated as a template) | -| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` (evaluated as a template) | -| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` (evaluated as a template) | -| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` (evaluated as a template) | -| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | -| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | -| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | -| `primary.livenessProbe` | Liveness probe configuration for MySQL primary containers | Check `values.yaml` file | -| `primary.readinessProbe` | Readiness probe configuration for MySQL primary containers | Check `values.yaml` file | -| `primary.startupProbe` | Startup probe configuration for MySQL primary containers | Check `values.yaml` file | -| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `nil` | -| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `nil` | -| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `nil` | -| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | -| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | -| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `{}` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `nil` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `nil` | -| `primary.extraFlags` | MySQL primary additional command line flags | `nil` | -| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim` | `true` | -| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `nil` | -| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` (evaluated as a template) | -| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `nil` | -| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `[ReadWriteOnce]` | -| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | -| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) | -| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `{}` (evaluated as a template) | -| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `{}` (evaluated as a template) | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `{}` | -| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | -| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `nil` | -| `primary.service.port` | MySQL Primary K8s service port | `3306` | -| `primary.service.nodePort` | MySQL Primary K8s service node port | `nil` | -| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MySQL Primary service is LoadBalancer | `[]` | -| `primary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | -| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `nil` | +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | +| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` | +| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` | +| `primary.hostAliases` | Deployment pod host aliases | `[]` | +| `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | +| `primary.existingConfiguration` | Name of existing ConfigMap with MySQL Primary configuration. | `nil` | +| `primary.updateStrategy` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | +| `primary.rollingUpdatePartition` | Partition update strategy for MySQL Primary statefulset | `nil` | +| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | +| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` | +| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | +| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | +| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | +| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.startupProbe.enabled` | Enable startupProbe | `true` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `primary.startupProbe.successThreshold` | Success threshold for v | `1` | +| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` | +| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` | +| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` | +| `primary.extraFlags` | MySQL primary additional command line flags | `""` | +| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` | +| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | +| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `nil` | +| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `nil` | +| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` | +| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `[]` | +| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` | +| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` | +| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | +| `primary.service.port` | MySQL Primary K8s service port | `3306` | +| `primary.service.nodePort` | MySQL Primary K8s service node port | `""` | +| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` | +| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` | +| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `primary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | +| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | +| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `nil` | +| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | + ### MySQL Secondary parameters -| Parameter | Description | Default | -|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|--------------------------------| -| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `nil` | -| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `nil` | -| `secondary.configuration` | MySQL Secondary configuration to be injected as ConfigMap | Check `values.yaml` file | -| `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration | `nil` | -| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | -| `secondary.hostAliases` | Add deployment host aliases | `[]` | -| `secondary.updateStrategy` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | -| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` (evaluated as a template) | -| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` (evaluated as a template) | -| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | -| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | -| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` (evaluated as a template) | -| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` (evaluated as a template) | -| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` (evaluated as a template) | -| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | -| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | -| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | -| `secondary.livenessProbe` | Liveness probe configuration for MySQL secondary containers | Check `values.yaml` file | -| `secondary.readinessProbe` | Readiness probe configuration for MySQL secondary containers | Check `values.yaml` file | -| `secondary.startupProbe` | Startup probe configuration for MySQL secondary containers | Check `values.yaml` file | -| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `nil` | -| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `nil` | -| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `nil` | -| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | -| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | -| `secondary.extraEnvVars` | Extra environment variables to be set on MySQL secondary containers | `{}` | -| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `nil` | -| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `nil` | -| `secondary.extraFlags` | MySQL secondary additional command line flags | `nil` | -| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | -| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` (evaluated as a template) | -| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `nil` | -| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `[ReadWriteOnce]` | -| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | -| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) | -| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `{}` (evaluated as a template) | -| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `{}` (evaluated as a template) | -| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `{}` | -| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `{}` | -| `secondary.service.type` | MySQL secondary K8s service type | `ClusterIP` | -| `secondary.service.clusterIP` | MySQL secondary K8s service clusterIP IP | `nil` | -| `secondary.service.port` | MySQL secondary K8s service port | `3306` | -| `secondary.service.nodePort` | MySQL secondary K8s service node port | `nil` | -| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MySQL secondary service is LoadBalancer | `[]` | -| `secondary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | -| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | -| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `nil` | +| Name | Description | Value | +| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------- | +| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | +| `secondary.hostAliases` | Deployment pod host aliases | `[]` | +| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | +| `secondary.existingConfiguration` | Name of existing ConfigMap with MySQL Secondary configuration. | `nil` | +| `secondary.updateStrategy` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | +| `secondary.rollingUpdatePartition` | Partition update strategy for MySQL Secondary statefulset | `nil` | +| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | +| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | +| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | +| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` | +| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` | +| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` | +| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | +| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | +| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | +| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | +| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | +| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `secondary.startupProbe.enabled` | Enable startupProbe | `true` | +| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | +| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` | +| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` | +| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` | +| `secondary.extraFlags` | MySQL secondary additional command line flags | `""` | +| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` | +| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` | +| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` | +| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | +| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `nil` | +| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` | +| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `[]` | +| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | +| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` | +| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` | +| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` | +| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` | +| `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` | +| `secondary.service.port` | MySQL secondary Kubernetes service port | `3306` | +| `secondary.service.nodePort` | MySQL secondary Kubernetes service node port | `""` | +| `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` | +| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` | +| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `secondary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | +| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | +| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `nil` | +| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | + ### RBAC parameters -| Parameter | Description | Default | -|------------------------------|--------------------------------------------------------|------------------------------------------------------| -| `serviceAccount.create` | Enable the creation of a ServiceAccount for MySQL pods | `true` | -| `serviceAccount.name` | Name of the created ServiceAccount | Generated using the `common.names.fullname` template | -| `serviceAccount.annotations` | Annotations for MySQL Service Account | `{}` (evaluated as a template) | -| `rbac.create` | Whether to create & use RBAC resources or not | `false` | +| Name | Description | Value | +| ---------------------------- | ------------------------------------------------------ | ------- | +| `serviceAccount.create` | Enable the creation of a ServiceAccount for MySQL pods | `true` | +| `serviceAccount.name` | Name of the created ServiceAccount | `nil` | +| `serviceAccount.annotations` | Annotations for MySQL Service Account | `{}` | +| `rbac.create` | Whether to create & use RBAC resources or not | `false` | + ### Network Policy -| Parameter | Description | Default | -|------------------------------|--------------------------------------------------------|------------------------------------------------------| -| `networkPolicy.enabled` | Enable MySQL NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for MySQL connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL | `{}` | + +| Name | Description | Value | +| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | +| `networkPolicy.allowExternal` | The Policy model to apply. | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL | `{}` | + ### Volume Permissions parameters -| Parameter | Description | Default | -|----------------------------------------|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `"10"` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| Name | Description | Value | +| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r117` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources` | Init container volume-permissions resources | `{}` | + ### Metrics parameters -| Parameter | Description | Default | -|-------------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Exporter image registry | `docker.io` | -| `metrics.image.repository` | Exporter image name | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` | -| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` | -| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` | -| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` | -| `metrics.service.annotations` | Prometheus exporter svc annotations | `{prometheus.io/scrape: "true", prometheus.io/port: "9104"}` | -| `metrics.resources.limits` | The resources limits for MySQL prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for MySQL prometheus exporter containers | `{}` | -| `metrics.livenessProbe` | Liveness probe configuration for MySQL prometheus exporter containers | Check `values.yaml` file | -| `metrics.readinessProbe` | Readiness probe configuration for MySQL prometheus exporter containers | Check `values.yaml` file | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `nil` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` | -| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | -| `metrics.serviceMonitor.release` | Used to pass Labels release that sometimes should be custom for Prometheus Operator | `nil` | +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Exporter image registry | `docker.io` | +| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.13.0-debian-10-r19` | +| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` | +| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` | +| `metrics.service.annotations` | Prometheus exporter service annotations | `{}` | +| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` | +| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` | +| `metrics.resources.limits` | The resources limits for MySQL prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for MySQL prometheus exporter containers | `{}` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `nil` | +| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.release` | Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work | `nil` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | + The above parameters map to the env variables defined in [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql). For more information please refer to the [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql) image documentation. diff --git a/bitnami/mysql/values.yaml b/bitnami/mysql/values.yaml index 28e789c865..e77c3d86a4 100644 --- a/bitnami/mysql/values.yaml +++ b/bitnami/mysql/values.yaml @@ -1,15 +1,56 @@ +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) ## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: + +## @section Common parameters + +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: +## @param clusterDomain Cluster domain +## +clusterDomain: cluster.local +## @param commonAnnotations Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} +## @param commonLabels Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} +## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template +## +extraDeploy: [] +## @param schedulerName Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: + +## @section MySQL common parameters ## Bitnami MySQL image ## ref: https://hub.docker.com/r/bitnami/mysql/tags/ +## @param image.registry MySQL image registry +## @param image.repository MySQL image repository +## @param image.tag MySQL image tag (immutable tags are recommended) +## @param image.pullPolicy MySQL image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled ## image: registry: docker.io @@ -31,66 +72,45 @@ image: ## It turns BASH and/or NAMI debugging in the image ## debug: false - -## String to partially override common.names.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override common.names..fullname template -## -# fullnameOverride: - -## Cluster domain -## -clusterDomain: cluster.local - -## Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} - -## Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## MySQL architecture. Allowed values: standalone or replication +## @param architecture MySQL architecture (`standalone` or `replication`) ## architecture: standalone - ## MySQL Authentication parameters ## auth: - ## MySQL root password + ## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run ## rootPassword: "" - ## MySQL custom user and database + ## @param auth.database Name for a custom database to create ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-on-first-run - ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-user-on-first-run ## database: my_database + ## @param auth.username Name for a custom user to create + ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-user-on-first-run + ## username: "" + ## @param auth.password Password for the new user. Ignored if existing secret is provided + ## password: "" - ## MySQL replication user and password + ## @param auth.replicationUser MySQL replication user ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster ## replicationUser: replicator - replicationPassword: "" - ## Existing secret with MySQL credentials - ## NOTE: When it's set the previous parameters are ignored. + ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided ## - # existingSecret: name-of-existing-secret - ## Force users to specify required passwords + replicationPassword: "" + ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` + ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. + ## + existingSecret: + ## @param auth.forcePassword Force users to specify required passwords ## forcePassword: false - ## Mount credentials as files instead of using an environment variable + ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable ## usePasswordFiles: false - ## Use custom secret files other than chart provided when usePasswordFiles is set to "true" + ## @param auth.customPasswordFiles Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` ## Example: ## customPasswordFiles: ## root: /vault/secrets/mysql-root @@ -98,8 +118,7 @@ auth: ## replicator: /vault/secrets/mysql-replicator ## customPasswordFiles: {} - -## initdb scripts +## @param initdbScripts Dictionary of initdb scripts ## Specify dictionary of scripts to be run at first boot ## Example: ## initdbScripts: @@ -108,26 +127,675 @@ auth: ## echo "Do something." ## initdbScripts: {} - -## Existing ConfigMap with custom init scripts +## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## -# initdbScriptsConfigMap: +initdbScriptsConfigMap: + +## @section MySQL Primary parameters + +primary: + ## @param primary.command Override default container command on MySQL Primary container(s) (useful when using custom images) + ## + command: [] + ## @param primary.args Override default container args on MySQL Primary container(s) (useful when using custom images) + ## + args: [] + ## @param primary.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + configuration: |- + [mysqld] + default_authentication_plugin=mysql_native_password + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mysql + plugin_dir=/opt/bitnami/mysql/lib/plugin + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + datadir=/bitnami/mysql/data + tmpdir=/opt/bitnami/mysql/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + log-error=/opt/bitnami/mysql/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + default-character-set=UTF8 + plugin_dir=/opt/bitnami/mysql/lib/plugin + + [manager] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + ## @param primary.existingConfiguration Name of existing ConfigMap with MySQL Primary configuration. + ## NOTE: When it's set the 'configuration' parameter is ignored + ## + existingConfiguration: + ## @param primary.updateStrategy Update strategy type for the MySQL primary statefulset + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: RollingUpdate + ## @param primary.rollingUpdatePartition Partition update strategy for MySQL Primary statefulset + ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions + ## + rollingUpdatePartition: + ## @param primary.podAnnotations Additional pod annotations for MySQL primary pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param primary.podAffinityPreset MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param primary.podAntiAffinityPreset MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## MySQL Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param primary.nodeAffinityPreset.type MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param primary.nodeAffinityPreset.key MySQL primary node label key to match Ignored if `primary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param primary.nodeAffinityPreset.values MySQL primary node label values to match. Ignored if `primary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param primary.affinity Affinity for MySQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param primary.nodeSelector Node labels for MySQL primary pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param primary.tolerations Tolerations for MySQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## MySQL primary Pod security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param primary.podSecurityContext.enabled Enable security context for MySQL primary pods + ## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## MySQL primary container security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext + ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## MySQL primary container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param primary.resources.limits The resources limits for MySQL primary containers + ## @param primary.resources.requests The requested resources for MySQL primary containers + ## + resources: + ## Example: + ## limits: + ## cpu: 250m + ## memory: 256Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 250m + ## memory: 256Mi + requests: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param primary.livenessProbe.enabled Enable livenessProbe + ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param primary.readinessProbe.enabled Enable readinessProbe + ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Configure extra options for startupProbe probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param primary.startupProbe.enabled Enable startupProbe + ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe + ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param primary.startupProbe.successThreshold Success threshold for v + ## + startupProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 60 + successThreshold: 1 + ## @param primary.customLivenessProbe Override default liveness probe for MySQL primary containers + ## + customLivenessProbe: {} + ## @param primary.customReadinessProbe Override default readiness probe for MySQL primary containers + ## + customReadinessProbe: {} + ## @param primary.customStartupProbe Override default startup probe for MySQL primary containers + ## + customStartupProbe: {} + ## @param primary.extraFlags MySQL primary additional command line flags + ## Can be used to specify command line flags, for example: + ## E.g. + ## extraFlags: "--max-connect-errors=1000 --max_connections=155" + ## + extraFlags: "" + ## @param primary.extraEnvVars Extra environment variables to be set on MySQL primary containers + ## E.g. + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: [] + ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL primary containers + ## + extraEnvVarsCM: "" + ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers + ## + extraEnvVarsSecret: "" + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 8Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param primary.extraVolumes Optionally specify extra list of additional volumes to the MySQL Primary pod(s) + ## + extraVolumes: [] + ## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) + ## + extraVolumeMounts: [] + ## @param primary.initContainers Add additional init containers for the MySQL Primary pod(s) + ## + initContainers: [] + ## @param primary.sidecars Add additional sidecar containers for the MySQL Primary pod(s) + ## + sidecars: [] + ## MySQL Primary Service parameters + ## + service: + ## @param primary.service.type MySQL Primary K8s service type + ## + type: ClusterIP + ## @param primary.service.port MySQL Primary K8s service port + ## + port: 3306 + ## @param primary.service.nodePort MySQL Primary K8s service node port + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param primary.service.clusterIP MySQL Primary K8s service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param primary.service.loadBalancerIP MySQL Primary loadBalancerIP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param primary.service.externalTrafficPolicy Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param primary.service.loadBalancerSourceRanges Addresses that are allowed when MySQL Primary service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## E.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param primary.service.annotations Provide any additional annotations which may be required + ## + annotations: {} + ## MySQL primary Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param primary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL primary pods + ## + enabled: false + ## @param primary.pdb.minAvailable Minimum number/percentage of MySQL primary pods that should remain scheduled + ## + minAvailable: 1 + ## @param primary.pdb.maxUnavailable Maximum number/percentage of MySQL primary pods that may be made unavailable + ## + maxUnavailable: + ## @param primary.podLabels MySQL Primary pod label. If labels are same as commonLabels , this will take precedence + ## + podLabels: {} + +## @section MySQL Secondary parameters + +secondary: + ## @param secondary.replicaCount Number of MySQL secondary replicas + ## + replicaCount: 1 + ## @param secondary.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param secondary.command Override default container command on MySQL Secondary container(s) (useful when using custom images) + ## + command: [] + ## @param secondary.args Override default container args on MySQL Secondary container(s) (useful when using custom images) + ## + args: [] + ## @param secondary.configuration [string] Configure MySQL Secondary with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + configuration: |- + [mysqld] + default_authentication_plugin=mysql_native_password + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mysql + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + datadir=/bitnami/mysql/data + tmpdir=/opt/bitnami/mysql/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + log-error=/opt/bitnami/mysql/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + default-character-set=UTF8 + + [manager] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + ## @param secondary.existingConfiguration Name of existing ConfigMap with MySQL Secondary configuration. + ## NOTE: When it's set the 'configuration' parameter is ignored + ## + existingConfiguration: + ## @param secondary.updateStrategy Update strategy type for the MySQL secondary statefulset + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: RollingUpdate + ## @param secondary.rollingUpdatePartition Partition update strategy for MySQL Secondary statefulset + ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions + ## + rollingUpdatePartition: + ## @param secondary.podAnnotations Additional pod annotations for MySQL secondary pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param secondary.podAffinityPreset MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param secondary.podAntiAffinityPreset MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + ## MySQL Secondary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param secondary.nodeAffinityPreset.type MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param secondary.nodeAffinityPreset.key MySQL secondary node label key to match Ignored if `secondary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param secondary.nodeAffinityPreset.values MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param secondary.affinity Affinity for MySQL secondary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param secondary.nodeSelector Node labels for MySQL secondary pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param secondary.tolerations Tolerations for MySQL secondary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## MySQL secondary Pod security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods + ## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## MySQL secondary container security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext + ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## MySQL secondary container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param secondary.resources.limits The resources limits for MySQL secondary containers + ## @param secondary.resources.requests The requested resources for MySQL secondary containers + ## + resources: + ## Example: + ## limits: + ## cpu: 250m + ## memory: 256Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 250m + ## memory: 256Mi + requests: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param secondary.livenessProbe.enabled Enable livenessProbe + ## @param secondary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param secondary.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param secondary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param secondary.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param secondary.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param secondary.readinessProbe.enabled Enable readinessProbe + ## @param secondary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param secondary.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param secondary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param secondary.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param secondary.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Configure extra options for startupProbe probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param secondary.startupProbe.enabled Enable startupProbe + ## @param secondary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param secondary.startupProbe.periodSeconds Period seconds for startupProbe + ## @param secondary.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param secondary.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param secondary.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 60 + successThreshold: 1 + ## @param secondary.customLivenessProbe Override default liveness probe for MySQL secondary containers + ## + customLivenessProbe: {} + ## @param secondary.customReadinessProbe Override default readiness probe for MySQL secondary containers + ## + customReadinessProbe: {} + ## @param secondary.customStartupProbe Override default startup probe for MySQL secondary containers + ## + customStartupProbe: {} + ## @param secondary.extraFlags MySQL secondary additional command line flags + ## Can be used to specify command line flags, for example: + ## E.g. + ## extraFlags: "--max-connect-errors=1000 --max_connections=155" + ## + extraFlags: "" + ## @param secondary.extraEnvVars An array to add extra environment variables on MySQL secondary containers + ## E.g. + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: [] + ## @param secondary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL secondary containers + ## + extraEnvVarsCM: "" + ## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers + ## + extraEnvVarsSecret: "" + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param secondary.persistence.enabled Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` + ## + enabled: true + ## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: + ## @param secondary.persistence.annotations MySQL secondary persistent volume claim annotations + ## + annotations: {} + ## @param secondary.persistence.accessModes MySQL secondary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param secondary.persistence.size MySQL secondary persistent volume size + ## + size: 8Gi + ## @param secondary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param secondary.extraVolumes Optionally specify extra list of additional volumes to the MySQL secondary pod(s) + ## + extraVolumes: [] + ## @param secondary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) + ## + extraVolumeMounts: [] + ## @param secondary.initContainers Add additional init containers for the MySQL secondary pod(s) + ## + initContainers: [] + ## @param secondary.sidecars Add additional sidecar containers for the MySQL secondary pod(s) + ## + sidecars: [] + ## MySQL Secondary Service parameters + ## + service: + ## @param secondary.service.type MySQL secondary Kubernetes service type + ## + type: ClusterIP + ## @param secondary.service.port MySQL secondary Kubernetes service port + ## + port: 3306 + ## @param secondary.service.nodePort MySQL secondary Kubernetes service node port + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param secondary.service.clusterIP MySQL secondary Kubernetes service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param secondary.service.loadBalancerIP MySQL secondary loadBalancerIP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param secondary.service.externalTrafficPolicy Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param secondary.service.loadBalancerSourceRanges Addresses that are allowed when MySQL secondary service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## E.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param secondary.service.annotations Provide any additional annotations which may be required + ## + annotations: {} + ## MySQL secondary Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param secondary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL secondary pods + ## + enabled: false + ## @param secondary.pdb.minAvailable Minimum number/percentage of MySQL secondary pods that should remain scheduled + ## + minAvailable: 1 + ## @param secondary.pdb.maxUnavailable Maximum number/percentage of MySQL secondary pods that may be made unavailable + ## + maxUnavailable: + ## @param secondary.podLabels Additional pod labels for MySQL secondary pods + ## + podLabels: {} + +## @section RBAC parameters + +## MySQL pods ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for MySQL pods + ## + create: true + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the mysql.fullname template + ## + name: + ## @param serviceAccount.annotations Annotations for MySQL Service Account + ## + annotations: {} +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## + create: false + +## @section Network Policy ## MySQL Nework Policy configuration ## networkPolicy: - ## Enable creation of NetworkPolicy resources. + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening ## on. When true, MySQL will accept connections from any source ## (with the correct destination port). ## allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL + ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace ## and that match other criteria, the ones that have the good label, can reach the DB. ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. @@ -141,648 +809,21 @@ networkPolicy: ## explicitNamespacesSelector: {} -## MySQL Primary parameters -## -primary: - ## Command and args for running the container (set to default if not set). Use array form - ## - command: [] - args: [] - - ## Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - - ## Configure MySQL Primary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mysql/lib/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - - ## Name of existing ConfigMap with MySQL Primary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - # existingConfiguration: - - ## updateStrategy for MySQL Primary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: RollingUpdate - - ## Partition update strategy for MySQL Primary statefulset - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - # rollingUpdatePartition: - - ## MySQL Primary pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - - ## MySQL Primary pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - - ## MySQL Primary pod anti-affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - - ## MySQL Primary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - - ## Affinity for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - - ## Node labels for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Tolerations for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## MySQL primary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - - ## MySQL primary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - - ## MySQL primary container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # memory: 256Mi - # cpu: 250m - requests: {} - # memory: 256Mi - # cpu: 250m - - ## MySQL primary container's liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - startupProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 60 - successThreshold: 1 - - ## MySQL primary custom liveness probe - ## - customLivenessProbe: {} - - ## MySQL primary custom rediness probe - ## - customReadinessProbe: {} - - ## MySQL primary custom startup probe - ## - customStartupProbe: {} - - ## MySQL primary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - - ## An array to add extra environment variables on MySQL primary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - - ## ConfigMap with extra env vars for MySQL primary containers: - ## - extraEnvVarsCM: "" - - ## Secret with extra env vars for MySQL primary containers: - ## - extraEnvVarsSecret: "" - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## If true, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: true - ## Name of existing PVC to hold MySQL Primary data - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - # existingClaim: - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Persistent Volume Claim annotations - ## - annotations: {} - ## Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## Persistent Volume size - ## - size: 8Gi - ## selector can be used to match an existing PersistentVolume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - - ## Extra volumes to add to the MySQL Primary pod(s) - ## - extraVolumes: [] - - ## Extra volume mounts to add to the MySQL Primary container(s) - ## - extraVolumeMounts: [] - - ## Extra init containers to add to the MySQL Primary pod(s) - ## - initContainers: [] - - ## Extra sidecar containers to add to the MySQL Primary pod(s) - ## - sidecars: [] - - ## MySQL Primary Service parameters - ## - service: - ## Service type - ## - type: ClusterIP - ## Service port - ## - port: 3306 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## Service clusterIP - ## - # clusterIP: None - clusterIP: "" - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## Provide any additional annotations which may be required - ## - annotations: {} - - ## MySQL primary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - enabled: false - ## Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## Max number of pods that can be unavailable after the eviction - ## - # maxUnavailable: 1 - - ## MySQL Primary pod label. If labels are same as commonLabels , this will take precedence. - ## - podLabels: {} - -## MySQL Secondary parameters -## -secondary: - ## Number of MySQL Secondary replicas to deploy - ## - replicaCount: 1 - - ## Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - - ## Command and args for running the container (set to default if not set). Use array form - ## - command: [] - args: [] - - ## Configure MySQL Secondary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - - ## Name of existing ConfigMap with MySQL Secondary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - # existingConfiguration: - - ## updateStrategy for MySQL Secondary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: RollingUpdate - - ## Partition update strategy for MySQL Secondary statefulset - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - # rollingUpdatePartition: - - ## MySQL Secondary pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - - ## MySQL Secondary pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - - ## MySQL Secondary pod anti-affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - - ## MySQL Secondary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - - ## Affinity for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - - ## Node labels for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Tolerations for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## MySQL secondary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - - ## MySQL secondary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - - ## MySQL secondary container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # memory: 256Mi - # cpu: 250m - requests: {} - # memory: 256Mi - # cpu: 250m - - ## MySQL secondary container's liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - startupProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 60 - successThreshold: 1 - - ## MySQL secondary custom liveness probe - ## - customLivenessProbe: {} - - ## MySQL secondary custom rediness probe - ## - customReadinessProbe: {} - - ## MySQL secondary custom startup probe - ## - customStartupProbe: {} - - ## MySQL secondary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - - ## An array to add extra environment variables on MySQL secondary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - - ## ConfigMap with extra env vars for MySQL secondary containers: - ## - extraEnvVarsCM: "" - - ## Secret with extra env vars for MySQL secondary containers: - ## - extraEnvVarsSecret: "" - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## If true, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: true - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Persistent Volume Claim annotations - ## - annotations: {} - ## Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## Persistent Volume size - ## - size: 8Gi - ## selector can be used to match an existing PersistentVolume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - - ## Extra volumes to add to the MySQL Secondary pod(s) - ## - extraVolumes: [] - - ## Extra volume mounts to add to the MySQL Secondary container(s) - ## - extraVolumeMounts: [] - - ## Extra init containers to add to the MySQL Secondary pod(s) - ## - initContainers: [] - - ## Extra sidecar containers to add to the MySQL Secondary pod(s) - ## - sidecars: [] - - ## MySQL Secondary Service parameters - ## - service: - ## Service type - ## - type: ClusterIP - ## Service port - ## - port: 3306 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## Service clusterIP - ## - # clusterIP: None - clusterIP: "" - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## Provide any additional annotations which may be required - ## - annotations: {} - - ## MySQL secondary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - enabled: false - ## Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## Max number of pods that can be unavailable after the eviction - ## - # maxUnavailable: 1 - - ## MySQL Secondary pod label. If labels are same as commonLabels , this will take precedence. - ## - podLabels: {} - -## MySQL pods ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## Specifies whether a ServiceAccount should be created - ## - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the mysql.fullname template - ## - # name: - ## Annotations to add to the service account (evaluated as a template) - ## - annotations: {} - -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## Specifies whether RBAC rules should be created - ## - create: false +## @section Volume Permissions parameters ## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. ## volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## image: registry: docker.io repository: bitnami/bitnami-shell @@ -791,15 +832,29 @@ volumePermissions: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName + pullSecrets: [] + ## @param volumePermissions.resources Init container volume-permissions resources + ## resources: {} +## @section Metrics parameters + ## Mysqld Prometheus exporter parameters ## metrics: + ## @param metrics.enabled Start a side-car prometheus exporter + ## enabled: false + ## @param metrics.image.registry Exporter image registry + ## @param metrics.image.repository Exporter image repository + ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) + ## @param metrics.image.pullPolicy Exporter image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## image: registry: docker.io repository: bitnami/mysqld-exporter @@ -808,13 +863,17 @@ metrics: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - + pullSecrets: [] ## MySQL Prometheus exporter service parameters ## Mysqld Prometheus exporter liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param metrics.service.type Kubernetes service type for MySQL Prometheus Exporter + ## @param metrics.service.port MySQL Prometheus Exporter service port + ## @param metrics.service.annotations [object] Prometheus exporter service annotations ## service: type: ClusterIP @@ -822,8 +881,8 @@ metrics: annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.service.port }}" - - ## Extra args to be passed to mysqld_exporter + ## @param metrics.extraArgs.primary Extra args to be passed to mysqld_exporter on Primary pods + ## @param metrics.extraArgs.secondary Extra args to be passed to mysqld_exporter on Secondary pods ## ref: https://github.com/prometheus/mysqld_exporter/ ## E.g. ## - --collect.auto_increment.columns @@ -864,24 +923,34 @@ metrics: extraArgs: primary: [] secondary: [] - ## Mysqld Prometheus exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for MySQL prometheus exporter containers + ## @param metrics.resources.requests The requested resources for MySQL prometheus exporter containers ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 100m + ## memory: 256Mi limits: {} - # memory: 256Mi - # cpu: 100m + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 256Mi requests: {} - # memory: 256Mi - # cpu: 100m - - ## Mysqld Prometheus exporter liveness and readiness probes + ## Mysqld Prometheus exporter liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -890,6 +959,15 @@ metrics: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 + ## Mysqld Prometheus exporter readiness probe + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## readinessProbe: enabled: true initialDelaySeconds: 30 @@ -897,37 +975,34 @@ metrics: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 - ## Prometheus Service Monitor ## ref: https://github.com/coreos/prometheus-operator ## serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator ## enabled: false - ## Specify the namespace in which the serviceMonitor resource will be created + ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created ## - # namespace: "" - ## Specify the interval at which metrics should be scraped + namespace: + ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped ## interval: 30s - ## Specify the timeout after which the scrape is ended + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint + scrapeTimeout: + ## @param metrics.serviceMonitor.relabellings Specify Metric Relabellings to add to the scrape endpoint ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint + relabellings: + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint ## honorLabels: false - ## Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work + ## @param metrics.serviceMonitor.release Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work ## - # release: "" - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + release: + ## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec ## additionalLabels: {} - -## Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] diff --git a/bitnami/nats/Chart.yaml b/bitnami/nats/Chart.yaml index bc3e973518..6c1e228ec1 100644 --- a/bitnami/nats/Chart.yaml +++ b/bitnami/nats/Chart.yaml @@ -24,4 +24,4 @@ name: nats sources: - https://github.com/bitnami/bitnami-docker-nats - https://nats.io/ -version: 6.3.11 +version: 6.3.12 diff --git a/bitnami/nats/README.md b/bitnami/nats/README.md index b16851723a..d1c8036799 100644 --- a/bitnami/nats/README.md +++ b/bitnami/nats/README.md @@ -44,168 +44,179 @@ The command removes all the Kubernetes components associated with the chart and ## Parameters -The following tables lists the configurable parameters of the NATS chart and their default values per section/component: - ### Global parameters -| Parameter | Description | Default | -|---------------------------|-------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | + ### Common parameters -| Parameter | Description | Default | -|---------------------|----------------------------------------------------------------------|--------------------------------| -| `nameOverride` | String to partially override common.names.fullname | `nil` | -| `fullnameOverride` | String to fully override common.names.fullname | `nil` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` (evaluated as a template) | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| Name | Description | Value | +| ------------------- | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname template | `nil` | +| `commonLabels` | Add labels to all the deployed resources | `{}` | +| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | + ### NATS parameters -| Parameter | Description | Default | -|----------------------------|--------------------------------------------------------------------------------|---------------------------------------------------------| -| `image.registry` | NATS image registry | `docker.io` | -| `image.repository` | NATS image name | `bitnami/nats` | -| `image.tag` | NATS image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `hostAliases` | Add deployment host aliases | `[]` | -| `auth.enabled` | Switch to enable/disable client authentication | `true` | -| `auth.user` | Client authentication user | `nats_client` | -| `auth.password` | Client authentication password | `random alhpanumeric string (10)` | -| `auth.token` | Client authentication token | `nil` | -| `auth.timeout` | Client authentication timeout (seconds) | `1` | -| `clusterAuth.enabled` | Switch to enable/disable cluster authentication | `true` | -| `clusterAuth.user` | Cluster authentication user | `nats_cluster` | -| `clusterAuth.password` | Cluster authentication password | `random alhpanumeric string (10)` | -| `clusterAuth.token` | Cluster authentication token | `nil` | -| `debug.enabled` | Switch to enable/disable debug on logging | `false` | -| `debug.trace` | Switch to enable/disable trace debug level on logging | `false` | -| `debug.logtime` | Switch to enable/disable logtime on logging | `false` | -| `maxConnections` | Max. number of client connections | `nil` | -| `maxControlLine` | Max. protocol control line | `nil` | -| `maxPayload` | Max. payload | `nil` | -| `writeDeadline` | Duration the server can block on a socket write to a client | `nil` | -| `natsFilename` | Filename used by several NATS files (binary, configurarion file, and pid file) | `nats-server` | -| `command` | Override default container command (useful when using custom images) | `nil` | -| `args` | Override default container args (useful when using custom images) | `nil` | -| `metrics.kafka.extraFlags` | Extra flags to be passed to NATS | `{}` | -| `extraEnvVars` | Extra environment variables to be set on NATS container | `{}` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | +| Name | Description | Value | +| ---------------------- | ------------------------------------------------------------------------------ | -------------------- | +| `image.registry` | NATS image registry | `docker.io` | +| `image.repository` | NATS image repository | `bitnami/nats` | +| `image.tag` | NATS image tag (immutable tags are recommended) | `2.3.2-debian-10-r0` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `auth.enabled` | Switch to enable/disable client authentication | `true` | +| `auth.user` | Client authentication user | `nats_client` | +| `auth.password` | Client authentication password | `nil` | +| `auth.token` | Client authentication token | `nil` | +| `auth.timeout` | Client authentication timeout (seconds) | `1` | +| `clusterAuth.enabled` | Switch to enable/disable cluster authentication | `true` | +| `clusterAuth.user` | Cluster authentication user | `nats_cluster` | +| `clusterAuth.password` | Cluster authentication password | `nil` | +| `clusterAuth.token` | Cluster authentication token | `nil` | +| `debug.enabled` | Switch to enable/disable debug on logging | `false` | +| `debug.trace` | Switch to enable/disable trace debug level on logging | `false` | +| `debug.logtime` | Switch to enable/disable logtime on logging | `false` | +| `maxConnections` | Max. number of client connections | `nil` | +| `maxControlLine` | Max. protocol control line | `nil` | +| `maxPayload` | Max. payload | `nil` | +| `writeDeadline` | Duration the server can block on a socket write to a client | `nil` | +| `natsFilename` | Filename used by several NATS files (binary, configurarion file, and pid file) | `nats-server` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `extraFlags` | Extra flags to be passed to NATS | `{}` | +| `extraEnvVars` | Extra environment variables to be set on NATS container | `[]` | +| `extraEnvVarsCM` | ConfigMap with extra environment variables | `nil` | +| `extraEnvVarsSecret` | Secret with extra environment variables | `nil` | + ### NATS deployment/statefulset parameters -| Parameter | Description | Default | -|-----------------------------|-------------------------------------------------------------------------------------------|--------------------------------| -| `resourceType` | NATS cluster resource type under Kubernetes (Supported: StatefulSets, or Deployment) | `statefulset` | -| `replicaCount` | Number of NATS nodes | `1` | -| `schedulerName` | Name of an alternate | `nil` | -| `priorityClassName` | Name of pod priority class | `nil` | -| `podSecurityContext` | NATS pods' Security Context | Check `values.yaml` file | -| `updateStrategy` | Strategy to use to update Pods | Check `values.yaml` file | -| `containerSecurityContext` | NATS containers' Security Context | Check `values.yaml` file | -| `resources.limits` | The resources limits for the NATS container | `{}` | -| `resources.requests` | The requested resources for the NATS container | `{}` | -| `livenessProbe` | Liveness probe configuration for NATS | Check `values.yaml` file | -| `readinessProbe` | Readiness probe configuration for NATS | Check `values.yaml` file | -| `customLivenessProbe` | Override default liveness probe | `nil` | -| `customReadinessProbe` | Override default readiness probe | `nil` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | -| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | -| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | -| `podLabels` | Extra labels for NATS pods | `{}` (evaluated as a template) | -| `podAnnotations` | Annotations for NATS pods | `{}` (evaluated as a template) | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for NATS container(s) | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for NATS pods | `[]` | -| `initContainers` | Add additional init containers to the NATS pods | `{}` (evaluated as a template) | -| `sidecars` | Add additional sidecar containers to the NATS pods | `{}` (evaluated as a template) | +| Name | Description | Value | +| ------------------------------------ | ---------------------------------------------------------------------------------------------------- | --------------- | +| `resourceType` | NATS cluster resource type under Kubernetes. Allowed values: `statefulset` (default) or `deployment` | `statefulset` | +| `replicaCount` | Number of NATS nodes | `1` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `nil` | +| `priorityClassName` | Name of pod priority class | `nil` | +| `updateStrategy.type` | StrategyType. Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `podSecurityContext` | NATS pods' Security Context | `{}` | +| `containerSecurityContext` | NATS containers' Security Context | `{}` | +| `resources.limits` | The resources limits for the NATS container | `{}` | +| `resources.requests` | The requested resources for the NATS container | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.httpGet.path` | Request path for livenessProbe | `/` | +| `livenessProbe.httpGet.port` | Port for livenessProbe | `monitoring` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/` | +| `readinessProbe.httpGet.port` | Port for readinessProbe | `monitoring` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `podLabels` | Extra labels for NATS pods | `{}` | +| `podAnnotations` | Annotations for NATS pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes for NATS pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for NATS container(s) | `[]` | +| `initContainers` | Add additional init containers to the NATS pods | `{}` | +| `sidecars` | Add additional sidecar containers to the NATS pods | `{}` | -### Exposure parameters -| Parameter | Description | Default | -|-------------------------------------|------------------------------------------------------------------|--------------------------------| -| `client.service.type` | Kubernetes Service type (NATS client) | `ClusterIP` | -| `client.service.port` | NATS client port | `4222` | -| `client.service.nodePort` | Port to bind to for NodePort service type (NATS client) | `nil` | -| `client.service.annotations` | Annotations for NATS client service | {} | -| `client.service.loadBalancerIP` | loadBalancerIP if NATS client service type is `LoadBalancer` | `nil` | -| `cluster.service.type` | Kubernetes Service type (NATS cluster) | `ClusterIP` | -| `cluster.service.port` | NATS cluster port | `6222` | -| `cluster.service.nodePort` | Port to bind to for NodePort service type (NATS cluster) | `nil` | -| `cluster.service.annotations` | Annotations for NATS cluster service | {} | -| `cluster.service.loadBalancerIP` | loadBalancerIP if NATS cluster service type is `LoadBalancer` | `nil` | -| `cluster.connectRetries` | Configure number of connect retries for implicit routes | `nil` | -| `monitoring.service.type` | Kubernetes Service type (NATS monitoring) | `ClusterIP` | -| `monitoring.service.port` | NATS monitoring port | `8222` | -| `monitoring.service.nodePort` | Port to bind to for NodePort service type (NATS monitoring) | `nil` | -| `monitoring.service.annotations` | Annotations for NATS monitoring service | {} | -| `monitoring.service.loadBalancerIP` | loadBalancerIP if NATS monitoring service type is `LoadBalancer` | `nil` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.hostname` | Default host for the ingress resource | `nats.local` | -| `ingress.path` | Default path for the ingress resource | `/` | -| `ingress.tls` | Create TLS Secret | `false` | -| `ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) | -| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` | -| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` | -| `ingress.extraPaths` | Additional arbitrary path/backend objects | `nil` | -| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | -| `networkPolicy.enabled` | Enable the default NetworkPolicy policy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.additionalRules` | Additional NetworkPolicy rules | `{}` (evaluated as a template) | +### Traffic Exposure parameters + +| Name | Description | Value | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | +| `client.service.type` | Kubernetes Service type (NATS client) | `ClusterIP` | +| `client.service.port` | NATS client port | `4222` | +| `client.service.nodePort` | Port to bind to for the LoadBalancer and NodePort service type (NATS client) | `nil` | +| `client.service.annotations` | Annotations for NATS client service | `{}` | +| `client.service.loadBalancerIP` | loadBalancerIP if NATS client service type is `LoadBalancer`, otherwise leave blank | `nil` | +| `cluster.connectRetries` | Configure number of connect retries for implicit routes, otherwise leave blank | `nil` | +| `cluster.service.type` | Kubernetes Service type (NATS cluster) | `ClusterIP` | +| `cluster.service.port` | NATS cluster port | `6222` | +| `cluster.service.nodePort` | Port to bind to for NodePort service type (NATS cluster) | `nil` | +| `cluster.service.annotations` | Annotations for NATS cluster service | `{}` | +| `cluster.service.loadBalancerIP` | loadBalancerIP if NATS cluster service type is `LoadBalancer` | `nil` | +| `monitoring.service.type` | Kubernetes Service type (NATS monitoring) | `ClusterIP` | +| `monitoring.service.port` | NATS monitoring port | `8222` | +| `monitoring.service.nodePort` | Port to bind to for NodePort service type (NATS monitoring) | `nil` | +| `monitoring.service.annotations` | Annotations for NATS monitoring service | `{}` | +| `monitoring.service.loadBalancerIP` | Use loadBalancerIP to request a specific static IP, otherwise leave blank | `nil` | +| `ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | +| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `nil` | +| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `nats.local` | +| `ingress.path` | The Path to NATS. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `ImplementationSpecific` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | +| `networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `networkPolicy.additionalRules` | Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. | `{}` | + ### Metrics parameters -| Parameter | Description | Default | -|--------------------------------------------|--------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `metrics.enabled` | Enable Prometheus metrics via exporter side-car | `false` | -| `metrics.image.registry` | Prometheus metrics exporter image registry | `docker.io` | -| `metrics.image.repository` | Prometheus metrics exporter image name | `bitnami/nats-exporter` | -| `metrics.image.tag` | Prometheus metrics exporter image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | Prometheus metrics image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Prometheus metrics image pull secrets | `[]` (does not add image pull secrets to deployed pods) | -| `metrics.flags` | Flags to be passed to Prometheus metrics | Check `values.yaml` file | -| `metrics.containerPort` | Prometheus metrics exporter port | `7777` | -| `metrics.resources` | Prometheus metrics exporter resource requests/limit | `{}` | -| `metrics.service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` | -| `metrics.service.port` | Prometheus metrics svc port | `7777` | -| `metrics.service.annotations` | Prometheus metrics exporter annotations | `prometheus.io/scrape: "true"`, `prometheus.io/port: "7777"` | -| `metrics.service.nodePort` | Kubernetes HTTP node port | `""` | -| `metrics.service.annotations` | Annotations for Prometheus metrics service | `Check values.yaml file` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `metrics.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `nil` | +| Name | Description | Value | +| ---------------------------------- | ------------------------------------------------------------------------------------------------------ | ----------------------- | +| `metrics.enabled` | Enable Prometheus metrics via exporter side-car | `false` | +| `metrics.image.registry` | Prometheus metrics exporter image registry | `docker.io` | +| `metrics.image.repository` | Prometheus metrics exporter image repository | `bitnami/nats-exporter` | +| `metrics.image.tag` | Prometheus metrics exporter image tag (immutable tags are recommended) | `0.8.0-debian-10-r10` | +| `metrics.image.pullPolicy` | Prometheus metrics image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Prometheus metrics image pull secrets | `[]` | +| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | +| `metrics.containerPort` | Prometheus metrics exporter port | `7777` | +| `metrics.flags` | Flags to be passed to Prometheus metrics | `[]` | +| `metrics.service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` | +| `metrics.service.port` | Prometheus metrics service port | `7777` | +| `metrics.service.loadBalancerIP` | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `nil` | +| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{}` | +| `metrics.service.labels` | Labels for Prometheus metrics service | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Specify a namespace if needed. Fallback to the Prometheus default unless specified | `nil` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + ### Other parameters -| Parameter | Description | Default | -|----------------------|----------------------------------------------------------------|---------| +| Name | Description | Value | +| -------------------- | -------------------------------------------------------------- | ------- | | `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | | `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | | `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash diff --git a/bitnami/nats/values.yaml b/bitnami/nats/values.yaml index 4192248b88..e7a05d1e57 100644 --- a/bitnami/nats/values.yaml +++ b/bitnami/nats/values.yaml @@ -1,14 +1,52 @@ +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array ## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## @section NATS parameters ## Bitnami NATS image version ## ref: https://hub.docker.com/r/bitnami/nats/tags/ +## @param image.registry NATS image registry +## @param image.repository NATS image repository +## @param image.tag NATS image tag (immutable tags are recommended) +## @param image.pullPolicy Image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io @@ -26,70 +64,59 @@ image: ## - myRegistryKeySecretName ## pullSecrets: [] - -## Force target Kubernetes version (using Helm capabilites if not set) -## -kubeVersion: - -## String to partially override common.names.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override common.names.fullname template -## -# fullnameOverride: - -## Add labels to all the deployed resources -## -commonLabels: {} - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - ## Client Authentication ## ref: https://github.com/nats-io/gnatsd#authentication +## @param auth.enabled Switch to enable/disable client authentication +## @param auth.user Client authentication user +## @param auth.password Client authentication password +## @param auth.token Client authentication token +## @param auth.timeout Client authentication timeout (seconds) ## auth: enabled: true user: nats_client - # password: - # token: + password: + token: timeout: 1 - ## Cluster Authentication ## ref: https://github.com/nats-io/gnatsd#authentication +## @param clusterAuth.enabled Switch to enable/disable cluster authentication +## @param clusterAuth.user Cluster authentication user +## @param clusterAuth.password Cluster authentication password +## @param clusterAuth.token Cluster authentication token ## clusterAuth: enabled: true user: nats_cluster - # password: - # token: - + password: + token: ## Logging parameters ## ref: https://github.com/nats-io/gnatsd#command-line-arguments +## @param debug.enabled Switch to enable/disable debug on logging +## @param debug.trace Switch to enable/disable trace debug level on logging +## @param debug.logtime Switch to enable/disable logtime on logging ## debug: enabled: false trace: false logtime: false - -## System overrides parameters -## ref: https://github.com/nats-io/gnatsd#configuration-file +## System override parameters +## ref: https://docs.nats.io/nats-server/configuration +## @param maxConnections Max. number of client connections +## @param maxControlLine Max. protocol control line +## @param maxPayload Max. payload +## @param writeDeadline Duration the server can block on a socket write to a client +## e.g: +## maxConnections: 100 +## maxControlLine: 512 +## maxPayload: 65536 +## writeDeadline: "2s" ## -# maxConnections: 100 -# maxControlLine: 512 -# maxPayload: 65536 -# writeDeadline: "2s" - +maxConnections: +maxControlLine: +maxPayload: +writeDeadline: +## @param natsFilename Filename used by several NATS files (binary, configurarion file, and pid file) ## Nats filenames: ## - For Nats 1.x.x version, some filenames (binary, configuration file, pid file) uses `gnatsd` as part of the name. ## - For Nats 2.x.x version, those filenames now uses `nats-server` @@ -97,104 +124,107 @@ debug: ## to specify the proper filename according to the image version. ## natsFilename: nats-server - -## Command and args for running the container (set to default if not set). Use array form +## @param command Override default container command (useful when using custom images) ## command: [] +## @param args Override default container args (useful when using custom images) +## args: [] - -## Deployment pod host aliases +## @param hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - -## Extra flags to be passed to NATS +## @param extraFlags Extra flags to be passed to NATS ## Example: ## extraFlags: ## tls.insecure-skip-tls-verify: "" ## web.telemetry-path: "/metrics" ## extraFlags: {} - -## An array to add extra env vars +## @param extraEnvVars Extra environment variables to be set on NATS container ## Example: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] - -## ConfigMap with extra environment variables +## @param extraEnvVarsCM ConfigMap with extra environment variables ## extraEnvVarsCM: - -## Secret with extra environment variables +## @param extraEnvVarsSecret Secret with extra environment variables ## extraEnvVarsSecret: -## NATS cluster resource type under Kubernetes. Allowed values: statefulset (default) or deployment +## @section NATS deployment/statefulset parameters + +## @param resourceType NATS cluster resource type under Kubernetes. Allowed values: `statefulset` (default) or `deployment` ## ref: ## - https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ ## - https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ ## resourceType: "statefulset" - -## Number of NATS replicas to deploy +## @param replicaCount Number of NATS nodes ## replicaCount: 1 - -## Use an alternate scheduler, e.g. "stork". +## @param schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## -# schedulerName: - -## Pod Priority Class +schedulerName: +## @param priorityClassName Name of pod priority class ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## -# priorityClassName: "" - +priorityClassName: ## Strategy to use to update Pods ## updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete + ## @param updateStrategy.type StrategyType. Can be set to RollingUpdate or OnDelete ## type: RollingUpdate - ## NATS pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param podSecurityContext [object] NATS pods' Security Context ## podSecurityContext: enabled: false - ## fsGroup: 1001 - ## - + fsGroup: ## NATS containers' SecurityContext ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param containerSecurityContext [object] NATS containers' Security Context ## containerSecurityContext: enabled: false - ## runAsUser: 1001 - ## runAsNonRoot: true - ## - + runAsUser: + runAsNonRoot: ## NATS resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the NATS container +## @param resources.requests The requested resources for the NATS container ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi limits: {} - # cpu: 200m - # memory: 256Mi + ## Examples: + ## requests: + ## cpu: 200m + ## memory: 256Mi requests: {} - # cpu: 200m - # memory: 256Mi - -## NATS containers' liveness and readiness probes. +## NATS containers' liveness probe. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.httpGet.path Request path for livenessProbe +## @param livenessProbe.httpGet.port Port for livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -206,6 +236,17 @@ livenessProbe: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.httpGet.path Request path for readinessProbe +## @param readinessProbe.httpGet.port Port for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## readinessProbe: httpGet: path: / @@ -216,84 +257,67 @@ readinessProbe: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 - -## Custom Liveness probes for NATS +## @param customLivenessProbe Override default liveness probe ## customLivenessProbe: {} - -## Custom Rediness probes NATS +## @param customReadinessProbe Override default readiness probe ## customReadinessProbe: {} - -## Pod extra labels +## @param podLabels Extra labels for NATS pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} - -## Annotations for server pods. +## @param podAnnotations Annotations for NATS pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - -## Pod affinity preset +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard ## podAffinityPreset: "" - -## Pod anti-affinity preset +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" - ## Node label key to match + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" - ## Node label values to match + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - -## Affinity for pod assignment. Evaluated as a template. +## @param affinity Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} - -## Node labels for pod assignment. Evaluated as a template. +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. +## @param tolerations Tolerations for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - -## Extra volumes to add to the deployment +## @param extraVolumes Optionally specify extra list of additional volumes for NATS pods ## extraVolumes: [] - -## Extra volume mounts to add to the container +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for NATS container(s) ## extraVolumeMounts: [] - -## Add init containers to the NATS pods. +## @param initContainers Add additional init containers to the NATS pods ## Example: ## initContainers: ## - name: your-image-name @@ -304,8 +328,7 @@ extraVolumeMounts: [] ## containerPort: 1234 ## initContainers: {} - -## Add sidecars to the NATS pods. +## @param sidecars Add additional sidecar containers to the NATS pods ## Example: ## sidecars: ## - name: your-image-name @@ -317,131 +340,124 @@ initContainers: {} ## sidecars: {} +## @section Traffic Exposure parameters + ## NATS svc used for client connections ## ref: https://github.com/nats-io/gnatsd#running ## client: service: - ## Kubernetes service type + ## @param client.service.type Kubernetes Service type (NATS client) ## type: ClusterIP + ## @param client.service.port NATS client port + ## port: 4222 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## @param client.service.nodePort Port to bind to for the LoadBalancer and NodePort service type (NATS client) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. + nodePort: + ## @param client.service.annotations Annotations for NATS client service + ## This can be used to set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} - ## Use loadBalancerIP to request a specific static IP, - ## otherwise leave blank + ## @param client.service.loadBalancerIP loadBalancerIP if NATS client service type is `LoadBalancer`, otherwise leave blank ## - # loadBalancerIP: - + loadBalancerIP: ## Kubernetes svc used for clustering ## ref: https://github.com/nats-io/gnatsd#clustering ## cluster: - ## Use connectRetries to configure number of connect retries for implicit routes, - ## otherwise leave blank + ## @param cluster.connectRetries Configure number of connect retries for implicit routes, otherwise leave blank ## - # connectRetries: + connectRetries: service: - ## Kubernetes service type + ## @param cluster.service.type Kubernetes Service type (NATS cluster) ## type: ClusterIP + ## @param cluster.service.port NATS cluster port + ## port: 6222 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## @param cluster.service.nodePort Port to bind to for NodePort service type (NATS cluster) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to + nodePort: + ## @param cluster.service.annotations Annotations for NATS cluster service ## set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} - ## Use loadBalancerIP to request a specific static IP, + ## @param cluster.service.loadBalancerIP loadBalancerIP if NATS cluster service type is `LoadBalancer` ## otherwise leave blank ## - # loadBalancerIP: - + loadBalancerIP: ## NATS svc used for monitoring ## ref: https://github.com/nats-io/gnatsd#monitoring ## monitoring: service: - ## Kubernetes service type + ## @param monitoring.service.type Kubernetes Service type (NATS monitoring) ## type: ClusterIP + ## @param monitoring.service.port NATS monitoring port + ## port: 8222 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## @param monitoring.service.nodePort Port to bind to for NodePort service type (NATS monitoring) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. + nodePort: + ## @param monitoring.service.annotations Annotations for NATS monitoring service + ## This can be used to set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} - ## Use loadBalancerIP to request a specific static IP, - ## otherwise leave blank + ## @param monitoring.service.loadBalancerIP Use loadBalancerIP to request a specific static IP, otherwise leave blank ## loadBalancerIP: - ## Configure the ingress resource that allows you to access the ## NATS installation. Set up the URL ## ref: http://kubernetes.io/docs/user-guide/ingress/ ## ingress: - ## Set to true to enable ingress record generation + ## @param ingress.enabled Set to true to enable ingress record generation ## enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager + ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager ## certManager: false - - ## Ingress Path type + ## @param ingress.pathType Ingress Path type ## pathType: ImplementationSpecific - - ## Override API Version (automatically detected if not set) + ## @param ingress.apiVersion Override API Version (automatically detected if not set) ## apiVersion: - - ## When the ingress is enabled, a host pointing to this will be created + ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created ## hostname: nats.local - - ## The Path to NATS. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. + ## @param ingress.path The Path to NATS. You may need to set this to '/*' in order to use this with ALB ingress controllers. ## path: / - - ## Ingress annotations done as key:value pairs + ## @param ingress.annotations Ingress annotations ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set ## annotations: {} - - ## Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false - - ## The list of additional hostnames to be covered with this ingress record. + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: nats.local ## path: / ## - - ## Any additional arbitrary paths that may need to be added to the ingress under the main host. + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* @@ -449,16 +465,16 @@ ingress: ## serviceName: ssl-redirect ## servicePort: use-annotation ## - - ## The tls configuration for additional hostnames to be covered with this ingress record. + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - nats.local ## secretName: nats.local-tls ## - - ## If you're providing your own certificates, please use this to add the certificates as secrets + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## @@ -467,27 +483,25 @@ ingress: ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information - ## - secrets: [] + ## e.g: ## - name: nats.local-tls ## key: ## certificate: ## - + secrets: [] ## Network Policy configuration ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: - ## Enable creation of NetworkPolicy resources + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## enabled: false - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the ports Keycloak is listening - ## on. When true, Keycloak will accept connections from any source - ## (with the correct destination port). + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports Keycloak is + ## listening on. When true, Keycloak will accept connections from any source (with the correct destination port). ## allowExternal: true - ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. + ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. ## Example: ## additionalRules: ## - matchLabels: @@ -500,24 +514,21 @@ networkPolicy: ## additionalRules: {} -## NATS Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - create: false - ## Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## Max number of pods that can be unavailable after the eviction - ## - # maxUnavailable: 1 +## @section Metrics parameters ## Metrics / Prometheus NATS Exporter -## ## ref: https://github.com/nats-io/prometheus-nats-exporter ## metrics: + ## @param metrics.enabled Enable Prometheus metrics via exporter side-car + ## enabled: false + ## @param metrics.image.registry Prometheus metrics exporter image registry + ## @param metrics.image.repository Prometheus metrics exporter image repository + ## @param metrics.image.tag Prometheus metrics exporter image tag (immutable tags are recommended) + ## @param metrics.image.pullPolicy Prometheus metrics image pull policy + ## @param metrics.image.pullSecrets Prometheus metrics image pull secrets + ## image: registry: docker.io repository: bitnami/nats-exporter @@ -526,17 +537,19 @@ metrics: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - ## Metrics exporter resource requests and limits + pullSecrets: [] + ## @param metrics.resources Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} - ## Metrics exporter port + ## @param metrics.containerPort Prometheus metrics exporter port ## containerPort: 7777 - ## Metrics exporter flags + ## @param metrics.flags [array] Flags to be passed to Prometheus metrics ## flags: - -connz @@ -546,26 +559,56 @@ metrics: ## Metrics service configuration ## service: + ## @param metrics.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) + ## type: ClusterIP + ## @param metrics.service.port Prometheus metrics service port + ## port: 7777 - ## Use serviceLoadBalancerIP to request a specific static IP, - ## otherwise leave blank - # loadBalancerIP: + ## @param metrics.service.loadBalancerIP Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank + loadBalancerIP: + ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service + ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.service.port }}" + ## @param metrics.service.labels Labels for Prometheus metrics service + ## labels: {} ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## enabled: false - ## Specify a namespace if needed - # namespace: monitoring - # fallback to the prometheus default unless specified - # interval: 10s + ## @param metrics.serviceMonitor.namespace Specify a namespace if needed. Fallback to the Prometheus default unless specified + ## + namespace: + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## e.g: + ## interval: 10s + ## + interval: + ## @param metrics.serviceMonitor.selector [object] Prometheus instance selector labels ## Defaults to what's used if you follow CoreOS [Prometheus Install Instructions](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#tldr) ## [Prometheus Selector Label](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-operator-1) ## [Kube Prometheus Selector Label](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#exporters) ## selector: prometheus: kube-prometheus + +## @section Other parameters + +## NATS Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + maxUnavailable: diff --git a/bitnami/nginx/Chart.yaml b/bitnami/nginx/Chart.yaml index 51b322b3a6..7b6bfde4a8 100644 --- a/bitnami/nginx/Chart.yaml +++ b/bitnami/nginx/Chart.yaml @@ -25,4 +25,4 @@ name: nginx sources: - https://github.com/bitnami/bitnami-docker-nginx - http://www.nginx.org -version: 9.3.6 +version: 9.3.7 diff --git a/bitnami/nginx/README.md b/bitnami/nginx/README.md index 76487957e3..8924241b52 100644 --- a/bitnami/nginx/README.md +++ b/bitnami/nginx/README.md @@ -47,196 +47,221 @@ The command removes all the Kubernetes components associated with the chart and ## Parameters -The following tables lists the configurable parameters of the NGINX chart and their default values per section/component: - ### Global parameters -| Parameter | Description | Default | -|---------------------------|-------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | + ### Common parameters -| Parameter | Description | Default | -|----------------------|----------------------------------------------------------------------|--------------------------------| -| `nameOverride` | String to partially override nginx.fullname | `nil` | -| `fullnameOverride` | String to fully override nginx.fullname | `nil` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` (evaluated as a template) | -| `pdb.create` | Created a PodDisruptionBudget | `false` | -| `pdb.minAvailable` | Set PDB minAvailable value | `1` | -| `pdb.maxUnavailable` | Set PDB maxUnavailable value | `nil` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| Name | Description | Value | +| ------------------- | ------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override nginx.fullname template (will maintain the release name) | `nil` | +| `fullnameOverride` | String to fully override nginx.fullname template | `nil` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Extra objects to deploy (value evaluated as a template) | `[]` | +| `commonLabels` | Add labels to all the deployed resources | `{}` | +| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | + ### NGINX parameters -| Parameter | Description | Default | -|----------------------|----------------------------------------------------------------------|---------------------------------------------------------| -| `image.registry` | NGINX image registry | `docker.io` | -| `image.repository` | NGINX image name | `bitnami/nginx` | -| `image.tag` | NGINX image tag | `{TAG_NAME}` | -| `image.pullPolicy` | NGINX image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `image.debug` | Set to true if you would like to see extra information on logs | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `command` | Override default container command (useful when using custom images) | `nil` | -| `args` | Override default container args (useful when using custom images) | `nil` | -| `extraEnvVars` | Extra environment variables to be set on NGINX containers | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | +| Name | Description | Value | +| -------------------- | -------------------------------------------------------------------- | --------------------- | +| `image.registry` | NGINX image registry | `docker.io` | +| `image.repository` | NGINX image repository | `bitnami/nginx` | +| `image.tag` | NGINX image tag (immutable tags are recommended) | `1.21.1-debian-10-r0` | +| `image.pullPolicy` | NGINX image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Set to true if you would like to see extra information on logs | `false` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `command` | Override default container command (useful when using custom images) | `nil` | +| `args` | Override default container args (useful when using custom images) | `nil` | +| `extraEnvVars` | Extra environment variables to be set on NGINX containers | `[]` | +| `extraEnvVarsCM` | ConfigMap with extra environment variables | `nil` | +| `extraEnvVarsSecret` | Secret with extra environment variables | `nil` | + ### NGINX deployment parameters -| Parameter | Description | Default | -|------------------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------| -| `replicaCount` | Number of NGINX replicas to deploy | `1` | -| `strategyType` | Deployment Strategy Type | `RollingUpdate` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | -| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | -| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | -| `priorityClassName` | Priority class name for pod | `""` | -| `podLabels` | Additional labels for NGINX pods | `{}` (evaluated as a template) | -| `podAnnotations` | Annotations for NGINX pods | `{}` (evaluated as a template) | -| `podSecurityContext` | NGINX pods' Security Context | Check `values.yaml` file | -| `containerSecurityContext` | NGINX containers' Security Context | Check `values.yaml` file | -| `containerPorts.http` | Sets http port inside NGINX container | `8080` | -| `containerPorts.https` | Sets https port inside NGINX container | `nil` | -| `resources.limits` | The resources limits for the NGINX container | `{}` | -| `resources.requests` | The requested resources for the NGINX container | `{}` | -| `livenessProbe` | Liveness probe configuration for NGINX | Check `values.yaml` file | -| `readinessProbe` | Readiness probe configuration for NGINX | Check `values.yaml` file | -| `customLivenessProbe` | Override default liveness probe | `nil` | -| `customReadinessProbe` | Override default readiness probe | `nil` | -| `autoscaling.enabled` | Enable autoscaling for NGINX deployment | `false` | -| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `nil` | -| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `nil` | -| `autoscaling.targetCPU` | Target CPU utilization percentage | `nil` | -| `autoscaling.targetMemory` | Target Memory utilization percentage | `nil` | -| `extraVolumes` | Array to add extra volumes | `[]` (evaluated as a template) | -| `extraVolumeMounts` | Array to add extra mount | `[]` (evaluated as a template) | -| `sidecars` | Attach additional containers to nginx pods | `nil` | -| `initContainers` | Additional init containers (this value is evaluated as a template) | `[]` | -| `serviceAccount.create` | Enable creation of ServiceAccount for nginx pod | `false` | -| `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | Generated using the `common.names.fullname` template | -| `serviceAccount.annotations` | Annotations for service account. | `{}` | +| Name | Description | Value | +| --------------------------------------- | ----------------------------------------------------------------------------------------- | ------- | +| `replicaCount` | Number of NGINX replicas to deploy | `1` | +| `podLabels` | Additional labels for NGINX pods | `{}` | +| `podAnnotations` | Annotations for NGINX pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `{}` | +| `priorityClassName` | Priority class name | `""` | +| `podSecurityContext.enabled` | Enabled NGINX pods' Security Context | `false` | +| `podSecurityContext.fsGroup` | Set NGINX pod's Security Context fsGroup | `1001` | +| `podSecurityContext.sysctls` | sysctl settings of the NGINX pods | `[]` | +| `containerSecurityContext.enabled` | Enabled NGINX Core containers' Security Context | `false` | +| `containerSecurityContext.runAsUser` | Set NGINX Core container's Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set NGINX Core container's Security Context runAsNonRoot | `true` | +| `containerPorts.http` | Sets http port inside NGINX container | `8080` | +| `containerPorts.https` | Sets https port inside NGINX container | `nil` | +| `resources.limits` | The resources limits for the NGINX container | `{}` | +| `resources.requests` | The requested resources for the NGINX container | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `autoscaling.enabled` | Enable autoscaling for NGINX deployment | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `nil` | +| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `nil` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `nil` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `nil` | +| `extraVolumes` | Array to add extra volumes | `[]` | +| `extraVolumeMounts` | Array to add extra mount | `[]` | +| `serviceAccount.create` | Enable creation of ServiceAccount for nginx pod | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `nil` | +| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. | `{}` | +| `sidecars` | Sidecar parameters | `nil` | +| `initContainers` | Extra init containers | `nil` | +| `pdb.create` | Created a PodDisruptionBudget | `false` | +| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `1` | + ### Custom NGINX application parameters -| Parameter | Description | Default | -|--------------------------------------------|-------------------------------------------------------------|---------------------------------------------------------| -| `cloneStaticSiteFromGit.enabled` | Get the server static content from a GIT repository | `false` | -| `cloneStaticSiteFromGit.image.registry` | GIT image registry | `docker.io` | -| `cloneStaticSiteFromGit.image.repository` | GIT image name | `bitnami/git` | -| `cloneStaticSiteFromGit.image.tag` | GIT image tag | `{TAG_NAME}` | -| `cloneStaticSiteFromGit.image.pullPolicy` | GIT image pull policy | `Always` | -| `cloneStaticSiteFromGit.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `cloneStaticSiteFromGit.repository` | GIT Repository to clone | `nil` | -| `cloneStaticSiteFromGit.branch` | GIT revision to checkout | `nil` | -| `cloneStaticSiteFromGit.interval` | Interval for sidecar container pull from the GIT repository | `60` | -| `cloneStaticSiteFromGit.extraEnvVars` | Extra environment variables to be set on GIT containers | `[]` | -| `cloneStaticSiteFromGit.extraVolumeMounts` | Add extra volume mounts for the GIT containers | `[]` | -| `cloneStaticSiteFromGit.gitClone.command` | Override default container command for git-clone-repository | `[]` | -| `cloneStaticSiteFromGit.gitClone.args` | Override default container args for git-clone-repository | `[]` | -| `cloneStaticSiteFromGit.gitSync.command` | Override default container command for git-repo-syncer | `[]` | -| `cloneStaticSiteFromGit.gitSync.args` | Override default container args for git-repo-syncer | `[]` | -| `serverBlock` | Custom NGINX server block | `nil` | -| `existingServerBlockConfigmap` | Name of existing PVC with custom NGINX server block | `nil` | -| `staticSiteConfigmap` | Name of existing ConfigMap with the server static content | `nil` | -| `staticSitePVC` | Name of existing PVC with the server static content | `nil` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------- | ---------------------- | +| `cloneStaticSiteFromGit.enabled` | Get the server static content from a Git repository | `false` | +| `cloneStaticSiteFromGit.image.registry` | Git image registry | `docker.io` | +| `cloneStaticSiteFromGit.image.repository` | Git image repository | `bitnami/git` | +| `cloneStaticSiteFromGit.image.tag` | Git image tag (immutable tags are recommended) | `2.32.0-debian-10-r25` | +| `cloneStaticSiteFromGit.image.pullPolicy` | Git image pull policy | `IfNotPresent` | +| `cloneStaticSiteFromGit.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `cloneStaticSiteFromGit.repository` | Git Repository to clone static content from | `nil` | +| `cloneStaticSiteFromGit.branch` | Git branch to checkout | `nil` | +| `cloneStaticSiteFromGit.interval` | Interval for sidecar container pull from the Git repository | `60` | +| `cloneStaticSiteFromGit.gitClone.command` | Override default container command for git-clone-repository | `[]` | +| `cloneStaticSiteFromGit.gitClone.args` | Override default container args for git-clone-repository | `nil` | +| `cloneStaticSiteFromGit.gitSync.command` | Override default container command for git-repo-syncer | `[]` | +| `cloneStaticSiteFromGit.gitSync.args` | Override default container args for git-repo-syncer | `[]` | +| `cloneStaticSiteFromGit.extraEnvVars` | Additional environment variables to set for the in the containers that clone static site from git | `[]` | +| `cloneStaticSiteFromGit.extraVolumeMounts` | Add extra volume mounts for the Git containers | `[]` | +| `serverBlock` | Custom server block to be added to NGINX configuration | `""` | +| `existingServerBlockConfigmap` | ConfigMap with custom server block to be added to NGINX configuration | `nil` | +| `staticSiteConfigmap` | Name of existing ConfigMap with the server static site content | `nil` | +| `staticSitePVC` | Name of existing PVC with the server static site content | `nil` | + ### LDAP parameters -| Parameter | Description | Default | -|---------------------------------------------|------------------------------------------------------------------------------------------|----------------------------------| -| `ldapDaemon.enabled` | Enable LDAP Auth Daemon proxy | `false` | -| `ldapDaemon.image.registry` | LDAP AUth Daemon Image registry | `docker.io` | -| `ldapDaemon.image.repository` | LDAP Auth Daemon Image name | `bitnami/nginx-ldap-auth-daemon` | -| `ldapDaemon.image.tag` | LDAP Auth Daemon Image tag | `{TAG_NAME}` | -| `ldapDaemon.image.pullPolicy` | LDAP Auth Daemon Image pull policy | `IfNotPresent` | -| `ldapDaemon.port` | LDAP Auth Daemon port | `8888` | -| `ldapDaemon.ldapConfig.uri` | LDAP Server URI, `ldap[s]:/:` | `""` | -| `ldapDaemon.ldapConfig.baseDN` | LDAP root DN to begin the search for the user | `""` | -| `ldapDaemon.ldapConfig.bindDN` | DN of user to bind to LDAP | `""` | -| `ldapDaemon.ldapConfig.bindPassword` | Password for the user to bind to LDAP | `""` | -| `ldapDaemon.ldapConfig.filter` | LDAP search filter for search+bind authentication | `""` | -| `ldapDaemon.ldapConfig.httpRealm` | LDAP HTTP auth realm | `""` | -| `ldapDaemon.ldapConfig.httpCookieName` | HTTP cookie name to be used in LDAP Auth | `""` | -| `ldapDaemon.nginxServerBlock` | NGINX server block that configures LDAP communication. Overrides `ldapDaemon.ldapConfig` | See `values.yaml` | -| `ldapDaemon.existingNginxServerBlockSecret` | Name of existing Secret with a NGINX server block to use for LDAP communication | `nil` | -| `ldapDaemon.livenessProbe` | LDAP Auth Daemon Liveness Probe | See `values.yaml` | -| `ldapDaemon.readinessProbe` | LDAP Auth Daemon Readiness Probe | See `values.yaml` | +| Name | Description | Value | +| ----------------------------------------------- | ---------------------------------------------------------------------------------------- | -------------------------------- | +| `ldapDaemon.enabled` | Enable LDAP Auth Daemon proxy | `false` | +| `ldapDaemon.image.registry` | LDAP AUth Daemon Image registry | `docker.io` | +| `ldapDaemon.image.repository` | LDAP Auth Daemon Image repository | `bitnami/nginx-ldap-auth-daemon` | +| `ldapDaemon.image.tag` | LDAP Auth Daemon Image tag (immutable tags are recommended) | `0.20200116.0-debian-10-r387` | +| `ldapDaemon.image.pullPolicy` | LDAP Auth Daemon Image pull policy | `IfNotPresent` | +| `ldapDaemon.port` | LDAP Auth Daemon port | `8888` | +| `ldapDaemon.ldapConfig.uri` | LDAP Server URI, `ldap[s]:/:` | `""` | +| `ldapDaemon.ldapConfig.baseDN` | LDAP root DN to begin the search for the user | `""` | +| `ldapDaemon.ldapConfig.bindDN` | DN of user to bind to LDAP | `""` | +| `ldapDaemon.ldapConfig.bindPassword` | Password for the user to bind to LDAP | `""` | +| `ldapDaemon.ldapConfig.filter` | LDAP search filter for search | `""` | +| `ldapDaemon.ldapConfig.httpRealm` | LDAP HTTP auth realm | `""` | +| `ldapDaemon.ldapConfig.httpCookieName` | HTTP cookie name to be used in LDAP Auth | `""` | +| `ldapDaemon.nginxServerBlock` | NGINX server block that configures LDAP communication. Overrides `ldapDaemon.ldapConfig` | `""` | +| `ldapDaemon.existingNginxServerBlockSecret` | Name of existing Secret with a NGINX server block to use for LDAP communication | `nil` | +| `ldapDaemon.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `ldapDaemon.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `ldapDaemon.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `ldapDaemon.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `ldapDaemon.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `ldapDaemon.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `ldapDaemon.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `ldapDaemon.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `ldapDaemon.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `ldapDaemon.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `ldapDaemon.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `ldapDaemon.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `ldapDaemon.customLivenessProbe` | Custom Liveness probe | `{}` | +| `ldapDaemon.customReadinessProbe` | Custom Rediness probe | `{}` | -### Exposure parameters -| Parameter | Description | Default | -|----------------------------------|-----------------------------------------------------------------------------------------|--------------------------------| -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.nodePorts.http` | Kubernetes http node port | `""` | -| `service.nodePorts.https` | Kubernetes https node port | `""` | -| `service.targetPort.http` | Kubernetes http targetPort | `http` | -| `service.targetPort.https` | Kubernetes https targetPort | `https` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | -| `service.annotations` | Service annotations | `{}` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.hostname` | Default host for the ingress resource | `nginx.local` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `` | -| `ingress.path` | Ingress path | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.tls` | Create TLS Secret | `false` | -| `ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) | -| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` | -| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` | -| `ingress.extraPaths` | Additional arbitrary path/backend objects | `nil` | -| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | -| `healthIngress.enabled` | Enable healthIngress controller resource | `false` | -| `healthIngress.certManager` | Add annotations for cert-manager | `false` | -| `healthIngress.hostname` | Default host for the healthIngress resource | `example.local` | -| `healthIngress.path` | Ingress path | `/` | -| `healthIngress.pathType` | Ingress path type | `ImplementationSpecific` | -| `healthIngress.tls` | Enable TLS configuration for the hostname defined at `healthIngress.hostname` parameter | `false` | -| `healthIngress.annotations` | Ingress annotations | `[]` | -| `healthIngress.extraHosts` | Additional hostnames to be covered | `[]` | -| `healthIngress.extraTls` | TLS configuration for additional hostnames to be covered | `[]` | -| `healthIngress.secrets` | TLS Secret configuration | `[]` | +### Traffic Exposure parameters + +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ | +| `service.type` | Service type | `LoadBalancer` | +| `service.port` | Service HTTP port | `80` | +| `service.httpsPort` | Service HTTPS port | `443` | +| `service.nodePorts` | Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. | `{}` | +| `service.targetPort` | Target port reference value for the Loadbalancer service types can be specified explicitly. | `{}` | +| `service.loadBalancerIP` | LoadBalancer service IP address | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `nil` | +| `ingress.hostname` | Default host for the ingress resource | `nginx.local` | +| `ingress.path` | The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `ImplementationSpecific` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.tls` | Create TLS Secret | `false` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `healthIngress.enabled` | Set to true to enable health ingress record generation | `false` | +| `healthIngress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | +| `healthIngress.pathType` | Ingress path type | `ImplementationSpecific` | +| `healthIngress.hostname` | When the health ingress is enabled, a host pointing to this will be created | `example.local` | +| `healthIngress.annotations` | Health Ingress annotations | `{}` | +| `healthIngress.tls` | Enable TLS configuration for the hostname defined at `healthIngress.hostname` parameter | `false` | +| `healthIngress.extraHosts` | The list of additional hostnames to be covered with this health ingress record | `[]` | +| `healthIngress.extraTls` | TLS configuration for additional hostnames to be covered | `[]` | +| `healthIngress.secrets` | TLS Secret configuration | `[]` | + ### Metrics parameters -| Parameter | Description | Default | -|----------------------------------------|---------------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `metrics.enabled` | Start a Prometheus exporter sidecar container | `false` | -| `metrics.port` | NGINX Container Status Port scraped by Prometheus Exporter | `8080` | -| `metrics.image.registry` | NGINX Prometheus exporter image registry | `docker.io` | -| `metrics.image.repository` | NGINX Prometheus exporter image name | `bitnami/nginx-exporter` | -| `metrics.image.tag` | NGINX Prometheus exporter image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | NGINX Prometheus exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `metrics.podAnnotations` | Additional annotations for NGINX Prometheus exporter pod(s) | `{}` | -| `metrics.resources.limits` | The resources limits for the NGINX Prometheus exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the NGINX Prometheus exporter container | `{}` | -| `metrics.securityContext` | NGINX Prometheus exporter containers' Security Context | Check `values.yaml` file | -| `metrics.service.port` | NGINX Prometheus exporter service port | `9113` | -| `metrics.service.annotations` | Annotations for Jenkins Prometheus exporter service | `{prometheus.io/scrape: "true", prometheus.io/port: "9113"}` | -| `metrics.serviceMonitor.enabled` | Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `nil` | +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------------- | ------------------------ | +| `metrics.enabled` | Start a Prometheus exporter sidecar container | `false` | +| `metrics.port` | NGINX Container Status Port scraped by Prometheus Exporter | `nil` | +| `metrics.image.registry` | NGINX Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | NGINX Prometheus exporter image repository | `bitnami/nginx-exporter` | +| `metrics.image.tag` | NGINX Prometheus exporter image tag (immutable tags are recommended) | `0.9.0-debian-10-r93` | +| `metrics.image.pullPolicy` | NGINX Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.podAnnotations` | Additional annotations for NGINX Prometheus exporter pod(s) | `{}` | +| `metrics.securityContext.enabled` | Enabled NGINX Exporter containers' Security Context | `false` | +| `metrics.securityContext.runAsUser` | Set NGINX Exporter container's Security Context runAsUser | `1001` | +| `metrics.service.port` | NGINX Prometheus exporter service port | `9113` | +| `metrics.service.annotations` | Annotations for the Prometheus exporter service | `{}` | +| `metrics.resources.limits` | The resources limits for the NGINX Prometheus exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the NGINX Prometheus exporter container | `{}` | +| `metrics.serviceMonitor.enabled` | Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/bitnami/nginx/values.yaml b/bitnami/nginx/values.yaml index 4179da9372..c9a713659b 100644 --- a/bitnami/nginx/values.yaml +++ b/bitnami/nginx/values.yaml @@ -1,14 +1,53 @@ +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array ## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + +## @section Common parameters + +## @param nameOverride String to partially override nginx.fullname template (will maintain the release name) +## +nameOverride: +## @param fullnameOverride String to fully override nginx.fullname template +## +fullnameOverride: +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} + +## @section NGINX parameters ## Bitnami NGINX image version ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ +## @param image.registry NGINX image registry +## @param image.repository NGINX image repository +## @param image.tag NGINX image tag (immutable tags are recommended) +## @param image.pullPolicy NGINX image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs ## image: registry: docker.io @@ -30,68 +69,255 @@ image: ## Set to true if you would like to see extra information on logs ## debug: false - -## String to partially override nginx.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override nginx.fullname template -## -# fullnameOverride: - -## Force target Kubernetes version (using Helm capabilites if not set) -## -kubeVersion: - -## Deployment pod host aliases +## @param hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Add labels to all the deployed resources -## -commonLabels: {} - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - ## Command and args for running the container (set to default if not set). Use array form +## @param command Override default container command (useful when using custom images) +## @param args Override default container args (useful when using custom images) ## -# command: -# args: - -## Additional environment variables to set +command: +args: +## @param extraEnvVars Extra environment variables to be set on NGINX containers ## E.g: ## extraEnvVars: ## - name: FOO ## value: BAR ## extraEnvVars: [] - -## ConfigMap with extra environment variables +## @param extraEnvVarsCM ConfigMap with extra environment variables ## -# extraEnvVarsCM: - -## Secret with extra environment variables +extraEnvVarsCM: +## @param extraEnvVarsSecret Secret with extra environment variables ## -# extraEnvVarsSecret: +extraEnvVarsSecret: + +## @section NGINX deployment parameters + +## @param replicaCount Number of NGINX replicas to deploy +## +replicaCount: 1 +## @param podLabels Additional labels for NGINX pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for NGINX pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: {} +## @param priorityClassName Priority class name +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +## +priorityClassName: "" +## NGINX pods' Security Context. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled NGINX pods' Security Context +## @param podSecurityContext.fsGroup Set NGINX pod's Security Context fsGroup +## @param podSecurityContext.sysctls sysctl settings of the NGINX pods +## +podSecurityContext: + enabled: false + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] +## NGINX Core containers' Security Context (only main container). +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled NGINX Core containers' Security Context +## @param containerSecurityContext.runAsUser Set NGINX Core container's Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set NGINX Core container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true +## Configures the ports NGINX listens on +## @param containerPorts.http Sets http port inside NGINX container +## @param containerPorts.https Sets https port inside NGINX container +## +containerPorts: + http: 8080 + https: +## NGINX containers' resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the NGINX container +## @param resources.requests The requested resources for the NGINX container +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} +## NGINX containers' liveness probe. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 5 + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 +## NGINX containers' readiness probe. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + timeoutSeconds: 3 + periodSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## Autoscaling parameters +## @param autoscaling.enabled Enable autoscaling for NGINX deployment +## @param autoscaling.minReplicas Minimum number of replicas to scale back +## @param autoscaling.maxReplicas Maximum number of replicas to scale out +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: + maxReplicas: + targetCPU: + targetMemory: +## @param extraVolumes Array to add extra volumes +## +extraVolumes: [] +## @param extraVolumeMounts Array to add extra mount +## +extraVolumeMounts: [] +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for nginx pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the `common.names.fullname` template + name: + ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. + ## Only used if `create` is `true`. + ## + annotations: {} +## @param sidecars Sidecar parameters +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: +## @param initContainers Extra init containers +## +initContainers: +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Created a PodDisruptionBudget + ## + create: false + ## @param pdb.minAvailable Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction + ## + maxUnavailable: 1 + +## @section Custom NGINX application parameters ## Get the server static content from a git repository ## NOTE: This will override staticSiteConfigmap and staticSitePVC ## cloneStaticSiteFromGit: + ## @param cloneStaticSiteFromGit.enabled Get the server static content from a Git repository + ## enabled: false ## Bitnami Git image version ## ref: https://hub.docker.com/r/bitnami/git/tags/ + ## @param cloneStaticSiteFromGit.image.registry Git image registry + ## @param cloneStaticSiteFromGit.image.repository Git image repository + ## @param cloneStaticSiteFromGit.image.tag Git image tag (immutable tags are recommended) + ## @param cloneStaticSiteFromGit.image.pullPolicy Git image pull policy + ## @param cloneStaticSiteFromGit.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io @@ -105,45 +331,46 @@ cloneStaticSiteFromGit: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - ## Repository to clone static content from + pullSecrets: [] + ## @param cloneStaticSiteFromGit.repository Git Repository to clone static content from ## - # repository: - ## Branch inside the git repository + repository: + ## @param cloneStaticSiteFromGit.branch Git branch to checkout ## - # branch: - ## Interval for sidecar container pull from the repository + branch: + ## @param cloneStaticSiteFromGit.interval Interval for sidecar container pull from the Git repository ## interval: 60 ## Additional configuration for git-clone-repository initContainer ## gitClone: - ## Override container command + ## @param cloneStaticSiteFromGit.gitClone.command Override default container command for git-clone-repository ## command: [] - ## Override container args + ## @param cloneStaticSiteFromGit.gitClone.args Override default container args for git-clone-repository ## args: ## Additional configuration for the git-repo-syncer container ## gitSync: - ## Override container command + ## @param cloneStaticSiteFromGit.gitSync.command Override default container command for git-repo-syncer ## command: [] - ## Override container args + ## @param cloneStaticSiteFromGit.gitSync.args Override default container args for git-repo-syncer ## args: [] - - ## Additional environment variables to set for the in the containers that clone static site from git + ## @param cloneStaticSiteFromGit.extraEnvVars Additional environment variables to set for the in the containers that clone static site from git ## E.g: ## extraEnvVars: ## - name: FOO ## value: BAR ## extraEnvVars: [] - ## Add extra volume mounts for the GIT containers + ## @param cloneStaticSiteFromGit.extraVolumeMounts Add extra volume mounts for the Git containers ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) ## E.g: ## extraVolumeMounts: @@ -151,8 +378,7 @@ cloneStaticSiteFromGit: ## mountPath: /root/.ssh/ ## extraVolumeMounts: [] - -## Custom server block to be added to NGINX configuration +## @param serverBlock Custom server block to be added to NGINX configuration ## PHP-FPM example server block: ## serverBlock: |- ## server { @@ -168,261 +394,43 @@ cloneStaticSiteFromGit: ## } ## } ## -# serverBlock: - -## ConfigMap with custom server block to be added to NGINX configuration +serverBlock: "" +## @param existingServerBlockConfigmap ConfigMap with custom server block to be added to NGINX configuration ## NOTE: This will override serverBlock ## -# existingServerBlockConfigmap: - -## Name of existing ConfigMap with the server static site content +existingServerBlockConfigmap: +## @param staticSiteConfigmap Name of existing ConfigMap with the server static site content ## -# staticSiteConfigmap - -## Name of existing PVC with the server static site content +staticSiteConfigmap: +## @param staticSitePVC Name of existing PVC with the server static site content ## NOTE: This will override staticSiteConfigmap ## -# staticSitePVC +staticSitePVC: -## Number of replicas to deploy -## -replicaCount: 1 - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: {} - -## Priority class name -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -## -priorityClassName: "" - -## NGINX pods' Security Context. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] - -## NGINX Core containers' Security Context (only main container). -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## -containerSecurityContext: - enabled: false - runAsUser: 1001 - runAsNonRoot: true - -## Configures the ports NGINX listens on -## -containerPorts: - http: 8080 - # https: 8443 - -## NGINX containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 100m - # memory: 128Mi - requests: {} - # cpu: 100m - # memory: 128Mi - -## NGINX containers' liveness and readiness probes. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 5 - periodSeconds: 10 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 5 - timeoutSeconds: 3 - periodSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - -## Custom Liveness probe -## -customLivenessProbe: {} - -## Custom Rediness probe -## -customReadinessProbe: {} - -## Autoscaling parameters -## -autoscaling: - enabled: false - # minReplicas: 1 - # maxReplicas: 10 - # targetCPU: 50 - # targetMemory: 50 - -## Array to add extra volumes (evaluated as a template) -## -extraVolumes: [] - -## Array to add extra mounts (normally used with extraVolumes, evaluated as a template) -## -extraVolumeMounts: [] - -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## Specifies whether a ServiceAccount should be created - ## - create: false - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the `common.names.fullname` template - # name: - - ## Annotations for service account. Evaluated as a template. - ## Only used if `create` is `true`. - ## - annotations: {} - -## NGINX Service properties -## -service: - ## Service type - ## - type: LoadBalancer - - ## HTTP Port - ## - port: 80 - - ## HTTPS Port - ## - httpsPort: 443 - - ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - http: "" - https: "" - - ## Target port reference value for the Loadbalancer service types can be specified explicitly. - ## Listeners for the Loadbalancer can be custom mapped to the http or https service. - ## Example: Mapping the https listener to targetPort http [http: https] - ## - targetPort: - http: http - https: https - - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster +## @section LDAP parameters ## LDAP Auth Daemon Properties -## -## Daemon that will proxy LDAP requests -## between NGINX and a given LDAP Server +## Daemon that will proxy LDAP requests between NGINX and a given LDAP Server ## ldapDaemon: - + ## @param ldapDaemon.enabled Enable LDAP Auth Daemon proxy + ## enabled: false - ## Bitnami NGINX LDAP Auth Daemon image ## ref: https://hub.docker.com/r/bitnami/nginx-ldap-auth-daemon/tags/ + ## @param ldapDaemon.image.registry LDAP AUth Daemon Image registry + ## @param ldapDaemon.image.repository LDAP Auth Daemon Image repository + ## @param ldapDaemon.image.tag LDAP Auth Daemon Image tag (immutable tags are recommended) + ## @param ldapDaemon.image.pullPolicy LDAP Auth Daemon Image pull policy ## image: registry: docker.io repository: bitnami/nginx-ldap-auth-daemon tag: 0.20200116.0-debian-10-r387 pullPolicy: IfNotPresent - - ## LDAP Daemon port + ## @param ldapDaemon.port LDAP Auth Daemon port ## port: 8888 - ## LDAP Auth Daemon Configuration ## ## These different properties define the form of requests performed @@ -433,39 +441,31 @@ ldapDaemon: ## ## ldapConfig: - - ## LDAP URI where to query the server + ## @param ldapDaemon.ldapConfig.uri LDAP Server URI, `ldap[s]:/:` ## Must follow the pattern -> ldap[s]:/: ## uri: "" - - ## LDAP search base DN + ## @param ldapDaemon.ldapConfig.baseDN LDAP root DN to begin the search for the user ## baseDN: "" - - ## LDAP bind DN + ## @param ldapDaemon.ldapConfig.bindDN DN of user to bind to LDAP ## bindDN: "" - - ## LDAP bind Password + ## @param ldapDaemon.ldapConfig.bindPassword Password for the user to bind to LDAP ## bindPassword: "" - - ## LDAP search filter + ## @param ldapDaemon.ldapConfig.filter LDAP search filter for search ## filter: "" - - ## LDAP auth realm + ## @param ldapDaemon.ldapConfig.httpRealm LDAP HTTP auth realm ## httpRealm: "" - - ## LDAP cookie name + ## @param ldapDaemon.ldapConfig.httpCookieName HTTP cookie name to be used in LDAP Auth ## httpCookieName: "" - - ## NGINX Configuration File containing the directives (that define - ## how LDAP requests are performed) and tells NGINX to use the LDAP Daemon - ## as proxy. Besides, it defines the routes that will require of LDAP auth + ## @param ldapDaemon.nginxServerBlock [string] NGINX server block that configures LDAP communication. Overrides `ldapDaemon.ldapConfig` + ## NGINX Configuration File containing the directives (that define how LDAP requests are performed) and tells NGINX to + ## use the LDAP Daemon as proxy. Besides, it defines the routes that will require of LDAP auth ## in order to be accessed. ## ## If LDAP directives are provided, they will take precedence over @@ -473,8 +473,6 @@ ldapDaemon: ## ## This will be evaluated as a template. ## - ## - nginxServerBlock: |- server { listen 0.0.0.0:{{ .Values.containerPorts.http }}; @@ -506,16 +504,19 @@ ldapDaemon: # proxy_set_header X-Ldap-BindPass "adminpassword"; } } - - ## Use an existing Secret holding an NGINX Configuration file that - ## configures LDAP requests. (will be evaluated as a template) - ## + ## @param ldapDaemon.existingNginxServerBlockSecret Name of existing Secret with a NGINX server block to use for LDAP communication + ## Use an existing Secret holding an NGINX Configuration file that configures LDAP requests ## If provided, both nginxServerBlock and ldapConfig properties are ignored. ## existingNginxServerBlockSecret: - - ## LDAP Auth Daemon containers' liveness and readiness probes. + ## LDAP Auth Daemon containers' liveness probe. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param ldapDaemon.livenessProbe.enabled Enable livenessProbe + ## @param ldapDaemon.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param ldapDaemon.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param ldapDaemon.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param ldapDaemon.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param ldapDaemon.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -524,6 +525,15 @@ ldapDaemon: periodSeconds: 10 failureThreshold: 6 successThreshold: 1 + ## LDAP Auth Daemon containers' readiness probe. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param ldapDaemon.readinessProbe.enabled Enable readinessProbe + ## @param ldapDaemon.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param ldapDaemon.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param ldapDaemon.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param ldapDaemon.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param ldapDaemon.readinessProbe.successThreshold Success threshold for readinessProbe + ## readinessProbe: enabled: true initialDelaySeconds: 5 @@ -531,82 +541,96 @@ ldapDaemon: periodSeconds: 5 failureThreshold: 3 successThreshold: 1 - - ## Custom Liveness probe + ## @param ldapDaemon.customLivenessProbe Custom Liveness probe ## customLivenessProbe: {} - - ## Custom Rediness probe + ## @param ldapDaemon.customReadinessProbe Custom Rediness probe ## customReadinessProbe: {} -## Sidecar parameters -## -# sidecars: -# - name: your-image-name -# image: your-image -# imagePullPolicy: Always -# ports: -# - name: portname -# containerPort: 1234 -sidecars: +## @section Traffic Exposure parameters -## Extra init containers +## NGINX Service properties ## -initContainers: - +service: + ## @param service.type Service type + ## + type: LoadBalancer + ## @param service.port Service HTTP port + ## + port: 80 + ## @param service.httpsPort Service HTTPS port + ## + httpsPort: 443 + ## @param service.nodePorts [object] Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + https: "" + ## @param service.targetPort [object] Target port reference value for the Loadbalancer service types can be specified explicitly. + ## Listeners for the Loadbalancer can be custom mapped to the http or https service. + ## Example: Mapping the https listener to targetPort http [http: https] + ## + targetPort: + http: http + https: https + ## @param service.loadBalancerIP LoadBalancer service IP address + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: + ## @param service.annotations Service annotations + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster ## Configure the ingress resource that allows you to access the ## Nginx installation. Set up the URL ## ref: http://kubernetes.io/docs/user-guide/ingress/ ## ingress: - ## Set to true to enable ingress record generation + ## @param ingress.enabled Set to true to enable ingress record generation ## enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager + ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager ## certManager: false - - ## Ingress Path type + ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific - - ## Override API Version (automatically detected if not set) + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: - - ## When the ingress is enabled, a host pointing to this will be created + ## @param ingress.hostname Default host for the ingress resource ## hostname: nginx.local - - ## The Path to Nginx. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. + ## @param ingress.path The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers. ## path: / - - ## Ingress annotations done as key:value pairs + ## @param ingress.annotations Ingress annotations ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set ## annotations: {} - - ## Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## @param ingress.tls Create TLS Secret ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false - - ## The list of additional hostnames to be covered with this ingress record. + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: nginx.local ## path: / ## - - ## Any additional arbitrary paths that may need to be added to the ingress under the main host. + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* @@ -614,16 +638,16 @@ ingress: ## serviceName: ssl-redirect ## servicePort: use-annotation ## - - ## The tls configuration for additional hostnames to be covered with this ingress record. + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - nginx.local ## secretName: nginx.local-tls ## - - ## If you're providing your own certificates, please use this to add the certificates as secrets + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## @@ -632,48 +656,41 @@ ingress: ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information - ## - secrets: [] + ## e.g: ## - name: nginx.local-tls ## key: ## certificate: ## - + secrets: [] ## Health Ingress parameters ## healthIngress: - ## Set to true to enable health ingress record generation + ## @param healthIngress.enabled Set to true to enable health ingress record generation ## enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager + ## @param healthIngress.certManager Set this to true in order to add the corresponding annotations for cert-manager ## certManager: false - - ## Ingress Path type + ## @param healthIngress.pathType Ingress path type ## pathType: ImplementationSpecific - - ## When the health ingress is enabled, a host pointing to this will be created + ## @param healthIngress.hostname When the health ingress is enabled, a host pointing to this will be created ## hostname: example.local - - ## Health Ingress annotations done as key:value pairs + ## @param healthIngress.annotations Health Ingress annotations ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set ## annotations: {} - - ## Enable TLS configuration for the hostname defined at healthIngress.hostname parameter + ## @param healthIngress.tls Enable TLS configuration for the hostname defined at `healthIngress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.healthIngress.hostname }} ## You can use the healthIngress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or ## let the chart create self-signed certificates for you ## tls: false - - ## The list of additional hostnames to be covered with this health ingress record. + ## @param healthIngress.extraHosts The list of additional hostnames to be covered with this health ingress record ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## E.g. ## extraHosts: @@ -681,8 +698,7 @@ healthIngress: ## path: / ## extraHosts: [] - - ## The tls configuration for additional hostnames to be covered with this health ingress record. + ## @param healthIngress.extraTls TLS configuration for additional hostnames to be covered ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## E.g. ## extraTls: @@ -691,7 +707,7 @@ healthIngress: ## secretName: example.local-tls ## extraTls: [] - + ## @param healthIngress.secrets TLS Secret configuration ## If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- ## name should line up with a secretName set further up @@ -708,17 +724,24 @@ healthIngress: ## secrets: [] +## @section Metrics parameters + ## Prometheus Exporter / Metrics ## metrics: + ## @param metrics.enabled Start a Prometheus exporter sidecar container + ## enabled: false - - ## Specify which port is used by the exporter to retrieve the NGINX status. + ## @param metrics.port NGINX Container Status Port scraped by Prometheus Exporter ## Defaults to specified http port port: - ## Bitnami NGINX Prometheus Exporter image ## ref: https://hub.docker.com/r/bitnami/nginx-exporter/tags/ + ## @param metrics.image.registry NGINX Prometheus exporter image registry + ## @param metrics.image.repository NGINX Prometheus exporter image repository + ## @param metrics.image.tag NGINX Prometheus exporter image tag (immutable tags are recommended) + ## @param metrics.image.pullPolicy NGINX Prometheus exporter image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io @@ -728,81 +751,79 @@ metrics: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Prometheus exporter pods' annotation and labels + pullSecrets: [] + ## @param metrics.podAnnotations Additional annotations for NGINX Prometheus exporter pod(s) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param metrics.securityContext.enabled Enabled NGINX Exporter containers' Security Context + ## @param metrics.securityContext.runAsUser Set NGINX Exporter container's Security Context runAsUser ## securityContext: enabled: false runAsUser: 1001 - ## Prometheus exporter service parameters ## service: - ## NGINX Prometheus exporter port + ## @param metrics.service.port NGINX Prometheus exporter service port ## port: 9113 - ## Annotations for the Prometheus exporter service + ## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## NGINX Prometheus exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for the NGINX Prometheus exporter container + ## @param metrics.resources.requests The requested resources for the NGINX Prometheus exporter container ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi limits: {} - # cpu: 100m - # memory: 128Mi + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi requests: {} - # cpu: 100m - # memory: 128Mi - ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: + ## @param metrics.serviceMonitor.enabled Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## enabled: false - ## Namespace in which Prometheus is running + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## - # namespace: monitoring - - ## Interval at which metrics should be scraped. + namespace: + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s ## - # interval: 10s - - ## Timeout after which the scrape is ended + interval: + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s ## - # scrapeTimeout: 10s - - ## ServiceMonitor selector labels + scrapeTimeout: + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## - # selector: - # prometheus: my-prometheus - -## Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - create: false - ## Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## Max number of pods that can be unavailable after the eviction - ## - # maxUnavailable: 1 + ## selector: + ## prometheus: my-prometheus + ## + selector: {}