redis
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
## @param global.redis.password Global Redis(R) password (overrides `auth.password`)
21
## @param global.defaultFips Default value for the FIPS configuration (allowed values: '', restricted, relaxed, off). Can be overridden by the 'fips' object
22
##
23
global:
24
imageRegistry: ""
25
## E.g.
26
## imagePullSecrets:
27
## - myRegistryKeySecretName
28
##
29
imagePullSecrets: []
30
defaultStorageClass: ""
31
storageClass: ""
32
## Security parameters
33
##
34
security:
35
## @param global.security.allowInsecureImages Allows skipping image verification
36
allowInsecureImages: false
37
redis:
38
password: ""
39
## Compatibility adaptations for Kubernetes platforms
40
##
41
compatibility:
42
## Compatibility adaptations for Openshift
43
##
44
openshift:
45
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
46
##
47
adaptSecurityContext: auto
48
## Configure FIPS mode: '', 'restricted', 'relaxed', 'off'
49
##
50
defaultFips: restricted
51
org: ""
52
## @section Common parameters
53
##
54
55
## @param kubeVersion Override Kubernetes version
56
##
57
kubeVersion: ""
58
## @param nameOverride String to partially override common.names.fullname
59
##
60
nameOverride: ""
61
## @param fullnameOverride String to fully override common.names.fullname
62
##
63
fullnameOverride: ""
64
## @param namespaceOverride String to fully override common.names.namespace
65
##
66
namespaceOverride: ""
67
## @param commonLabels Labels to add to all deployed objects
68
##
69
commonLabels: {}
70
## @param commonAnnotations Annotations to add to all deployed objects
71
##
72
commonAnnotations: {}
73
## @param configmapChecksumAnnotations Enable checksum annotations used to trigger rolling updates when ConfigMap(s) change
74
##
75
configmapChecksumAnnotations: true
76
## @param secretChecksumAnnotations Enable checksum annotations used to trigger rolling updates when Secret(s) change
77
##
78
secretChecksumAnnotations: true
79
## @param secretAnnotations Annotations to add to secret
80
##
81
secretAnnotations: {}
82
## @param clusterDomain Kubernetes cluster domain name
83
##
84
clusterDomain: cluster.local
85
## @param extraDeploy Array of extra objects to deploy with the release
86
##
87
extraDeploy: []
88
## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address
89
##
90
useHostnames: true
91
## @param nameResolutionThreshold Failure threshold for internal hostnames resolution
92
##
93
nameResolutionThreshold: 5
94
## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution
95
##
96
nameResolutionTimeout: 5
97
## Enable diagnostic mode in the deployment
98
##
99
diagnosticMode:
100
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
101
##
102
enabled: false
103
## @param diagnosticMode.command Command to override all containers in the deployment
104
##
105
command:
106
- sleep
107
## @param diagnosticMode.args Args to override all containers in the deployment
108
##
109
args:
110
- infinity
111
## @section Redis(R) Image parameters
112
##
113
114
## Iamguarded Redis(R) image
115
## @param image.registry [default: REGISTRY_NAME] Redis(R) image registry
116
## @param image.repository [default: REPOSITORY_NAME/redis] Redis(R) image repository
117
## @skip image.tag Redis(R) image tag (immutable tags are recommended)
118
## @param image.digest Redis(R) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
119
## @param image.pullPolicy Redis(R) image pull policy
120
## @param image.pullSecrets Redis(R) image pull secrets
121
## @param image.debug Enable image debug mode
122
##
123
image:
124
registry: cgr.dev
125
repository: chainguard-private/redis-server-iamguarded
126
tag: 8.6.2
127
digest: ""
128
## Specify a imagePullPolicy
129
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
130
##
131
pullPolicy: IfNotPresent
132
## Optionally specify an array of imagePullSecrets.
133
## Secrets must be manually created in the namespace.
134
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
135
## e.g:
136
## pullSecrets:
137
## - myRegistryKeySecretName
138
##
139
pullSecrets: []
140
## Enable debug mode
141
##
142
debug: false
143
## @section Redis(R) common configuration parameters
144
##
145
146
## @param architecture Redis(R) architecture. Allowed values: `standalone` or `replication`
147
##
148
architecture: replication
149
## Redis(R) Authentication parameters
150
##
151
auth:
152
## @param auth.enabled Enable password authentication
153
##
154
enabled: true
155
## @param auth.sentinel Enable authentication on sentinels too
156
##
157
sentinel: true
158
## @param auth.password Redis(R) password
159
## Defaults to a random 10-character alphanumeric string if not set
160
##
161
password: ""
162
## @param auth.existingSecret The name of an existing secret with Redis(R) credentials
163
## NOTE: When it's set, the previous `auth.password` parameter is ignored
164
##
165
existingSecret: ""
166
## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret
167
## NOTE: ignored unless `auth.existingSecret` parameter is set
168
##
169
existingSecretPasswordKey: ""
170
## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable
171
##
172
usePasswordFiles: true
173
## @param auth.usePasswordFileFromSecret Mount password file from secret
174
##
175
usePasswordFileFromSecret: true
176
## Redis ACL restricts connections by limiting commands and key access with auth management.
177
## ref: https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/
178
##
179
acl:
180
## @param auth.acl.enabled Enables the support of the Redis ACL system
181
##
182
enabled: false
183
## @param auth.acl.sentinel Enables the support of the Redis ACL system for Sentinel Nodes
184
##
185
sentinel: false
186
## @param auth.acl.users A list of the configured users in the Redis ACL system
187
##
188
## Example:
189
## users:
190
## - username: "my-user"
191
## password: "mypassword"
192
## enabled: "on"
193
## commands: "+@all"
194
## keys: "~*"
195
## channels: "&*"
196
users: []
197
## @param auth.acl.userSecret Name of the Secret, containing user credentials for ACL users. Keys must match usernames.
198
userSecret: ""
199
## @param commonConfiguration [string] Common configuration to be added into the ConfigMap
200
## ref: https://redis.io/topics/config
201
##
202
commonConfiguration: |-
203
# Enable ReJSON y Redisearch
204
loadmodule /opt/iamguarded/redis/lib/redis/modules/redisearch.so
205
loadmodule /opt/iamguarded/redis/lib/redis/modules/rejson.so
206
# Enable AOF https://redis.io/topics/persistence#append-only-file
207
appendonly yes
208
# Disable RDB persistence, AOF persistence already enabled.
209
save ""
210
## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis(R) nodes
211
##
212
existingConfigmap: ""
213
## @section Redis(R) master configuration parameters
214
##
215
master:
216
## @param master.count Number of Redis(R) master instances to deploy (experimental, requires additional configuration)
217
##
218
count: 1
219
## @param master.revisionHistoryLimit The number of old history to retain to allow rollback
220
## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback
221
revisionHistoryLimit: 10
222
## @param master.configuration Configuration for Redis(R) master nodes
223
## ref: https://redis.io/topics/config
224
##
225
configuration: ""
226
## @param master.disableCommands Array with Redis(R) commands to disable on master nodes
227
## Commands will be completely disabled by renaming each to an empty string.
228
## ref: https://redis.io/topics/security#disabling-of-specific-commands
229
##
230
disableCommands:
231
- FLUSHDB
232
- FLUSHALL
233
## @param master.command Override default container command (useful when using custom images)
234
##
235
command: []
236
## @param master.args Override default container args (useful when using custom images)
237
##
238
args: []
239
## @param master.enableServiceLinks Whether information about services should be injected into pod's environment variable
240
##
241
enableServiceLinks: true
242
## @param master.preExecCmds Additional commands to run prior to starting Redis(R) master
243
##
244
preExecCmds: []
245
## @param master.extraFlags Array with additional command line flags for Redis(R) master
246
## e.g:
247
## extraFlags:
248
## - "--maxmemory-policy volatile-ttl"
249
## - "--repl-backlog-size 1024mb"
250
##
251
extraFlags: []
252
## @param master.extraEnvVars Array with extra environment variables to add to Redis(R) master nodes
253
## e.g:
254
## extraEnvVars:
255
## - name: FOO
256
## value: "bar"
257
##
258
extraEnvVars: []
259
## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis(R) master nodes
260
##
261
extraEnvVarsCM: ""
262
## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis(R) master nodes
263
##
264
extraEnvVarsSecret: ""
265
## @param master.containerPorts.redis Container port to open on Redis(R) master nodes
266
##
267
containerPorts:
268
redis: 6379
269
## Configure extra options for Redis(R) containers' liveness and readiness probes
270
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
271
## @param master.startupProbe.enabled Enable startupProbe on Redis(R) master nodes
272
## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
273
## @param master.startupProbe.periodSeconds Period seconds for startupProbe
274
## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe
275
## @param master.startupProbe.failureThreshold Failure threshold for startupProbe
276
## @param master.startupProbe.successThreshold Success threshold for startupProbe
277
##
278
startupProbe:
279
enabled: false
280
initialDelaySeconds: 20
281
periodSeconds: 5
282
timeoutSeconds: 5
283
successThreshold: 1
284
failureThreshold: 5
285
## @param master.livenessProbe.enabled Enable livenessProbe on Redis(R) master nodes
286
## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
287
## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe
288
## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
289
## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe
290
## @param master.livenessProbe.successThreshold Success threshold for livenessProbe
291
##
292
livenessProbe:
293
enabled: true
294
initialDelaySeconds: 20
295
periodSeconds: 5
296
timeoutSeconds: 5
297
successThreshold: 1
298
failureThreshold: 5
299
## @param master.readinessProbe.enabled Enable readinessProbe on Redis(R) master nodes
300
## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
301
## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe
302
## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
303
## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe
304
## @param master.readinessProbe.successThreshold Success threshold for readinessProbe
305
##
306
readinessProbe:
307
enabled: true
308
initialDelaySeconds: 20
309
periodSeconds: 5
310
timeoutSeconds: 1
311
successThreshold: 1
312
failureThreshold: 5
313
## @param master.customStartupProbe Custom startupProbe that overrides the default one
314
##
315
customStartupProbe: {}
316
## @param master.customLivenessProbe Custom livenessProbe that overrides the default one
317
##
318
customLivenessProbe: {}
319
## @param master.customReadinessProbe Custom readinessProbe that overrides the default one
320
##
321
customReadinessProbe: {}
322
## Redis(R) master resource requests and limits
323
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
324
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
325
##
326
resourcesPreset: "nano"
327
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
328
## Example:
329
## resources:
330
## requests:
331
## cpu: 2
332
## memory: 512Mi
333
## limits:
334
## cpu: 3
335
## memory: 1024Mi
336
##
337
resources: {}
338
## @param master.fips.openssl Configure OpenSSL FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
339
##
340
fips:
341
openssl: ""
342
## Configure Pods Security Context
343
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
344
## @param master.podSecurityContext.enabled Enabled Redis(R) master pods' Security Context
345
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
346
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
347
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
348
## @param master.podSecurityContext.fsGroup Set Redis(R) master pod's Security Context fsGroup
349
##
350
podSecurityContext:
351
enabled: true
352
fsGroupChangePolicy: Always
353
sysctls: []
354
supplementalGroups: []
355
fsGroup: 1001
356
## Configure Container Security Context
357
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
358
## @param master.containerSecurityContext.enabled Enabled Redis(R) master containers' Security Context
359
## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
360
## @param master.containerSecurityContext.runAsUser Set Redis(R) master containers' Security Context runAsUser
361
## @param master.containerSecurityContext.runAsGroup Set Redis(R) master containers' Security Context runAsGroup
362
## @param master.containerSecurityContext.runAsNonRoot Set Redis(R) master containers' Security Context runAsNonRoot
363
## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis(R) pod(s) privileges
364
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
365
## @param master.containerSecurityContext.seccompProfile.type Set Redis(R) master containers' Security Context seccompProfile
366
## @param master.containerSecurityContext.capabilities.drop Set Redis(R) master containers' Security Context capabilities to drop
367
##
368
containerSecurityContext:
369
enabled: true
370
seLinuxOptions: {}
371
runAsUser: 1001
372
runAsGroup: 1001
373
runAsNonRoot: true
374
allowPrivilegeEscalation: false
375
readOnlyRootFilesystem: true
376
seccompProfile:
377
type: RuntimeDefault
378
capabilities:
379
drop: ["ALL"]
380
## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet
381
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
382
##
383
kind: StatefulSet
384
## @param master.schedulerName Alternate scheduler for Redis(R) master pods
385
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
386
##
387
schedulerName: ""
388
## @param master.runtimeClassName Name of the runtime class to be used by master pod(s)
389
##
390
runtimeClassName: ""
391
## @param master.updateStrategy.type Redis(R) master statefulset strategy type
392
## @skip master.updateStrategy.rollingUpdate
393
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
394
##
395
updateStrategy:
396
## StrategyType
397
## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment)
398
##
399
type: RollingUpdate
400
## @param master.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
401
##
402
minReadySeconds: 0
403
## @param master.priorityClassName Redis(R) master pods' priorityClassName
404
##
405
priorityClassName: ""
406
## @param master.automountServiceAccountToken Mount Service Account token in pod
407
##
408
automountServiceAccountToken: false
409
## @param master.hostAliases Redis(R) master pods host aliases
410
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
411
##
412
hostAliases: []
413
## @param master.podLabels Extra labels for Redis(R) master pods
414
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
415
##
416
podLabels: {}
417
## @param master.podAnnotations Annotations for Redis(R) master pods
418
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
419
##
420
podAnnotations: {}
421
## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis(R) master pods
422
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
423
##
424
shareProcessNamespace: false
425
## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
426
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
427
##
428
podAffinityPreset: ""
429
## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
430
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
431
##
432
podAntiAffinityPreset: soft
433
## Node master.affinity preset
434
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
435
##
436
nodeAffinityPreset:
437
## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
438
##
439
type: ""
440
## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set
441
##
442
key: ""
443
## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set
444
## E.g.
445
## values:
446
## - e2e-az1
447
## - e2e-az2
448
##
449
values: []
450
## @param master.affinity Affinity for Redis(R) master pods assignment
451
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
452
## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set
453
##
454
affinity: {}
455
## @param master.nodeSelector Node labels for Redis(R) master pods assignment
456
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
457
##
458
nodeSelector: {}
459
## @param master.tolerations Tolerations for Redis(R) master pods assignment
460
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
461
##
462
tolerations: []
463
## @param master.topologySpreadConstraints Spread Constraints for Redis(R) master pod assignment
464
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
465
## E.g.
466
## topologySpreadConstraints:
467
## - maxSkew: 1
468
## topologyKey: node
469
## whenUnsatisfiable: DoNotSchedule
470
##
471
topologySpreadConstraints: []
472
## @param master.dnsPolicy DNS Policy for Redis(R) master pod
473
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
474
## E.g.
475
## dnsPolicy: ClusterFirst
476
##
477
dnsPolicy: ""
478
## @param master.dnsConfig DNS Configuration for Redis(R) master pod
479
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
480
## E.g.
481
## dnsConfig:
482
## options:
483
## - name: ndots
484
## value: "4"
485
## - name: single-request-reopen
486
##
487
dnsConfig: {}
488
## @param master.lifecycleHooks for the Redis(R) master container(s) to automate configuration before or after startup
489
##
490
lifecycleHooks: {}
491
## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) master pod(s)
492
##
493
extraVolumes: []
494
## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) master container(s)
495
##
496
extraVolumeMounts: []
497
## @param master.sidecars Add additional sidecar containers to the Redis(R) master pod(s)
498
## e.g:
499
## sidecars:
500
## - name: your-image-name
501
## image: your-image
502
## imagePullPolicy: Always
503
## ports:
504
## - name: portname
505
## containerPort: 1234
506
##
507
sidecars: []
508
## @param master.initContainers Add additional init containers to the Redis(R) master pod(s)
509
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
510
## e.g:
511
## initContainers:
512
## - name: your-image-name
513
## image: your-image
514
## imagePullPolicy: Always
515
## command: ['/bin/bash', '-ec', 'echo "hello world"']
516
##
517
initContainers: []
518
## Persistence parameters
519
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
520
##
521
persistence:
522
## @param master.persistence.enabled Enable persistence on Redis(R) master nodes using Persistent Volume Claims
523
##
524
enabled: true
525
## @param master.persistence.medium Provide a medium for `emptyDir` volumes.
526
##
527
medium: ""
528
## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
529
##
530
sizeLimit: ""
531
## @param master.persistence.path The path the volume will be mounted at on Redis(R) master containers
532
## NOTE: Useful when using different Redis(R) images
533
##
534
path: /data
535
## @param master.persistence.subPath The subdirectory of the volume to mount on Redis(R) master containers
536
## NOTE: Useful in dev environments
537
##
538
subPath: ""
539
## @param master.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis(R) master containers
540
##
541
subPathExpr: ""
542
## @param master.persistence.storageClass Persistent Volume storage class
543
## If defined, storageClassName: <storageClass>
544
## If set to "-", storageClassName: "", which disables dynamic provisioning
545
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
546
##
547
storageClass: ""
548
## @param master.persistence.accessModes Persistent Volume access modes
549
##
550
accessModes:
551
- ReadWriteOnce
552
## @param master.persistence.size Persistent Volume size
553
##
554
size: 8Gi
555
## @param master.persistence.annotations Additional custom annotations for the PVC
556
##
557
annotations: {}
558
## @param master.persistence.labels Additional custom labels for the PVC
559
##
560
labels: {}
561
## @param master.persistence.selector Additional labels to match for the PVC
562
## e.g:
563
## selector:
564
## matchLabels:
565
## app: my-app
566
##
567
selector: {}
568
## @param master.persistence.dataSource Custom PVC data source
569
##
570
dataSource: {}
571
## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound
572
## NOTE: requires master.persistence.enabled: true
573
##
574
existingClaim: ""
575
## persistentVolumeClaimRetentionPolicy
576
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
577
## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
578
## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
579
## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
580
##
581
persistentVolumeClaimRetentionPolicy:
582
enabled: false
583
whenScaled: Retain
584
whenDeleted: Retain
585
## Redis(R) master service parameters
586
##
587
service:
588
## @param master.service.type Redis(R) master service type
589
##
590
type: ClusterIP
591
## @param master.service.portNames.redis Redis(R) master service port name
592
##
593
portNames:
594
redis: "tcp-redis"
595
## @param master.service.ports.redis Redis(R) master service port
596
##
597
ports:
598
redis: 6379
599
## @param master.service.nodePorts.redis Node port for Redis(R) master
600
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
601
## NOTE: choose port between <30000-32767>
602
##
603
nodePorts:
604
redis: ""
605
## @param master.service.externalTrafficPolicy Redis(R) master service external traffic policy
606
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
607
##
608
externalTrafficPolicy: Cluster
609
## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
610
##
611
extraPorts: []
612
## @param master.service.internalTrafficPolicy Redis(R) master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
613
## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
614
##
615
internalTrafficPolicy: Cluster
616
## @param master.service.clusterIP Redis(R) master service Cluster IP
617
##
618
clusterIP: ""
619
## @param master.service.loadBalancerIP Redis(R) master service Load Balancer IP
620
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
621
##
622
loadBalancerIP: ""
623
## @param master.service.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
624
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
625
##
626
loadBalancerClass: ""
627
## @param master.service.loadBalancerSourceRanges Redis(R) master service Load Balancer sources
628
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
629
## e.g.
630
## loadBalancerSourceRanges:
631
## - 10.10.10.0/24
632
##
633
loadBalancerSourceRanges: []
634
## @param master.service.externalIPs Redis(R) master service External IPs
635
## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
636
## e.g.
637
## externalIPs:
638
## - 10.10.10.1
639
## - 201.22.30.1
640
##
641
externalIPs: []
642
## @param master.service.annotations Additional custom annotations for Redis(R) master service
643
##
644
annotations: {}
645
## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
646
## If "ClientIP", consecutive client requests will be directed to the same Pod
647
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
648
##
649
sessionAffinity: None
650
## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity. Ignored if `master.service.sessionAffinity` is `None`
651
## sessionAffinityConfig:
652
## clientIP:
653
## timeoutSeconds: 300
654
##
655
sessionAffinityConfig: {}
656
## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods
657
##
658
terminationGracePeriodSeconds: 30
659
## ServiceAccount configuration
660
##
661
serviceAccount:
662
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
663
##
664
create: true
665
## @param master.serviceAccount.name The name of the ServiceAccount to use.
666
## If not set and create is true, a name is generated using the common.names.fullname template
667
##
668
name: ""
669
## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
670
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
671
##
672
automountServiceAccountToken: false
673
## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount
674
##
675
annotations: {}
676
## Pod Disruption Budget configuration
677
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
678
## @param master.pdb.create Enable/disable a Pod Disruption Budget creation
679
## @param master.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled
680
## @param master.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `master.pdb.minAvailable` and `master.pdb.maxUnavailable` are empty.
681
##
682
pdb:
683
create: true
684
minAvailable: ""
685
maxUnavailable: ""
686
## @param master.extraPodSpec Optionally specify extra PodSpec for the Redis(R) master pod(s)
687
##
688
extraPodSpec: {}
689
## @param master.annotations Additional custom annotations for Redis(R) Master resource
690
##
691
annotations: {}
692
## @section Redis(R) replicas configuration parameters
693
##
694
replica:
695
## @param replica.kind Use either DaemonSet or StatefulSet (default)
696
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
697
##
698
kind: StatefulSet
699
## @param replica.replicaCount Number of Redis(R) replicas to deploy
700
##
701
replicaCount: 3
702
## @param replica.revisionHistoryLimit The number of old history to retain to allow rollback
703
## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback
704
revisionHistoryLimit: 10
705
## @param replica.configuration Configuration for Redis(R) replicas nodes
706
## ref: https://redis.io/topics/config
707
##
708
configuration: ""
709
## @param replica.disableCommands Array with Redis(R) commands to disable on replicas nodes
710
## Commands will be completely disabled by renaming each to an empty string.
711
## ref: https://redis.io/topics/security#disabling-of-specific-commands
712
##
713
disableCommands:
714
- FLUSHDB
715
- FLUSHALL
716
## @param replica.command Override default container command (useful when using custom images)
717
##
718
command: []
719
## @param replica.args Override default container args (useful when using custom images)
720
##
721
args: []
722
## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable
723
##
724
enableServiceLinks: true
725
## @param replica.preExecCmds Additional commands to run prior to starting Redis(R) replicas
726
##
727
preExecCmds: []
728
## @param replica.extraFlags Array with additional command line flags for Redis(R) replicas
729
## e.g:
730
## extraFlags:
731
## - "--maxmemory-policy volatile-ttl"
732
## - "--repl-backlog-size 1024mb"
733
##
734
extraFlags: []
735
## @param replica.extraEnvVars Array with extra environment variables to add to Redis(R) replicas nodes
736
## e.g:
737
## extraEnvVars:
738
## - name: FOO
739
## value: "bar"
740
##
741
extraEnvVars: []
742
## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis(R) replicas nodes
743
##
744
extraEnvVarsCM: ""
745
## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis(R) replicas nodes
746
##
747
extraEnvVarsSecret: ""
748
## @param replica.externalMaster.enabled Use external master for bootstrapping
749
## @param replica.externalMaster.host External master host to bootstrap from
750
## @param replica.externalMaster.port Port for Redis service external master host
751
##
752
externalMaster:
753
enabled: false
754
host: ""
755
port: 6379
756
## @param replica.containerPorts.redis Container port to open on Redis(R) replicas nodes
757
##
758
containerPorts:
759
redis: 6379
760
## Configure extra options for Redis(R) containers' liveness and readiness probes
761
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
762
## @param replica.startupProbe.enabled Enable startupProbe on Redis(R) replicas nodes
763
## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
764
## @param replica.startupProbe.periodSeconds Period seconds for startupProbe
765
## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe
766
## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe
767
## @param replica.startupProbe.successThreshold Success threshold for startupProbe
768
##
769
startupProbe:
770
enabled: true
771
initialDelaySeconds: 10
772
periodSeconds: 10
773
timeoutSeconds: 5
774
successThreshold: 1
775
failureThreshold: 22
776
## @param replica.livenessProbe.enabled Enable livenessProbe on Redis(R) replicas nodes
777
## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
778
## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe
779
## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
780
## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe
781
## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe
782
##
783
livenessProbe:
784
enabled: true
785
initialDelaySeconds: 20
786
periodSeconds: 5
787
timeoutSeconds: 5
788
successThreshold: 1
789
failureThreshold: 5
790
## @param replica.readinessProbe.enabled Enable readinessProbe on Redis(R) replicas nodes
791
## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
792
## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe
793
## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
794
## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe
795
## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe
796
##
797
readinessProbe:
798
enabled: true
799
initialDelaySeconds: 20
800
periodSeconds: 5
801
timeoutSeconds: 1
802
successThreshold: 1
803
failureThreshold: 5
804
## @param replica.customStartupProbe Custom startupProbe that overrides the default one
805
##
806
customStartupProbe: {}
807
## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one
808
##
809
customLivenessProbe: {}
810
## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one
811
##
812
customReadinessProbe: {}
813
## Redis(R) replicas resource requests and limits
814
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
815
## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
816
##
817
resourcesPreset: "nano"
818
## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
819
## Example:
820
## resources:
821
## requests:
822
## cpu: 2
823
## memory: 512Mi
824
## limits:
825
## cpu: 3
826
## memory: 1024Mi
827
##
828
resources: {}
829
## @param replica.fips.openssl Configure OpenSSL FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
830
##
831
fips:
832
openssl: ""
833
## Configure Pods Security Context
834
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
835
## @param replica.podSecurityContext.enabled Enabled Redis(R) replicas pods' Security Context
836
## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
837
## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface
838
## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups
839
## @param replica.podSecurityContext.fsGroup Set Redis(R) replicas pod's Security Context fsGroup
840
##
841
podSecurityContext:
842
enabled: true
843
fsGroupChangePolicy: Always
844
sysctls: []
845
supplementalGroups: []
846
fsGroup: 1001
847
## Configure Container Security Context
848
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
849
## @param replica.containerSecurityContext.enabled Enabled Redis(R) replicas containers' Security Context
850
## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
851
## @param replica.containerSecurityContext.runAsUser Set Redis(R) replicas containers' Security Context runAsUser
852
## @param replica.containerSecurityContext.runAsGroup Set Redis(R) replicas containers' Security Context runAsGroup
853
## @param replica.containerSecurityContext.runAsNonRoot Set Redis(R) replicas containers' Security Context runAsNonRoot
854
## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis(R) replicas pod's Security Context allowPrivilegeEscalation
855
## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
856
## @param replica.containerSecurityContext.seccompProfile.type Set Redis(R) replicas containers' Security Context seccompProfile
857
## @param replica.containerSecurityContext.capabilities.drop Set Redis(R) replicas containers' Security Context capabilities to drop
858
##
859
containerSecurityContext:
860
enabled: true
861
seLinuxOptions: {}
862
runAsUser: 1001
863
runAsGroup: 1001
864
runAsNonRoot: true
865
allowPrivilegeEscalation: false
866
readOnlyRootFilesystem: true
867
seccompProfile:
868
type: RuntimeDefault
869
capabilities:
870
drop: ["ALL"]
871
## @param replica.schedulerName Alternate scheduler for Redis(R) replicas pods
872
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
873
##
874
schedulerName: ""
875
## @param replica.runtimeClassName Name of the runtime class to be used by replica pod(s)
876
##
877
runtimeClassName: ""
878
## @param replica.updateStrategy.type Redis(R) replicas statefulset strategy type
879
## @skip replica.updateStrategy.rollingUpdate
880
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
881
##
882
updateStrategy:
883
## StrategyType
884
## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment)
885
##
886
type: RollingUpdate
887
## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
888
##
889
minReadySeconds: 0
890
## @param replica.priorityClassName Redis(R) replicas pods' priorityClassName
891
##
892
priorityClassName: ""
893
## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods
894
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
895
##
896
podManagementPolicy: ""
897
## @param replica.automountServiceAccountToken Mount Service Account token in pod
898
##
899
automountServiceAccountToken: false
900
## @param replica.hostAliases Redis(R) replicas pods host aliases
901
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
902
##
903
hostAliases: []
904
## @param replica.podLabels Extra labels for Redis(R) replicas pods
905
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
906
##
907
podLabels: {}
908
## @param replica.podAnnotations Annotations for Redis(R) replicas pods
909
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
910
##
911
podAnnotations: {}
912
## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis(R) replicas pods
913
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
914
##
915
shareProcessNamespace: false
916
## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
917
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
918
##
919
podAffinityPreset: ""
920
## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
921
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
922
##
923
podAntiAffinityPreset: soft
924
## Node affinity preset
925
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
926
##
927
nodeAffinityPreset:
928
## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
929
##
930
type: ""
931
## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set
932
##
933
key: ""
934
## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set
935
## E.g.
936
## values:
937
## - e2e-az1
938
## - e2e-az2
939
##
940
values: []
941
## @param replica.affinity Affinity for Redis(R) replicas pods assignment
942
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
943
## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set
944
##
945
affinity: {}
946
## @param replica.nodeSelector Node labels for Redis(R) replicas pods assignment
947
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
948
##
949
nodeSelector: {}
950
## @param replica.tolerations Tolerations for Redis(R) replicas pods assignment
951
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
952
##
953
tolerations: []
954
## @param replica.topologySpreadConstraints Spread Constraints for Redis(R) replicas pod assignment
955
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
956
## E.g.
957
## topologySpreadConstraints:
958
## - maxSkew: 1
959
## topologyKey: node
960
## whenUnsatisfiable: DoNotSchedule
961
##
962
topologySpreadConstraints: []
963
## @param replica.dnsPolicy DNS Policy for Redis(R) replica pods
964
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
965
## E.g.
966
## dnsPolicy: ClusterFirst
967
##
968
dnsPolicy: ""
969
## @param replica.dnsConfig DNS Configuration for Redis(R) replica pods
970
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
971
## E.g.
972
## dnsConfig:
973
## options:
974
## - name: ndots
975
## value: "4"
976
## - name: single-request-reopen
977
##
978
dnsConfig: {}
979
## @param replica.lifecycleHooks for the Redis(R) replica container(s) to automate configuration before or after startup
980
##
981
lifecycleHooks: {}
982
## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) replicas pod(s)
983
##
984
extraVolumes: []
985
## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) replicas container(s)
986
##
987
extraVolumeMounts: []
988
## @param replica.sidecars Add additional sidecar containers to the Redis(R) replicas pod(s)
989
## e.g:
990
## sidecars:
991
## - name: your-image-name
992
## image: your-image
993
## imagePullPolicy: Always
994
## ports:
995
## - name: portname
996
## containerPort: 1234
997
##
998
sidecars: []
999
## @param replica.initContainers Add additional init containers to the Redis(R) replicas pod(s)
1000
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1001
## e.g:
1002
## initContainers:
1003
## - name: your-image-name
1004
## image: your-image
1005
## imagePullPolicy: Always
1006
## command: ['/bin/bash', '-c', 'echo "hello world"']
1007
##
1008
initContainers: []
1009
## Persistence Parameters
1010
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1011
##
1012
persistence:
1013
## @param replica.persistence.enabled Enable persistence on Redis(R) replicas nodes using Persistent Volume Claims
1014
##
1015
enabled: true
1016
## @param replica.persistence.medium Provide a medium for `emptyDir` volumes.
1017
##
1018
medium: ""
1019
## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
1020
##
1021
sizeLimit: ""
1022
## @param replica.persistence.path The path the volume will be mounted at on Redis(R) replicas containers
1023
## NOTE: Useful when using different Redis(R) images
1024
##
1025
path: /data
1026
## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis(R) replicas containers
1027
## NOTE: Useful in dev environments
1028
##
1029
subPath: ""
1030
## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis(R) replicas containers
1031
##
1032
subPathExpr: ""
1033
## @param replica.persistence.storageClass Persistent Volume storage class
1034
## If defined, storageClassName: <storageClass>
1035
## If set to "-", storageClassName: "", which disables dynamic provisioning
1036
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
1037
##
1038
storageClass: ""
1039
## @param replica.persistence.accessModes Persistent Volume access modes
1040
##
1041
accessModes:
1042
- ReadWriteOnce
1043
## @param replica.persistence.size Persistent Volume size
1044
##
1045
size: 8Gi
1046
## @param replica.persistence.annotations Additional custom annotations for the PVC
1047
##
1048
annotations: {}
1049
## @param replica.persistence.labels Additional custom labels for the PVC
1050
##
1051
labels: {}
1052
## @param replica.persistence.selector Additional labels to match for the PVC
1053
## e.g:
1054
## selector:
1055
## matchLabels:
1056
## app: my-app
1057
##
1058
selector: {}
1059
## @param replica.persistence.dataSource Custom PVC data source
1060
##
1061
dataSource: {}
1062
## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound
1063
## NOTE: requires replica.persistence.enabled: true
1064
##
1065
existingClaim: ""
1066
## persistentVolumeClaimRetentionPolicy
1067
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1068
## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
1069
## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1070
## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1071
##
1072
persistentVolumeClaimRetentionPolicy:
1073
enabled: false
1074
whenScaled: Retain
1075
whenDeleted: Retain
1076
## Redis(R) replicas service parameters
1077
##
1078
service:
1079
## @param replica.service.type Redis(R) replicas service type
1080
##
1081
type: ClusterIP
1082
## @param replica.service.ports.redis Redis(R) replicas service port
1083
##
1084
ports:
1085
redis: 6379
1086
## @param replica.service.nodePorts.redis Node port for Redis(R) replicas
1087
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1088
## NOTE: choose port between <30000-32767>
1089
##
1090
nodePorts:
1091
redis: ""
1092
## @param replica.service.externalTrafficPolicy Redis(R) replicas service external traffic policy
1093
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1094
##
1095
externalTrafficPolicy: Cluster
1096
## @param replica.service.internalTrafficPolicy Redis(R) replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
1097
## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
1098
##
1099
internalTrafficPolicy: Cluster
1100
## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1101
##
1102
extraPorts: []
1103
## @param replica.service.clusterIP Redis(R) replicas service Cluster IP
1104
##
1105
clusterIP: ""
1106
## @param replica.service.loadBalancerIP Redis(R) replicas service Load Balancer IP
1107
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1108
##
1109
loadBalancerIP: ""
1110
## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1111
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1112
##
1113
loadBalancerClass: ""
1114
## @param replica.service.loadBalancerSourceRanges Redis(R) replicas service Load Balancer sources
1115
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1116
## e.g.
1117
## loadBalancerSourceRanges:
1118
## - 10.10.10.0/24
1119
##
1120
loadBalancerSourceRanges: []
1121
## @param replica.service.annotations Additional custom annotations for Redis(R) replicas service
1122
##
1123
annotations: {}
1124
## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1125
## If "ClientIP", consecutive client requests will be directed to the same Pod
1126
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1127
##
1128
sessionAffinity: None
1129
## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity. Ignored if `replica.service.sessionAffinity` is `None`
1130
## sessionAffinityConfig:
1131
## clientIP:
1132
## timeoutSeconds: 300
1133
##
1134
sessionAffinityConfig: {}
1135
## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods
1136
##
1137
terminationGracePeriodSeconds: 30
1138
## Autoscaling configuration
1139
##
1140
autoscaling:
1141
## @param replica.autoscaling.enabled Enable replica autoscaling settings
1142
##
1143
enabled: false
1144
## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling
1145
##
1146
minReplicas: 1
1147
## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling
1148
##
1149
maxReplicas: 11
1150
## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling
1151
##
1152
targetCPU: ""
1153
## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling
1154
##
1155
targetMemory: ""
1156
## ServiceAccount configuration
1157
##
1158
serviceAccount:
1159
## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created
1160
##
1161
create: true
1162
## @param replica.serviceAccount.name The name of the ServiceAccount to use.
1163
## If not set and create is true, a name is generated using the common.names.fullname template
1164
##
1165
name: ""
1166
## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
1167
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
1168
##
1169
automountServiceAccountToken: false
1170
## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount
1171
##
1172
annotations: {}
1173
## Pod Disruption Budget configuration
1174
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1175
## @param replica.pdb.create Enable/disable a Pod Disruption Budget creation
1176
## @param replica.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled
1177
## @param replica.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty.
1178
##
1179
pdb:
1180
create: true
1181
minAvailable: ""
1182
maxUnavailable: ""
1183
## @param replica.extraPodSpec Optionally specify extra PodSpec for the Redis(R) replicas pod(s)
1184
##
1185
extraPodSpec: {}
1186
## @param replica.annotations Additional custom annotations for Redis(R) replicas resource
1187
##
1188
annotations: {}
1189
## @section Redis(R) Sentinel configuration parameters
1190
##
1191
1192
sentinel:
1193
## @param sentinel.enabled Use Redis(R) Sentinel on Redis(R) pods.
1194
## IMPORTANT: this will disable the master and replicas services and
1195
## create a single Redis(R) service exposing both the Redis and Sentinel ports
1196
##
1197
enabled: false
1198
## Iamguarded Redis(R) Sentinel image version
1199
## @param sentinel.image.registry [default: REGISTRY_NAME] Redis(R) Sentinel image registry
1200
## @param sentinel.image.repository [default: REPOSITORY_NAME/redis-sentinel] Redis(R) Sentinel image repository
1201
## @skip sentinel.image.tag Redis(R) Sentinel image tag (immutable tags are recommended)
1202
## @param sentinel.image.digest Redis(R) Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1203
## @param sentinel.image.pullPolicy Redis(R) Sentinel image pull policy
1204
## @param sentinel.image.pullSecrets Redis(R) Sentinel image pull secrets
1205
## @param sentinel.image.debug Enable image debug mode
1206
##
1207
image:
1208
registry: cgr.dev
1209
repository: chainguard-private/redis-sentinel-iamguarded
1210
tag: 8.6.2
1211
digest: ""
1212
## Specify a imagePullPolicy
1213
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1214
##
1215
pullPolicy: IfNotPresent
1216
## Optionally specify an array of imagePullSecrets.
1217
## Secrets must be manually created in the namespace.
1218
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1219
## e.g:
1220
## pullSecrets:
1221
## - myRegistryKeySecretName
1222
##
1223
pullSecrets: []
1224
## Enable debug mode
1225
##
1226
debug: false
1227
## @param sentinel.annotations Additional custom annotations for Redis(R) Sentinel resource
1228
##
1229
annotations: {}
1230
## @param sentinel.masterSet Master set name
1231
##
1232
masterSet: mymaster
1233
## @param sentinel.quorum Sentinel Quorum
1234
##
1235
quorum: 2
1236
## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out.
1237
##
1238
getMasterTimeout: 90
1239
## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it.
1240
## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data.
1241
## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000.
1242
##
1243
automateClusterRecovery: false
1244
## @param sentinel.redisShutdownWaitFailover Whether the Redis(R) master container waits for the failover at shutdown (in addition to the Redis(R) Sentinel container).
1245
##
1246
redisShutdownWaitFailover: true
1247
## Sentinel timing restrictions
1248
## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis(R) node is down
1249
## @param sentinel.failoverTimeout Timeout for performing a election failover
1250
##
1251
downAfterMilliseconds: 60000
1252
failoverTimeout: 180000
1253
## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover
1254
##
1255
parallelSyncs: 1
1256
## @param sentinel.replicaSyncCheck Wait for data full sync on replicas before marking them as ready (experimental)
1257
##
1258
replicaSyncCheck: false
1259
## @param sentinel.configuration Configuration for Redis(R) Sentinel nodes
1260
## ref: https://redis.io/topics/sentinel
1261
##
1262
configuration: ""
1263
## @param sentinel.command Override default container command (useful when using custom images)
1264
##
1265
command: []
1266
## @param sentinel.args Override default container args (useful when using custom images)
1267
##
1268
args: []
1269
## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable
1270
##
1271
enableServiceLinks: true
1272
## @param sentinel.preExecCmds Additional commands to run prior to starting Redis(R) Sentinel
1273
##
1274
preExecCmds: []
1275
## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis(R) Sentinel nodes
1276
## e.g:
1277
## extraEnvVars:
1278
## - name: FOO
1279
## value: "bar"
1280
##
1281
extraEnvVars: []
1282
## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis(R) Sentinel nodes
1283
##
1284
extraEnvVarsCM: ""
1285
## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis(R) Sentinel nodes
1286
##
1287
extraEnvVarsSecret: ""
1288
## @param sentinel.externalMaster.enabled Use external master for bootstrapping
1289
## @param sentinel.externalMaster.host External master host to bootstrap from
1290
## @param sentinel.externalMaster.port Port for Redis service external master host
1291
##
1292
externalMaster:
1293
enabled: false
1294
host: ""
1295
port: 6379
1296
## @param sentinel.containerPorts.sentinel Container port to open on Redis(R) Sentinel nodes
1297
##
1298
containerPorts:
1299
sentinel: 26379
1300
## Configure extra options for Redis(R) containers' liveness and readiness probes
1301
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1302
## @param sentinel.startupProbe.enabled Enable startupProbe on Redis(R) Sentinel nodes
1303
## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1304
## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe
1305
## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1306
## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe
1307
## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe
1308
##
1309
startupProbe:
1310
enabled: true
1311
initialDelaySeconds: 10
1312
periodSeconds: 10
1313
timeoutSeconds: 5
1314
successThreshold: 1
1315
failureThreshold: 22
1316
## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis(R) Sentinel nodes
1317
## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1318
## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe
1319
## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1320
## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe
1321
## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe
1322
##
1323
livenessProbe:
1324
enabled: true
1325
initialDelaySeconds: 20
1326
periodSeconds: 10
1327
timeoutSeconds: 5
1328
successThreshold: 1
1329
failureThreshold: 6
1330
## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis(R) Sentinel nodes
1331
## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1332
## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe
1333
## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1334
## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe
1335
## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe
1336
##
1337
readinessProbe:
1338
enabled: true
1339
initialDelaySeconds: 20
1340
periodSeconds: 5
1341
timeoutSeconds: 1
1342
successThreshold: 1
1343
failureThreshold: 6
1344
## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one
1345
##
1346
customStartupProbe: {}
1347
## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one
1348
##
1349
customLivenessProbe: {}
1350
## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one
1351
##
1352
customReadinessProbe: {}
1353
## Persistence parameters
1354
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1355
##
1356
persistence:
1357
## @param sentinel.persistence.enabled Enable persistence on Redis(R) sentinel nodes using Persistent Volume Claims (Experimental)
1358
##
1359
enabled: false
1360
## @param sentinel.persistence.storageClass Persistent Volume storage class
1361
## If defined, storageClassName: <storageClass>
1362
## If set to "-", storageClassName: "", which disables dynamic provisioning
1363
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
1364
##
1365
storageClass: ""
1366
## @param sentinel.persistence.accessModes Persistent Volume access modes
1367
##
1368
accessModes:
1369
- ReadWriteOnce
1370
## @param sentinel.persistence.size Persistent Volume size
1371
##
1372
size: 100Mi
1373
## @param sentinel.persistence.annotations Additional custom annotations for the PVC
1374
##
1375
annotations: {}
1376
## @param sentinel.persistence.labels Additional custom labels for the PVC
1377
##
1378
labels: {}
1379
## @param sentinel.persistence.selector Additional labels to match for the PVC
1380
## e.g:
1381
## selector:
1382
## matchLabels:
1383
## app: my-app
1384
##
1385
selector: {}
1386
## @param sentinel.persistence.dataSource Custom PVC data source
1387
##
1388
dataSource: {}
1389
## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes.
1390
##
1391
medium: ""
1392
## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
1393
##
1394
sizeLimit: ""
1395
## persistentVolumeClaimRetentionPolicy
1396
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1397
## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
1398
## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1399
## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1400
##
1401
persistentVolumeClaimRetentionPolicy:
1402
enabled: false
1403
whenScaled: Retain
1404
whenDeleted: Retain
1405
## Redis(R) Sentinel resource requests and limits
1406
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1407
## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
1408
##
1409
resourcesPreset: "nano"
1410
## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1411
## Example:
1412
## resources:
1413
## requests:
1414
## cpu: 2
1415
## memory: 512Mi
1416
## limits:
1417
## cpu: 3
1418
## memory: 1024Mi
1419
##
1420
resources: {}
1421
## @param sentinel.fips.openssl Configure OpenSSL FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
1422
##
1423
fips:
1424
openssl: ""
1425
## Configure Container Security Context
1426
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1427
## @param sentinel.containerSecurityContext.enabled Enabled Redis(R) Sentinel containers' Security Context
1428
## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1429
## @param sentinel.containerSecurityContext.runAsUser Set Redis(R) Sentinel containers' Security Context runAsUser
1430
## @param sentinel.containerSecurityContext.runAsGroup Set Redis(R) Sentinel containers' Security Context runAsGroup
1431
## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis(R) Sentinel containers' Security Context runAsNonRoot
1432
## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
1433
## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis(R) Sentinel containers' Security Context allowPrivilegeEscalation
1434
## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis(R) Sentinel containers' Security Context seccompProfile
1435
## @param sentinel.containerSecurityContext.capabilities.drop Set Redis(R) Sentinel containers' Security Context capabilities to drop
1436
##
1437
containerSecurityContext:
1438
enabled: true
1439
seLinuxOptions: {}
1440
runAsUser: 1001
1441
runAsGroup: 1001
1442
runAsNonRoot: true
1443
allowPrivilegeEscalation: false
1444
readOnlyRootFilesystem: true
1445
seccompProfile:
1446
type: RuntimeDefault
1447
capabilities:
1448
drop: ["ALL"]
1449
## @param sentinel.lifecycleHooks for the Redis(R) sentinel container(s) to automate configuration before or after startup
1450
##
1451
lifecycleHooks: {}
1452
## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) Sentinel
1453
##
1454
extraVolumes: []
1455
## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) Sentinel container(s)
1456
##
1457
extraVolumeMounts: []
1458
## Redis(R) Sentinel service parameters
1459
## Note: values passed in this section also configure the master service, unless the sentinel.masterService is explicitly overridden.
1460
service:
1461
## @param sentinel.service.type Redis(R) Sentinel service type
1462
##
1463
type: ClusterIP
1464
## @param sentinel.service.ports.redis Redis(R) service port for Redis(R)
1465
## @param sentinel.service.ports.sentinel Redis(R) service port for Redis(R) Sentinel
1466
##
1467
ports:
1468
redis: 6379
1469
sentinel: 26379
1470
## @param sentinel.service.nodePorts.redis Node port for Redis(R)
1471
## @param sentinel.service.nodePorts.sentinel Node port for Sentinel
1472
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1473
## NOTE: choose port between <30000-32767>
1474
## NOTE: By leaving these values blank, they will be generated by ports-configmap
1475
## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port
1476
##
1477
nodePorts:
1478
redis: ""
1479
sentinel: ""
1480
## @param sentinel.service.externalTrafficPolicy Redis(R) Sentinel service external traffic policy
1481
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1482
##
1483
externalTrafficPolicy: Cluster
1484
## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1485
##
1486
extraPorts: []
1487
## @param sentinel.service.clusterIP Redis(R) Sentinel service Cluster IP
1488
##
1489
clusterIP: ""
1490
## @param sentinel.service.createMaster Enable master service pointing to the current master (experimental)
1491
## NOTE: rbac.create need to be set to true
1492
##
1493
createMaster: false
1494
## @param sentinel.service.loadBalancerIP Redis(R) Sentinel service Load Balancer IP
1495
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1496
##
1497
loadBalancerIP: ""
1498
## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1499
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1500
##
1501
loadBalancerClass: ""
1502
## @param sentinel.service.loadBalancerSourceRanges Redis(R) Sentinel service Load Balancer sources
1503
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1504
## e.g.
1505
## loadBalancerSourceRanges:
1506
## - 10.10.10.0/24
1507
##
1508
loadBalancerSourceRanges: []
1509
## @param sentinel.service.annotations Additional custom annotations for Redis(R) Sentinel service
1510
##
1511
annotations: {}
1512
## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1513
## If "ClientIP", consecutive client requests will be directed to the same Pod
1514
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1515
##
1516
sessionAffinity: None
1517
## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity. Ignored if `sentinel.service.sessionAffinity` is `None`
1518
## sessionAffinityConfig:
1519
## clientIP:
1520
## timeoutSeconds: 300
1521
##
1522
sessionAffinityConfig: {}
1523
## Headless service properties
1524
##
1525
headless:
1526
## @param sentinel.service.headless.annotations Annotations for the headless service.
1527
##
1528
annotations: {}
1529
## @param sentinel.service.headless.extraPorts Optionally specify extra ports to expose for the headless service.
1530
## Example:
1531
## extraPorts:
1532
## - name: my-custom-port
1533
## port: 12345
1534
## protocol: TCP
1535
## targetPort: 12345
1536
##
1537
extraPorts: []
1538
## Redis(R) master service parameters
1539
##
1540
masterService:
1541
## @param sentinel.masterService.enabled Enable master service pointing to the current master (experimental)
1542
## NOTE: rbac.create need to be set to true
1543
##
1544
enabled: false
1545
## @param sentinel.masterService.type Redis(R) Sentinel master service type
1546
##
1547
type: ClusterIP
1548
## @param sentinel.masterService.ports.redis Redis(R) service port for Redis(R)
1549
##
1550
ports:
1551
redis: 6379
1552
## @param sentinel.masterService.nodePorts.redis Node port for Redis(R)
1553
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1554
## NOTE: choose port between <30000-32767>
1555
## NOTE: By leaving these values blank, they will be generated by ports-configmap
1556
## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port
1557
##
1558
nodePorts:
1559
redis: ""
1560
## @param sentinel.masterService.externalTrafficPolicy Redis(R) master service external traffic policy
1561
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1562
##
1563
externalTrafficPolicy: ""
1564
## @param sentinel.masterService.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1565
##
1566
extraPorts: []
1567
## @param sentinel.masterService.clusterIP Redis(R) master service Cluster IP
1568
##
1569
clusterIP: ""
1570
## @param sentinel.masterService.loadBalancerIP Redis(R) master service Load Balancer IP
1571
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1572
##
1573
loadBalancerIP: ""
1574
## @param sentinel.masterService.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1575
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1576
##
1577
loadBalancerClass: ""
1578
## @param sentinel.masterService.loadBalancerSourceRanges Redis(R) master service Load Balancer sources
1579
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1580
## e.g.
1581
## loadBalancerSourceRanges:
1582
## - 10.10.10.0/24
1583
##
1584
loadBalancerSourceRanges: []
1585
## @param sentinel.masterService.annotations Additional custom annotations for Redis(R) master service
1586
##
1587
annotations: {}
1588
## @param sentinel.masterService.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1589
## If "ClientIP", consecutive client requests will be directed to the same Pod
1590
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1591
##
1592
sessionAffinity: None
1593
## @param sentinel.masterService.sessionAffinityConfig Additional settings for the sessionAffinity. Ignored if `sentinel.masterService.sessionAffinity` is `None`
1594
## sessionAffinityConfig:
1595
## clientIP:
1596
## timeoutSeconds: 300
1597
##
1598
sessionAffinityConfig: {}
1599
## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods
1600
##
1601
terminationGracePeriodSeconds: 30
1602
## @param sentinel.extraPodSpec Optionally specify extra PodSpec for the Redis(R) Sentinel pod(s)
1603
##
1604
extraPodSpec: {}
1605
externalAccess:
1606
## @param sentinel.externalAccess.enabled Enable external access to the Redis
1607
##
1608
enabled: false
1609
service:
1610
## @param sentinel.externalAccess.service.type Type for the services used to expose every Pod
1611
## At this moment only LoadBalancer is supported
1612
##
1613
type: LoadBalancer
1614
## @param sentinel.externalAccess.service.redisPort Port for the services used to expose redis-server
1615
##
1616
redisPort: 6379
1617
## @param sentinel.externalAccess.service.sentinelPort Port for the services used to expose redis-sentinel
1618
##
1619
sentinelPort: 26379
1620
## @param sentinel.externalAccess.service.loadBalancerIPs Array of load balancer IPs for each Redis(R) node. Length must be the same as sentinel.replicaCount
1621
##
1622
loadBalancerIPs: []
1623
## @param sentinel.externalAccess.service.loadBalancerClass Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1624
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1625
##
1626
loadBalancerClass: ""
1627
## @param sentinel.externalAccess.service.loadBalancerSourceRanges Service Load Balancer sources
1628
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1629
## e.g:
1630
## loadBalancerSourceRanges:
1631
## - 10.10.10.0/24
1632
##
1633
loadBalancerSourceRanges: []
1634
## @param sentinel.externalAccess.service.annotations Annotations to add to the services used to expose every Pod of the Redis(R) Cluster
1635
##
1636
annotations: {}
1637
## @param sentinel.externalAccess.service.loadBalancerIPAnnotation Name of annotation to specify fixed IP for the LoadBalancer service
1638
##
1639
loadBalancerIPAnnotation: ""
1640
## @section Other Parameters
1641
1642
## @param serviceBindings.enabled Create secret for service binding (Experimental)
1643
## Ref: https://servicebinding.io/service-provider/
1644
##
1645
serviceBindings:
1646
enabled: false
1647
## Network Policy configuration
1648
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1649
##
1650
networkPolicy:
1651
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
1652
##
1653
enabled: true
1654
## @param networkPolicy.allowExternal Don't require client label for connections
1655
## When set to false, only pods with the correct client label will have network access to the ports
1656
## Redis(R) is listening on. When true, Redis(R) will accept connections from any source
1657
## (with the correct destination port).
1658
##
1659
allowExternal: true
1660
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1661
##
1662
allowExternalEgress: true
1663
## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
1664
## e.g:
1665
## extraIngress:
1666
## - ports:
1667
## - port: 1234
1668
## from:
1669
## - podSelector:
1670
## - matchLabels:
1671
## - role: frontend
1672
## - podSelector:
1673
## - matchExpressions:
1674
## - key: role
1675
## operator: In
1676
## values:
1677
## - frontend
1678
##
1679
extraIngress: []
1680
## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy
1681
## e.g:
1682
## extraEgress:
1683
## - ports:
1684
## - port: 1234
1685
## to:
1686
## - podSelector:
1687
## - matchLabels:
1688
## - role: frontend
1689
## - podSelector:
1690
## - matchExpressions:
1691
## - key: role
1692
## operator: In
1693
## values:
1694
## - frontend
1695
##
1696
extraEgress: []
1697
## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces
1698
## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces
1699
##
1700
ingressNSMatchLabels: {}
1701
ingressNSPodMatchLabels: {}
1702
metrics:
1703
## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint
1704
## When set to false, only pods with the correct client label will have network access to the metrics port
1705
##
1706
allowExternal: true
1707
## @param networkPolicy.metrics.ingressNSMatchLabels Labels to match to allow traffic from other namespaces to metrics endpoint
1708
## @param networkPolicy.metrics.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces to metrics endpoint
1709
##
1710
ingressNSMatchLabels: {}
1711
ingressNSPodMatchLabels: {}
1712
## PodSecurityPolicy configuration
1713
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1714
##
1715
podSecurityPolicy:
1716
## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
1717
##
1718
create: false
1719
## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules
1720
##
1721
enabled: false
1722
## RBAC configuration
1723
##
1724
rbac:
1725
## @param rbac.create Specifies whether RBAC resources should be created
1726
##
1727
create: false
1728
## @param rbac.rules Custom RBAC rules to set
1729
## e.g:
1730
## rules:
1731
## - apiGroups:
1732
## - ""
1733
## resources:
1734
## - pods
1735
## verbs:
1736
## - get
1737
## - list
1738
##
1739
rules: []
1740
## ServiceAccount configuration
1741
##
1742
serviceAccount:
1743
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
1744
##
1745
create: true
1746
## @param serviceAccount.name The name of the ServiceAccount to use.
1747
## If not set and create is true, a name is generated using the common.names.fullname template
1748
##
1749
name: ""
1750
## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
1751
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
1752
##
1753
automountServiceAccountToken: false
1754
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
1755
##
1756
annotations: {}
1757
## Redis(R) Pod Disruption Budget configuration
1758
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1759
## @param pdb DEPRECATED Please use `master.pdb` and `replica.pdb` values instead
1760
##
1761
pdb: {}
1762
## TLS configuration
1763
##
1764
tls:
1765
## @param tls.enabled Enable TLS traffic
1766
##
1767
enabled: false
1768
## @param tls.authClients Require clients to authenticate
1769
##
1770
authClients: true
1771
## @param tls.autoGenerated Enable autogenerated certificates
1772
##
1773
autoGenerated: false
1774
## @param tls.existingSecret The name of the existing secret that contains the TLS certificates
1775
##
1776
existingSecret: ""
1777
## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead.
1778
##
1779
certificatesSecret: ""
1780
## @param tls.certFilename Certificate filename
1781
##
1782
certFilename: ""
1783
## @param tls.certKeyFilename Certificate Key filename
1784
##
1785
certKeyFilename: ""
1786
## @param tls.certCAFilename CA Certificate filename
1787
##
1788
certCAFilename: ""
1789
## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers)
1790
##
1791
dhParamsFilename: ""
1792
## @section Metrics Parameters
1793
##
1794
metrics:
1795
## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis(R) metrics
1796
##
1797
enabled: false
1798
## Iamguarded Redis(R) Exporter image
1799
## @param metrics.image.registry [default: REGISTRY_NAME] Redis(R) Exporter image registry
1800
## @param metrics.image.repository [default: REPOSITORY_NAME/redis-exporter] Redis(R) Exporter image repository
1801
## @skip metrics.image.tag Redis(R) Exporter image tag (immutable tags are recommended)
1802
## @param metrics.image.digest Redis(R) Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1803
## @param metrics.image.pullPolicy Redis(R) Exporter image pull policy
1804
## @param metrics.image.pullSecrets Redis(R) Exporter image pull secrets
1805
##
1806
image:
1807
registry: cgr.dev
1808
repository: chainguard-private/prometheus-redis-exporter-iamguarded
1809
tag: 1.82.0
1810
digest: ""
1811
pullPolicy: IfNotPresent
1812
## Optionally specify an array of imagePullSecrets.
1813
## Secrets must be manually created in the namespace.
1814
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1815
## e.g:
1816
## pullSecrets:
1817
## - myRegistryKeySecretName
1818
##
1819
pullSecrets: []
1820
## @param metrics.containerPorts.http Metrics HTTP container port
1821
##
1822
containerPorts:
1823
http: 9121
1824
## Configure extra options for Redis(R) containers' liveness, readiness & startup probes
1825
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1826
## @param metrics.startupProbe.enabled Enable startupProbe on Redis(R) replicas nodes
1827
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1828
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
1829
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1830
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
1831
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
1832
##
1833
startupProbe:
1834
enabled: false
1835
initialDelaySeconds: 10
1836
periodSeconds: 10
1837
timeoutSeconds: 5
1838
successThreshold: 1
1839
failureThreshold: 5
1840
## @param metrics.livenessProbe.enabled Enable livenessProbe on Redis(R) replicas nodes
1841
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1842
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
1843
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1844
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
1845
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
1846
##
1847
livenessProbe:
1848
enabled: true
1849
initialDelaySeconds: 10
1850
periodSeconds: 10
1851
timeoutSeconds: 5
1852
successThreshold: 1
1853
failureThreshold: 5
1854
## @param metrics.readinessProbe.enabled Enable readinessProbe on Redis(R) replicas nodes
1855
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1856
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
1857
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1858
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
1859
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
1860
##
1861
readinessProbe:
1862
enabled: true
1863
initialDelaySeconds: 5
1864
periodSeconds: 10
1865
timeoutSeconds: 1
1866
successThreshold: 1
1867
failureThreshold: 3
1868
## @param metrics.customStartupProbe Custom startupProbe that overrides the default one
1869
##
1870
customStartupProbe: {}
1871
## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one
1872
##
1873
customLivenessProbe: {}
1874
## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one
1875
##
1876
customReadinessProbe: {}
1877
## @param metrics.command Override default metrics container init command (useful when using custom images)
1878
##
1879
command: []
1880
## @param metrics.redisTargetHost A way to specify an alternative Redis(R) hostname
1881
## Useful for certificate CN/SAN matching
1882
##
1883
redisTargetHost: "localhost"
1884
## @param metrics.extraArgs Extra arguments for Redis(R) exporter, for example:
1885
## e.g.:
1886
## extraArgs:
1887
## check-keys: myKey,myOtherKey
1888
##
1889
extraArgs: {}
1890
## @param metrics.extraEnvVars Array with extra environment variables to add to Redis(R) exporter
1891
## e.g:
1892
## extraEnvVars:
1893
## - name: FOO
1894
## value: "bar"
1895
##
1896
extraEnvVars: []
1897
## Configure Container Security Context
1898
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1899
## @param metrics.containerSecurityContext.enabled Enabled Redis(R) exporter containers' Security Context
1900
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1901
## @param metrics.containerSecurityContext.runAsUser Set Redis(R) exporter containers' Security Context runAsUser
1902
## @param metrics.containerSecurityContext.runAsGroup Set Redis(R) exporter containers' Security Context runAsGroup
1903
## @param metrics.containerSecurityContext.runAsNonRoot Set Redis(R) exporter containers' Security Context runAsNonRoot
1904
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis(R) exporter containers' Security Context allowPrivilegeEscalation
1905
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
1906
## @param metrics.containerSecurityContext.seccompProfile.type Set Redis(R) exporter containers' Security Context seccompProfile
1907
## @param metrics.containerSecurityContext.capabilities.drop Set Redis(R) exporter containers' Security Context capabilities to drop
1908
##
1909
containerSecurityContext:
1910
enabled: true
1911
seLinuxOptions: {}
1912
runAsUser: 1001
1913
runAsGroup: 1001
1914
runAsNonRoot: true
1915
allowPrivilegeEscalation: false
1916
readOnlyRootFilesystem: true
1917
seccompProfile:
1918
type: RuntimeDefault
1919
capabilities:
1920
drop: ["ALL"]
1921
## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) metrics sidecar
1922
##
1923
extraVolumes: []
1924
## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) metrics sidecar
1925
##
1926
extraVolumeMounts: []
1927
## Redis(R) exporter resource requests and limits
1928
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1929
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
1930
##
1931
resourcesPreset: "nano"
1932
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1933
## Example:
1934
## resources:
1935
## requests:
1936
## cpu: 2
1937
## memory: 512Mi
1938
## limits:
1939
## cpu: 3
1940
## memory: 1024Mi
1941
##
1942
resources: {}
1943
## @param metrics.fips.openssl Configure OpenSSL FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
1944
## @param metrics.fips.golang Configure Golang FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
1945
##
1946
fips:
1947
openssl: ""
1948
golang: restricted
1949
## @param metrics.podLabels Extra labels for Redis(R) exporter pods
1950
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1951
##
1952
podLabels: {}
1953
## @param metrics.podAnnotations [object] Annotations for Redis(R) exporter pods
1954
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1955
##
1956
podAnnotations:
1957
prometheus.io/scrape: "true"
1958
prometheus.io/port: "9121"
1959
## Redis(R) exporter service parameters
1960
##
1961
service:
1962
## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor
1963
##
1964
enabled: true
1965
## @param metrics.service.type Redis(R) exporter service type
1966
##
1967
type: ClusterIP
1968
## @param metrics.service.ports.http Redis(R) exporter service port
1969
##
1970
ports:
1971
http: 9121
1972
## @param metrics.service.externalTrafficPolicy Redis(R) exporter service external traffic policy
1973
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1974
##
1975
externalTrafficPolicy: Cluster
1976
## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1977
##
1978
extraPorts: []
1979
## @param metrics.service.loadBalancerIP Redis(R) exporter service Load Balancer IP
1980
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1981
##
1982
loadBalancerIP: ""
1983
## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1984
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1985
##
1986
loadBalancerClass: ""
1987
## @param metrics.service.loadBalancerSourceRanges Redis(R) exporter service Load Balancer sources
1988
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1989
## e.g.
1990
## loadBalancerSourceRanges:
1991
## - 10.10.10.0/24
1992
##
1993
loadBalancerSourceRanges: []
1994
## @param metrics.service.annotations Additional custom annotations for Redis(R) exporter service
1995
##
1996
annotations: {}
1997
## @param metrics.service.clusterIP Redis(R) exporter service Cluster IP
1998
##
1999
clusterIP: ""
2000
## Prometheus Service Monitor
2001
## ref: https://github.com/coreos/prometheus-operator
2002
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2003
##
2004
serviceMonitor:
2005
## @param metrics.serviceMonitor.port the service port to scrape metrics from
2006
##
2007
port: http-metrics
2008
## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
2009
##
2010
enabled: false
2011
## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created
2012
##
2013
namespace: ""
2014
## @param metrics.serviceMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus
2015
##
2016
tlsConfig: {}
2017
## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped
2018
##
2019
interval: 30s
2020
## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
2021
##
2022
scrapeTimeout: ""
2023
## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
2024
##
2025
relabelings: []
2026
## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead.
2027
##
2028
relabellings: []
2029
## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
2030
##
2031
metricRelabelings: []
2032
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
2033
##
2034
honorLabels: false
2035
## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus
2036
##
2037
additionalLabels: {}
2038
## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
2039
##
2040
podTargetLabels: []
2041
## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod
2042
##
2043
sampleLimit: false
2044
## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped
2045
##
2046
targetLimit: false
2047
## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel)
2048
##
2049
additionalEndpoints: []
2050
# uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Redis container metrics
2051
# add metricRelabelings with label like app=redis to main redis pod-monitor port
2052
# - interval: "30s"
2053
# path: "/scrape"
2054
# port: "http-metrics"
2055
# params:
2056
# target: ["localhost:26379"]
2057
# metricRelabelings:
2058
# - targetLabel: "app"
2059
# replacement: "sentinel"
2060
## Prometheus Pod Monitor
2061
## ref: https://github.com/coreos/prometheus-operator
2062
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor
2063
##
2064
podMonitor:
2065
## @param metrics.podMonitor.port the pod port to scrape metrics from
2066
##
2067
port: metrics
2068
## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator
2069
##
2070
enabled: false
2071
## @param metrics.podMonitor.namespace The namespace in which the PodMonitor will be created
2072
##
2073
namespace: ""
2074
## @param metrics.podMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus
2075
##
2076
tlsConfig: {}
2077
## @param metrics.podMonitor.interval The interval at which metrics should be scraped
2078
##
2079
interval: 30s
2080
## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended
2081
##
2082
scrapeTimeout: ""
2083
## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
2084
##
2085
relabelings: []
2086
## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead.
2087
##
2088
relabellings: []
2089
## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
2090
##
2091
metricRelabelings: []
2092
# - targetLabel: "app"
2093
# replacement: "redis"
2094
## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
2095
##
2096
honorLabels: false
2097
## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus
2098
##
2099
additionalLabels: {}
2100
## @param metrics.podMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
2101
##
2102
podTargetLabels: []
2103
## @param metrics.podMonitor.sampleLimit Limit of how many samples should be scraped from every Pod
2104
##
2105
sampleLimit: false
2106
## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped
2107
##
2108
targetLimit: false
2109
## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel)
2110
##
2111
additionalEndpoints: []
2112
# - interval: "30s"
2113
# path: "/scrape"
2114
# port: "metrics"
2115
# params:
2116
# target: ["localhost:26379"]
2117
# metricRelabelings:
2118
# - targetLabel: "app"
2119
# replacement: "sentinel"
2120
## Custom PrometheusRule to be defined
2121
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
2122
##
2123
prometheusRule:
2124
## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator
2125
##
2126
enabled: false
2127
## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created
2128
##
2129
namespace: ""
2130
## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule
2131
##
2132
additionalLabels: {}
2133
## @param metrics.prometheusRule.rules Custom Prometheus rules
2134
## e.g:
2135
## rules:
2136
## - alert: RedisDown
2137
## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0
2138
## for: 2m
2139
## labels:
2140
## severity: error
2141
## annotations:
2142
## summary: Redis(R) instance {{ "{{ $labels.instance }}" }} down
2143
## description: Redis(R) instance {{ "{{ $labels.instance }}" }} is down
2144
## - alert: RedisMemoryHigh
2145
## expr: >
2146
## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100
2147
## /
2148
## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"}
2149
## > 90
2150
## for: 2m
2151
## labels:
2152
## severity: error
2153
## annotations:
2154
## summary: Redis(R) instance {{ "{{ $labels.instance }}" }} is using too much memory
2155
## description: |
2156
## Redis(R) instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory.
2157
## - alert: RedisKeyEviction
2158
## expr: |
2159
## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0
2160
## for: 1s
2161
## labels:
2162
## severity: error
2163
## annotations:
2164
## summary: Redis(R) instance {{ "{{ $labels.instance }}" }} has evicted keys
2165
## description: |
2166
## Redis(R) instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
2167
##
2168
rules: []
2169
## @section Init Container Parameters
2170
##
2171
2172
## 'volumePermissions' init container parameters
2173
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
2174
## based on the *podSecurityContext/*containerSecurityContext parameters
2175
##
2176
volumePermissions:
2177
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
2178
##
2179
enabled: false
2180
## OS Shell + Utility image
2181
## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
2182
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
2183
## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
2184
## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2185
## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
2186
## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
2187
##
2188
image:
2189
registry: cgr.dev
2190
repository: chainguard-private/os-shell-iamguarded
2191
tag: 1.0.0
2192
digest: ""
2193
pullPolicy: IfNotPresent
2194
## Optionally specify an array of imagePullSecrets.
2195
## Secrets must be manually created in the namespace.
2196
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2197
## e.g:
2198
## pullSecrets:
2199
## - myRegistryKeySecretName
2200
##
2201
pullSecrets: []
2202
## Init container's resource requests and limits
2203
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2204
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
2205
##
2206
resourcesPreset: "nano"
2207
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2208
## Example:
2209
## resources:
2210
## requests:
2211
## cpu: 2
2212
## memory: 512Mi
2213
## limits:
2214
## cpu: 3
2215
## memory: 1024Mi
2216
##
2217
resources: {}
2218
## @param volumePermissions.fips.openssl Configure OpenSSL FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
2219
##
2220
fips:
2221
openssl: ""
2222
## Init container Container Security Context
2223
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2224
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2225
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
2226
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
2227
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
2228
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
2229
##
2230
containerSecurityContext:
2231
seLinuxOptions: {}
2232
runAsUser: 0
2233
## @param volumePermissions.extraEnvVars Array with extra environment variables to add to volume permissions init container.
2234
## e.g:
2235
## extraEnvVars:
2236
## - name: FOO
2237
## value: "bar"
2238
##
2239
extraEnvVars: []
2240
## Kubectl InitContainer
2241
## used by Sentinel to update the isMaster label on the Redis(TM) pods
2242
##
2243
kubectl:
2244
## Iamguarded Kubectl image version
2245
## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry
2246
## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository
2247
## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version
2248
## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2249
## @param kubectl.image.pullPolicy Kubectl image pull policy
2250
## @param kubectl.image.pullSecrets Kubectl pull secrets
2251
##
2252
image:
2253
registry: cgr.dev
2254
repository: chainguard-private/kubectl-iamguarded
2255
tag: 1.35.3
2256
digest: ""
2257
## Specify a imagePullPolicy
2258
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
2259
##
2260
pullPolicy: IfNotPresent
2261
## Optionally specify an array of imagePullSecrets.
2262
## Secrets must be manually created in the namespace.
2263
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2264
## e.g:
2265
## pullSecrets:
2266
## - myRegistryKeySecretName
2267
##
2268
pullSecrets: []
2269
## @param kubectl.command kubectl command to execute
2270
##
2271
command: ["/opt/iamguarded/scripts/kubectl-scripts/update-master-label.sh"]
2272
## Configure Container Security Context
2273
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2274
## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context
2275
## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2276
## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser
2277
## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup
2278
## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot
2279
## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation
2280
## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
2281
## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile
2282
## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop
2283
##
2284
containerSecurityContext:
2285
enabled: true
2286
seLinuxOptions: {}
2287
runAsUser: 1001
2288
runAsGroup: 1001
2289
runAsNonRoot: true
2290
allowPrivilegeEscalation: false
2291
readOnlyRootFilesystem: true
2292
seccompProfile:
2293
type: RuntimeDefault
2294
capabilities:
2295
drop: ["ALL"]
2296
## Iamguarded Kubectl resource requests and limits
2297
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2298
## @param kubectl.resources.limits The resources limits for the kubectl containers
2299
## @param kubectl.resources.requests The requested resources for the kubectl containers
2300
##
2301
resources:
2302
limits: {}
2303
requests: {}
2304
## @param kubectl.fips.openssl Configure OpenSSL FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
2305
## @param kubectl.fips.golang Configure Golang FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
2306
##
2307
fips:
2308
openssl: ""
2309
golang: relaxed
2310
## init-sysctl container parameters
2311
## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
2312
##
2313
sysctl:
2314
## @param sysctl.enabled Enable init container to modify Kernel settings
2315
##
2316
enabled: false
2317
## OS Shell + Utility image
2318
## @param sysctl.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
2319
## @param sysctl.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
2320
## @skip sysctl.image.tag OS Shell + Utility image tag (immutable tags are recommended)
2321
## @param sysctl.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2322
## @param sysctl.image.pullPolicy OS Shell + Utility image pull policy
2323
## @param sysctl.image.pullSecrets OS Shell + Utility image pull secrets
2324
##
2325
image:
2326
registry: cgr.dev
2327
repository: chainguard-private/os-shell-iamguarded
2328
tag: 1.0.0
2329
digest: ""
2330
pullPolicy: IfNotPresent
2331
## Optionally specify an array of imagePullSecrets.
2332
## Secrets must be manually created in the namespace.
2333
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2334
## e.g:
2335
## pullSecrets:
2336
## - myRegistryKeySecretName
2337
##
2338
pullSecrets: []
2339
## @param sysctl.command Override default init-sysctl container command (useful when using custom images)
2340
##
2341
command: []
2342
## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys`
2343
##
2344
mountHostSys: false
2345
## Init container's resource requests and limits
2346
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2347
## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
2348
##
2349
resourcesPreset: "nano"
2350
## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2351
## Example:
2352
## resources:
2353
## requests:
2354
## cpu: 2
2355
## memory: 512Mi
2356
## limits:
2357
## cpu: 3
2358
## memory: 1024Mi
2359
##
2360
resources: {}
2361
## @param sysctl.fips.openssl Configure OpenSSL FIPS mode: '', 'restricted', 'relaxed', 'off'. If empty (""), 'global.defaultFips' would be used
2362
##
2363
fips:
2364
openssl: ""
2365
## @section useExternalDNS Parameters
2366
##
2367
## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable.
2368
## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled.
2369
## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations.
2370
## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release.
2371
##
2372
useExternalDNS:
2373
enabled: false
2374
suffix: ""
2375
annotationKey: external-dns.alpha.kubernetes.io/
2376
additionalAnnotations: {}
2377
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.