diff --git a/bitnami/cassandra/Chart.lock b/bitnami/cassandra/Chart.lock index 6ac93fa738..c65fe20100 100644 --- a/bitnami/cassandra/Chart.lock +++ b/bitnami/cassandra/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts version: 2.15.3 digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T19:56:44.810943477Z" +generated: "2024-02-14T14:38:18.303780391+01:00" diff --git a/bitnami/cassandra/Chart.yaml b/bitnami/cassandra/Chart.yaml index 7926e878c9..423a096eae 100644 --- a/bitnami/cassandra/Chart.yaml +++ b/bitnami/cassandra/Chart.yaml @@ -32,4 +32,4 @@ maintainers: name: cassandra sources: - https://github.com/bitnami/charts/tree/main/bitnami/cassandra -version: 10.9.1 +version: 10.10.0 diff --git a/bitnami/cassandra/README.md b/bitnami/cassandra/README.md index 35f7ddfe0c..b6c35d2b15 100644 --- a/bitnami/cassandra/README.md +++ b/bitnami/cassandra/README.md @@ -115,81 +115,81 @@ The command removes all the Kubernetes components associated with the chart and ### Statefulset parameters -| Name | Description | Value | -| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- | -| `replicaCount` | Number of Cassandra replicas | `1` | -| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | -| `priorityClassName` | Cassandra pods' priority. | `""` | -| `podAnnotations` | Additional pod annotations | `{}` | -| `podLabels` | Additional pod labels | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` | -| `containerSecurityContext.runAsNonRoot` | Set Cassandra containers' Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `resources.limits` | The resources limits for Cassandra containers | `{}` | -| `resources.requests` | The requested resources for Cassandra containers | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `lifecycleHooks` | Override default etcd container hooks | `{}` | -| `schedulerName` | Alternative scheduler | `""` | -| `terminationGracePeriodSeconds` | In seconds, time the given to the Cassandra pod needs to terminate gracefully | `""` | -| `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` | -| `initContainers` | Add additional init containers to the cassandra pods | `[]` | -| `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` | -| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | -| `hostNetwork` | Enable HOST Network | `false` | -| `containerPorts.intra` | Intra Port on the Host and Container | `7000` | -| `containerPorts.tls` | TLS Port on the Host and Container | `7001` | -| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` | -| `containerPorts.cql` | CQL Port on the Host and Container | `9042` | -| `hostPorts.intra` | Intra Port on the Host | `""` | -| `hostPorts.tls` | TLS Port on the Host | `""` | -| `hostPorts.jmx` | JMX Port on the Host | `""` | -| `hostPorts.cql` | CQL Port on the Host | `""` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of Cassandra replicas | `1` | +| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | +| `priorityClassName` | Cassandra pods' priority. | `""` | +| `podAnnotations` | Additional pod annotations | `{}` | +| `podLabels` | Additional pod labels | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.runAsNonRoot` | Set Cassandra containers' Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `lifecycleHooks` | Override default etcd container hooks | `{}` | +| `schedulerName` | Alternative scheduler | `""` | +| `terminationGracePeriodSeconds` | In seconds, time the given to the Cassandra pod needs to terminate gracefully | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` | +| `initContainers` | Add additional init containers to the cassandra pods | `[]` | +| `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | +| `hostNetwork` | Enable HOST Network | `false` | +| `containerPorts.intra` | Intra Port on the Host and Container | `7000` | +| `containerPorts.tls` | TLS Port on the Host and Container | `7001` | +| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` | +| `containerPorts.cql` | CQL Port on the Host and Container | `9042` | +| `hostPorts.intra` | Intra Port on the Host | `""` | +| `hostPorts.tls` | TLS Port on the Host | `""` | +| `hostPorts.jmx` | JMX Port on the Host | `""` | +| `hostPorts.cql` | CQL Port on the Host | `""` | ### RBAC parameters @@ -243,69 +243,69 @@ The command removes all the Kubernetes components associated with the chart and ### Volume Permissions parameters -| Name | Description | Value | -| -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | -| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| Name | Description | Value | +| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | ### Metrics parameters -| Name | Description | Value | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------ | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Cassandra exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Cassandra exporter image name | `REPOSITORY_NAME/cassandra-exporter` | -| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources.limits` | The resources limits for the container | `{}` | -| `metrics.resources.requests` | The requested resources for the container | `{}` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `45` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra-exporter container | `[]` | -| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | -| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.labels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | -| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` | -| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` | -| `metrics.hostPorts.http` | HTTP Port on the Host | `""` | -| `metrics.hostPorts.jmx` | JMX Port on the Host | `""` | -| `metrics.configuration` | Configure Cassandra-exporter with a custom config.yml file | `""` | +| Name | Description | Value | +| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Cassandra exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Cassandra exporter image name | `REPOSITORY_NAME/cassandra-exporter` | +| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `45` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra-exporter container | `[]` | +| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | +| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.labels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | +| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` | +| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` | +| `metrics.hostPorts.http` | HTTP Port on the Host | `""` | +| `metrics.hostPorts.jmx` | JMX Port on the Host | `""` | +| `metrics.configuration` | Configure Cassandra-exporter with a custom config.yml file | `""` | ### TLS/SSL parameters -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------- | ------- | -| `tls.internodeEncryption` | Set internode encryption | `none` | -| `tls.clientEncryption` | Set client-server encryption | `false` | -| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` | -| `tls.existingSecret` | Existing secret that contains Cassandra Keystore and truststore | `""` | -| `tls.passwordsSecret` | Secret containing the Keystore and Truststore passwords if needed | `""` | -| `tls.keystorePassword` | Password for the keystore, if needed. | `""` | -| `tls.truststorePassword` | Password for the truststore, if needed. | `""` | -| `tls.resources.limits` | The resources limits for the TLS init container | `{}` | -| `tls.resources.requests` | The requested resources for the TLS init container | `{}` | -| `tls.certificatesSecret` | Secret with the TLS certificates. | `""` | -| `tls.tlsEncryptionSecretName` | Secret with the encryption of the TLS certificates | `""` | +| Name | Description | Value | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | +| `tls.internodeEncryption` | Set internode encryption | `none` | +| `tls.clientEncryption` | Set client-server encryption | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `tls.existingSecret` | Existing secret that contains Cassandra Keystore and truststore | `""` | +| `tls.passwordsSecret` | Secret containing the Keystore and Truststore passwords if needed | `""` | +| `tls.keystorePassword` | Password for the keystore, if needed. | `""` | +| `tls.truststorePassword` | Password for the truststore, if needed. | `""` | +| `tls.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production). | `none` | +| `tls.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `tls.certificatesSecret` | Secret with the TLS certificates. | `""` | +| `tls.tlsEncryptionSecretName` | Secret with the encryption of the TLS certificates | `""` | The above parameters map to the env variables defined in [bitnami/cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra). For more information please refer to the [bitnami/cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image documentation. @@ -330,6 +330,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/cassa ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/cassandra/templates/NOTES.txt b/bitnami/cassandra/templates/NOTES.txt index fdedcdd38e..2ce6a1872f 100644 --- a/bitnami/cassandra/templates/NOTES.txt +++ b/bitnami/cassandra/templates/NOTES.txt @@ -89,3 +89,4 @@ To connect to your database from outside the cluster execute the following comma {{- include "common.warnings.rollingTag" .Values.metrics.image }} {{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} {{- include "cassandra.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "tls" "volumePermissions") "context" $) }} diff --git a/bitnami/cassandra/templates/statefulset.yaml b/bitnami/cassandra/templates/statefulset.yaml index 8b16bea4ba..b3b7a4759c 100644 --- a/bitnami/cassandra/templates/statefulset.yaml +++ b/bitnami/cassandra/templates/statefulset.yaml @@ -124,6 +124,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -196,6 +198,8 @@ spec: {{- end }} {{- if .Values.tls.resources }} resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- else if ne .Values.tls.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: certs @@ -489,6 +493,8 @@ spec: {{- end }} {{- if .Values.metrics.resources }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} livenessProbe: diff --git a/bitnami/cassandra/values.yaml b/bitnami/cassandra/values.yaml index 8568d0507c..7a011f7a2d 100644 --- a/bitnami/cassandra/values.yaml +++ b/bitnami/cassandra/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -44,7 +43,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -59,7 +57,6 @@ diagnosticMode: ## args: - infinity - ## @section Cassandra parameters ## @@ -94,7 +91,6 @@ image: ## Enable debug mode ## debug: false - ## Secret with keystore, keystore password, truststore, truststore password ## DEPRECATED. Use tls.existingSecret instead # tlsEncryptionSecretName: @@ -123,7 +119,6 @@ dbUser: ## cassandra-password: myCassandraPasswordKey ## existingSecret: "" - ## @param initDBConfigMap ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data ## initDBConfigMap: "" @@ -163,7 +158,6 @@ cluster: ## extraSeeds: [] enableUDF: false - ## JVM Settings ## @param jvm.extraOpts Set the value for Java Virtual Machine extra options ## @param jvm.maxHeapSize Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` @@ -202,7 +196,6 @@ extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars ## extraEnvVarsSecret: "" - ## @section Statefulset parameters ## @@ -327,22 +320,21 @@ containerSecurityContext: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for Cassandra containers -## @param resources.requests The requested resources for Cassandra containers +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## -resources: - ## Example: - ## limits: - ## cpu: 2 - ## memory: 4Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 2 - ## memory: 4Gi - ## - requests: {} +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure extra options for Cassandra containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param livenessProbe.enabled Enable livenessProbe @@ -450,7 +442,6 @@ containerPorts: tls: 7001 jmx: 7199 cql: 9042 - ## Cassandra ports to be exposed as hostPort ## If hostNetwork is false, only the ports specified here will be exposed (or not if set to an empty string) ## @param hostPorts.intra Intra Port on the Host @@ -463,7 +454,6 @@ hostPorts: tls: "" jmx: "" cql: "" - ## @section RBAC parameters ## @@ -484,7 +474,6 @@ serviceAccount: ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. ## automountServiceAccountToken: false - ## @section Traffic Exposure Parameters ## @@ -553,7 +542,6 @@ service: ## @param service.headless.annotations Annotations for the headless service. ## annotations: {} - ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -609,8 +597,6 @@ networkPolicy: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - - ## @section Persistence parameters ## @@ -661,7 +647,6 @@ persistence: ## # commitLogMountPath: /bitnami/cassandra/commitlog commitLogMountPath: "" - ## @section Volume Permissions parameters ## @@ -699,22 +684,21 @@ volumePermissions: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below volumePermissions.securityContext.runAsUser @@ -730,7 +714,6 @@ volumePermissions: securityContext: seLinuxOptions: null runAsUser: 0 - ## @section Metrics parameters ## @@ -769,22 +752,21 @@ metrics: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the container - ## @param metrics.resources.requests The requested resources for the container + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + resourcesPreset: "none" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe @@ -853,7 +835,6 @@ metrics: ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec ## labels: {} - ## Metrics container ports to open ## If hostNetwork true: the hostPort is set identical to the containerPort ## @param metrics.containerPorts.http HTTP Port on the Host and Container @@ -862,7 +843,6 @@ metrics: containerPorts: http: 8080 jmx: 5555 - ## Metrics ports to be exposed as hostPort ## If hostNetwork is false, only the ports specified here will be exposed (or not if set to an empty string) ## @param metrics.hostPorts.http HTTP Port on the Host @@ -871,7 +851,6 @@ metrics: hostPorts: http: "" jmx: "" - ## @param metrics.configuration [string] Configure Cassandra-exporter with a custom config.yml file ## ref: https://github.com/criteo/cassandra_exporter/blob/master/config.yml ## @@ -932,7 +911,6 @@ metrics: - .*:snapshotssize:.* - .*:estimated.* - .*:totaldiskspaceused:.* - ## @section TLS/SSL parameters ## @@ -944,8 +922,9 @@ metrics: ## @param tls.passwordsSecret Secret containing the Keystore and Truststore passwords if needed ## @param tls.keystorePassword Password for the keystore, if needed. ## @param tls.truststorePassword Password for the truststore, if needed. -## @param tls.resources.limits The resources limits for the TLS init container -## @param tls.resources.requests The requested resources for the TLS init container +## @param tls.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## @param tls.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## @param tls.certificatesSecret Secret with the TLS certificates. ## @param tls.tlsEncryptionSecretName Secret with the encryption of the TLS certificates ## @@ -959,21 +938,17 @@ tls: truststorePassword: "" certificatesSecret: "" tlsEncryptionSecretName: "" + resourcesPreset: "none" ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + resources: {}