--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
- name: serviceAccount
version: ~13.x-0
repository: 'file://../serviceAccount'
- condition: global.cassandra.enableServiceAccount
\ No newline at end of file
+ condition: global.cassandra.enableServiceAccount
if __name__ == "__main__":
main(sys.argv[1:])
-
-
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
{{- if .Values.global.cassandra.useOperator }}
{{ include "common.k8ssandraCluster" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/docker-entrypoint.sh").AsConfig . | indent 2 }}
-{{- end }}
\ No newline at end of file
+{{- end }}
*/}}
{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.replicaPV" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
{{- if .Values.global.cassandra.useOperator }}
{{ include "common.secretFast" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.headlessService" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.local/
+.config/
+# OOM specific dirs
+components/
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 13.2.0
+version: 13.2.1
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
name: {{ $datacenter.name }}
size: {{ $datacenter.size }}
{{- end }}
- {{ if .Values.podAnnotations -}}
+ podSecurityContext:
+ fsGroup: 999
+ runAsGroup: 999
+ runAsUser: 999
+ runAsNonRoot: true
metadata:
+ {{ if .Values.podAnnotations -}}
pods:
annotations:
{{ toYaml .Values.podAnnotations | nindent 10 }}
+ {{- end }}
commonLabels:
app: {{ .Values.k8ssandraOperator.config.clusterName }}
version: {{ .Values.k8ssandraOperator.cassandraVersion }}
- {{- end }}
{{ end }}
{{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }}
resources: {{ include "common.resources" $dot | nindent 4 }}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
{{- end }}
{{- end -}}
-
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ volumes:
+ - name: run
+ emptyDir:
+ sizeLimit: 64Mi
+ - name: tmp
+ emptyDir:
+ sizeLimit: 64Mi
+ volumeMounts:
+ - name: run
+ mountPath: /run/mysqld
+ - name: tmp
+ mountPath: /tmp
inheritMetadata:
{{ if .Values.podAnnotations -}}
annotations: {{ toYaml .Values.podAnnotations | nindent 6 }}
enabled: true
authDelegatorRoleName: {{ $dbinst }}-auth
gracefulShutdownTimeout: 5s
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ privileged: false
+ runAsNonRoot: true
+ runAsUser: 10001
+ seccompProfile:
+ type: RuntimeDefault
primary:
automaticFailover: true
podIndex: 0
initContainer:
image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }}
imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ privileged: false
+ runAsNonRoot: true
+ runAsUser: 10001
+ seccompProfile:
+ type: RuntimeDefault
config:
reuseStorageVolume: false
volumeClaimTemplate:
{{- if default false $dot.Values.global.metrics.enabled }}
metrics:
enabled: true
+ exporter:
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/prom/mysqld-exporter:v0.15.1
+ port: 9104
+ podSecurityContext:
+ fsGroup: 10001
+ runAsGroup: 10001
+ runAsUser: 10001
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ resources:
+ limits:
+ cpu: 100m
+ memory: 128Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
{{- end }}
affinity:
podAntiAffinity:
--- /dev/null
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ UID of mongodb root password
+*/}}
+{{- define "common.mongodb.secret.rootPassUID" -}}
+ {{- printf "db-root-password" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb secret
+*/}}
+{{- define "common.mongodb.secret._secretName" -}}
+ {{- $global := .dot }}
+ {{- $chartName := tpl .chartName $global -}}
+ {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }}
+{{- end -}}
+
+{{/*
+ Name of mongodb root password secret
+*/}}
+{{- define "common.mongodb.secret.rootPassSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.rootPassUID") }}
+{{- end -}}
+
+{{/*
+ UID of mongodb user credentials
+*/}}
+{{- define "common.mongodb.secret.userCredentialsUID" -}}
+ {{- printf "db-user-credentials" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb user credentials secret
+*/}}
+{{- define "common.mongodb.secret.userCredentialsSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.userCredentialsUID") }}
+{{- end -}}
+
+{{/*
+ UID of mongodb primary password
+*/}}
+{{- define "common.mongodb.secret.primaryPasswordUID" -}}
+ {{- printf "primary-password" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb user credentials secret
+*/}}
+{{- define "common.mongodb.secret.primaryPasswordSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.primaryPasswordUID") }}
+{{- end -}}
+
+{{/*
+ Choose the name of the mongodb app label to use.
+*/}}
+{{- define "common.mongodbAppName" -}}
+ {{- if .Values.global.mongodb.localCluster -}}
+ {{- index .Values "mongodb" "nameOverride" -}}
+ {{- else -}}
+ {{- .Values.global.mongodb.nameOverride -}}
+ {{- end -}}
+{{- end -}}
+
+#Not edited yet
+{{/*
+ Create mongodb cluster via mongodb percona-operator
+*/}}
+{{- define "common.mongodbOpInstance" -}}
+{{- $dot := default . .dot -}}
+{{- $global := $dot.Values.global -}}
+{{- $dbinst := include "common.name" $dot -}}
+---
+
+apiVersion: psmdb.percona.com/v1
+kind: PerconaServerMongoDB
+metadata:
+ name: {{ $dbinst }}
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+spec:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.mongodbOperator.imageMongo }}
+ image: {{ .Values.mongodbOperator.imageMongo | quote }}
+ {{- end }}
+ imagePullSecrets:
+ - name: {{ include "common.namespace" . }}-docker-registry-key
+ mongodbVersion: {{ $dot.Values.mongodbOperator.mongodbVersion }}
+ instances:
+ - name: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }}
+ replicas: {{ default 2 .Values.mongodbOperator.instanceReplicas }}
+ dataVolumeClaimSpec:
+ {{- if .Values.instanceStorageClassName }}
+ storageClassName: {{ .Values.mongodbOperator.instanceStorageClassName | quote }}
+ {{- end }}
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: {{ default "1Gi" .Values.mongodbOperator.instanceSize | quote }}
+ {{- if or .Values.instanceMemory .Values.mongodbOperator.instanceCPU }}
+ resources:
+ limits:
+ cpu: {{ default "" .Values.mongodbOperator.instanceCPU | quote }}
+ memory: {{ default "" .Values.mongodbOperator.instanceMemory | quote }}
+ {{- end }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ mongodb-operator.crunchydata.com/cluster: {{ $dbinst }}
+ mongodb-operator.crunchydata.com/instance-set: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }}
+ proxy:
+ pgBouncer:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.mongodbOperator.imagePgBouncer }}
+ image: {{ .Values.mongodbOperator.imagePgBouncer | quote }}
+ {{- end }}
+ replicas: {{ default 2 .Values.mongodbOperator.bouncerReplicas }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ mongodb-operator.crunchydata.com/cluster: {{ $dbinst }}
+ mongodb-operator.crunchydata.com/role: pgbouncer
+ {{- if .Values.mongodbOperator.monitoring }}
+ monitoring:
+ pgmonitor:
+ exporter:
+ image: {{ default "" .Values.mongodbOperator.imageExporter | quote }}
+ {{- if .Values.mongodbOperator.monitoringConfig }}
+{{ toYaml .Values.monitoringConfig | indent 8 }}
+ {{- end }}
+ {{- end }}
+ users:
+ - name: mongodb
+{{- end -}}
runAsUser: {{ .Values.securityContext.user_id }}
runAsGroup: {{ .Values.securityContext.group_id }}
fsGroup: {{ .Values.securityContext.group_id }}
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
{{- end }}
{{/*
readOnlyRootFilesystem: true
privileged: false
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
{{- end }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
{{- end }}
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
components/
- name: common
version: ~13.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: 'file://../repositoryGenerator'
- name: master
version: ~13.x-0
repository: 'file://components/master'
version: ~13.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
- - name: repositoryGenerator
- version: ~13.x-0
- repository: 'file://../repositoryGenerator'
repository: 'file://../../../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../../../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../../../repositoryGenerator'
# "storage_class": "${S3_STORAGE_CLASS}"
# }
# }
-
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
-
-
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
selector:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
-
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
{{- end -}}
{{- end -}}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
my.cnf: |
{{ .Values.mariadbConfiguration | indent 4 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
{{- if .Values.global.mariadbGalera.useOperator }}
{{ include "common.mariadbOpInstance" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
targetPort: tcp-metrics
selector: {{- include "common.matchLabels" . | nindent 4 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
selector:
matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
rules:
{{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }}
{{- end }}
-
{{- if not .Values.global.mariadbGalera.useOperator }}
{{ include "common.replicaPV" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }}
\ No newline at end of file
+{{ include "common.secretFast" . }}
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
volumeClaimTemplates:
- {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
galera:
enabled: true
agentImage: mariadb-operator/mariadb-operator
- agentVersion: v0.0.27
+ agentVersion: v0.0.28
initImage: mariadb-operator/mariadb-operator
- initVersion: v0.0.27
+ initVersion: v0.0.28
## String to partially override common.names.fullname template (will maintain the release name)
##
*.tmproj
tests
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
apiVersion: v2
description: Chart for MariaDB Galera init job
name: mariadb-init
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
-{{/*
+{{- /*
# Copyright © 2019 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+*/ -}}
{{/*
Choose the name of the configmap to use.
-{{/*
+{{- /*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+*/ -}}
{{/*
Choose the name of the mariadb secret to use.
-{{/*
# Copyright © 2019 Orange
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
apiVersion: v1
kind: ConfigMap
metadata:
-{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
{{ include "mariadbInit._updateSecrets" . -}}
apiVersion: batch/v1
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- /bin/sh
- -c
-{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
{{ include "mariadbInit._updateSecrets" . -}}
{{ include "common.secretFast" . }}
- it: "should render with default value (volumes)"
asserts:
- contains:
- path: spec.template.spec.volumes
- content:
- name: mariadb-conf
- configMap:
- name: RELEASE-NAME-mariadb-init
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-mariadb-init
- it: "should render with nameOverride set"
set:
name: RELEASE-NAME-myJob-secret
key: db-user-password
- contains:
- path: spec.template.spec.volumes
- content:
- name: mariadb-conf
- configMap:
- name: RELEASE-NAME-myJob
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-myJob
- it: "should render with configmap set"
set:
set:
global:
mariadbGalera:
- nameOverride: myMaria
- servicePort: 545
+ nameOverride: myMaria
+ servicePort: 545
asserts:
- contains:
path: spec.template.spec.initContainers[0].args
set:
global:
mariadbGalera:
- nameOverride: myMaria
- servicePort: 545
- userRootSecret: galera-secret
- userRootSecretKey: root-password
+ nameOverride: myMaria
+ servicePort: 545
+ userRootSecret: galera-secret
+ userRootSecretKey: root-password
asserts:
- contains:
path: spec.template.spec.initContainers[0].args
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- - key: kubernetes.io/e2e-az-name
- operator: In
- values:
- - e2e-az1
- - e2e-az2
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
asserts:
- equal:
path: spec.template.spec.affinity
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- - key: kubernetes.io/e2e-az-name
- operator: In
- values:
- - e2e-az1
- - e2e-az2
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
- it: "should use large flavor"
set:
flavor: large
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
#################################################################
# Global configuration defaults.
#################################################################
# externalSecret: some-secret-name
config_map: default
+securityContext:
+ user_id: 100
+ group_id: 65533
+
nodeSelector: {}
affinity: {}
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
+# resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
flavor: small
resources:
small:
memory: "20Mi"
unlimited: {}
-#Pods Service Account
+# Pods Service Account
serviceAccount:
nameOverride: mariadb-init
roles:
readinessCheck:
wait_for:
services:
- - '{{ include "common.mariadbService" . }}'
+ - '{{ include "common.mariadbService" . }}'
name: mongodb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mongodb
-version: 14.12.3
+version: 14.12.4
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
{{- print .chart.AppVersion -}}
{{- end -}}
{{- end -}}
-
{{- end }}
volumes:
- name: empty-dir
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
- name: common-scripts
configMap:
{{- end }}
{{- if and .Values.tls.enabled .Values.arbiter.enabled }}
- name: certs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: 64Mi
{{- if (include "mongodb.autoGenerateCerts" .) }}
- name: certs-volume
secret:
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
{{- if $extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
## @param replicaSetName Name of the replica set (only when `architecture=replicaset`)
## Ignored when mongodb.architecture=standalone
##
+replicaSet:
+ emptyDir:
+ sizeLimit: 1Gi
+
+standalone:
+ emptyDir:
+ sizeLimit: 1Gi
+
replicaSetName: rs0
## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`)
## Ignored when mongodb.architecture=standalone
## @param backup.enabled Enable the logical dump of the database "regularly"
##
enabled: false
+ emptyDir:
+ sizeLimit: 1Gi
## Fine tuning cronjob's config
##
cronjob:
## @section Arbiter parameters
##
arbiter:
+ emptyDir:
+ sizeLimit: 1Gi
## @param arbiter.enabled Enable deploying the arbiter
## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
##
allowPrivilegeEscalation: false
capabilities:
drop:
- - ALL
- - CAP_NET_RAW
+ - ALL
+ - CAP_NET_RAW
seccompProfile:
type: "RuntimeDefault"
## MongoDB(®) Arbiter containers' resource requests and limits.
## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
##
enabled: false
+ emptyDir:
+ sizeLimit: 1Gi
## @param hidden.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
- drop:
- - ALL
- - CAP_NET_RAW
+ drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MongoDB(®) Hidden containers' resource requests and limits.
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
+ ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
wait_for_job_container:
containers:
- - '{{ include "common.name" . }}-update-config'
\ No newline at end of file
+ - '{{ include "common.name" . }}-update-config'
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
#local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
-
*/}}
{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }}
-{{- end }}
\ No newline at end of file
+{{- end }}
*/}}
{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }}
-{{- end }}
\ No newline at end of file
+{{- end }}
name: {{ .Values.container.name.primary }}
release: {{ include "common.release" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
name: {{ .Values.container.name.replica }}
release: {{ include "common.release" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
{{- if .Values.global.postgres.useOperator }}
{{ include "common.postgresOpInstance" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/primary
{{- end -}}
{{- end -}}
-{{- end }}
\ No newline at end of file
+{{- end }}
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
selector:
name: "{{.Values.container.name.replica}}"
release: {{ include "common.release" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
apiVersion: v2
description: Template used to wait for other deployment/sts/jobs in onap
name: readinessCheck
-version: 13.1.0
+version: 13.1.1
dependencies:
- name: common
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
securityContext:
runAsUser: {{ $subchartDot.Values.user }}
runAsGroup: {{ $subchartDot.Values.group }}
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
command:
- /app/ready.py
args:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
\ No newline at end of file
+ repository: 'file://../common'
- pods/exec
verbs:
- create
+ - get
- apiGroups:
- cert-manager.io
resources:
kind: ServiceAccount
metadata:
name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
-{{- end }}
\ No newline at end of file
+{{- end }}
.project
.idea/
*.tmproj
-.vscode/
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
{{ include "common.podSecurityContext" . | indent 10 | trim}}
- initContainers:
- # we shouldn't need this but for unknown reason, it's fsGroup is not
- # applied
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: /var/lib/postgresql/data
- name: {{ include "common.fullname" . }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
\ No newline at end of file
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ # temporarily use less restrictions
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ runAsGroup: {{ .Values.securityContext.group_id }}
+ fsGroup: {{ .Values.securityContext.group_id }}
initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
securityContext:
# be published independently to a repo (at this point)
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
- name: etcd
version: ~13.x-0
# be published independently to a repo (at this point)
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
- name: mariadb-galera
version: ~13.x-0
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 7 | trim}}
- initContainers:
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: chart-persistent
- mountPath: "/chartmuseum-persist"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }}
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
Code Review / oom.git / commitdiff