diff --git a/helm-charts/etcd/Chart.lock b/helm-charts/etcd/Chart.lock index e70efc4c..3d86a19a 100644 --- a/helm-charts/etcd/Chart.lock +++ b/helm-charts/etcd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.4.0 -digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 -generated: "2023-05-21T14:12:59.250402885Z" + version: 2.9.0 +digest: sha256:416ad278a896f0e9b51d5305bef5d875c7cca6fbb64b75e1f131b04763e2aff9 +generated: "2023-08-22T14:01:19.372946+02:00" diff --git a/helm-charts/etcd/Chart.yaml b/helm-charts/etcd/Chart.yaml index fc632733..69562761 100644 --- a/helm-charts/etcd/Chart.yaml +++ b/helm-charts/etcd/Chart.yaml @@ -1,5 +1,10 @@ annotations: category: Database + images: | + - name: etcd + image: docker.io/bitnami/etcd:3.5.9-debian-11-r100 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r40 licenses: Apache-2.0 apiVersion: v2 appVersion: 3.5.9 @@ -26,4 +31,4 @@ maintainers: name: etcd sources: - https://github.com/bitnami/charts/tree/main/bitnami/etcd -version: 8.12.0 +version: 9.4.1 diff --git a/helm-charts/etcd/README.md b/helm-charts/etcd/README.md index 93d4a12c..696355eb 100644 --- a/helm-charts/etcd/README.md +++ b/helm-charts/etcd/README.md @@ -20,6 +20,8 @@ This chart bootstraps a [etcd](https://github.com/bitnami/containers/tree/main/b Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use Etcd in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -75,53 +77,54 @@ The command removes all the Kubernetes components associated with the chart and ### etcd parameters -| Name | Description | Value | -| -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | -------------------- | -| `image.registry` | etcd image registry | `docker.io` | -| `image.repository` | etcd image name | `bitnami/etcd` | -| `image.tag` | etcd image tag | `3.5.9-debian-11-r4` | -| `image.digest` | etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | etcd image pull policy | `IfNotPresent` | -| `image.pullSecrets` | etcd image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `auth.rbac.create` | Switch to enable RBAC authentication | `true` | -| `auth.rbac.allowNoneAuthentication` | Allow to use etcd without configuring RBAC authentication | `true` | -| `auth.rbac.rootPassword` | Root user password. The root user is always `root` | `""` | -| `auth.rbac.existingSecret` | Name of the existing secret containing credentials for the root user | `""` | -| `auth.rbac.existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` | -| `auth.token.enabled` | Enables token authentication | `true` | -| `auth.token.type` | Authentication token type. Allowed values: 'simple' or 'jwt' | `jwt` | -| `auth.token.privateKey.filename` | Name of the file containing the private key for signing the JWT token | `jwt-token.pem` | -| `auth.token.privateKey.existingSecret` | Name of the existing secret containing the private key for signing the JWT token | `""` | -| `auth.token.signMethod` | JWT token sign method | `RS256` | -| `auth.token.ttl` | JWT token TTL | `10m` | -| `auth.client.secureTransport` | Switch to encrypt client-to-server communications using TLS certificates | `false` | -| `auth.client.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | -| `auth.client.existingSecret` | Name of the existing secret containing the TLS certificates for client-to-server communications | `""` | -| `auth.client.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | -| `auth.client.certFilename` | Name of the file containing the client certificate | `cert.pem` | -| `auth.client.certKeyFilename` | Name of the file containing the client certificate private key | `key.pem` | -| `auth.client.caFilename` | Name of the file containing the client CA certificate | `""` | -| `auth.peer.secureTransport` | Switch to encrypt server-to-server communications using TLS certificates | `false` | -| `auth.peer.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | -| `auth.peer.existingSecret` | Name of the existing secret containing the TLS certificates for server-to-server communications | `""` | -| `auth.peer.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | -| `auth.peer.certFilename` | Name of the file containing the peer certificate | `cert.pem` | -| `auth.peer.certKeyFilename` | Name of the file containing the peer certificate private key | `key.pem` | -| `auth.peer.caFilename` | Name of the file containing the peer CA certificate | `""` | -| `autoCompactionMode` | Auto compaction mode, by default periodic. Valid values: "periodic", "revision". | `""` | -| `autoCompactionRetention` | Auto compaction retention for mvcc key value store in hour, by default 0, means disabled | `""` | -| `initialClusterState` | Initial cluster state. Allowed values: 'new' or 'existing' | `""` | -| `logLevel` | Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' | `info` | -| `maxProcs` | Limits the number of operating system threads that can execute user-level | `""` | -| `removeMemberOnContainerTermination` | Use a PreStop hook to remove the etcd members from the etcd cluster on container termination | `true` | -| `configuration` | etcd configuration. Specify content for etcd.conf.yml | `""` | -| `existingConfigmap` | Existing ConfigMap with etcd configuration | `""` | -| `extraEnvVars` | Extra environment variables to be set on etcd container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `command` | Default container command (useful when using custom images) | `[]` | -| `args` | Default container args (useful when using custom images) | `[]` | +| Name | Description | Value | +| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `image.registry` | etcd image registry | `docker.io` | +| `image.repository` | etcd image name | `bitnami/etcd` | +| `image.tag` | etcd image tag | `3.5.9-debian-11-r100` | +| `image.digest` | etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | etcd image pull policy | `IfNotPresent` | +| `image.pullSecrets` | etcd image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `auth.rbac.create` | Switch to enable RBAC authentication | `true` | +| `auth.rbac.allowNoneAuthentication` | Allow to use etcd without configuring RBAC authentication | `true` | +| `auth.rbac.rootPassword` | Root user password. The root user is always `root` | `""` | +| `auth.rbac.existingSecret` | Name of the existing secret containing credentials for the root user | `""` | +| `auth.rbac.existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` | +| `auth.token.enabled` | Enables token authentication | `true` | +| `auth.token.type` | Authentication token type. Allowed values: 'simple' or 'jwt' | `jwt` | +| `auth.token.privateKey.filename` | Name of the file containing the private key for signing the JWT token | `jwt-token.pem` | +| `auth.token.privateKey.existingSecret` | Name of the existing secret containing the private key for signing the JWT token | `""` | +| `auth.token.signMethod` | JWT token sign method | `RS256` | +| `auth.token.ttl` | JWT token TTL | `10m` | +| `auth.client.secureTransport` | Switch to encrypt client-to-server communications using TLS certificates | `false` | +| `auth.client.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | +| `auth.client.existingSecret` | Name of the existing secret containing the TLS certificates for client-to-server communications | `""` | +| `auth.client.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | +| `auth.client.certFilename` | Name of the file containing the client certificate | `cert.pem` | +| `auth.client.certKeyFilename` | Name of the file containing the client certificate private key | `key.pem` | +| `auth.client.caFilename` | Name of the file containing the client CA certificate | `""` | +| `auth.peer.secureTransport` | Switch to encrypt server-to-server communications using TLS certificates | `false` | +| `auth.peer.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | +| `auth.peer.existingSecret` | Name of the existing secret containing the TLS certificates for server-to-server communications | `""` | +| `auth.peer.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | +| `auth.peer.certFilename` | Name of the file containing the peer certificate | `cert.pem` | +| `auth.peer.certKeyFilename` | Name of the file containing the peer certificate private key | `key.pem` | +| `auth.peer.caFilename` | Name of the file containing the peer CA certificate | `""` | +| `autoCompactionMode` | Auto compaction mode, by default periodic. Valid values: "periodic", "revision". | `""` | +| `autoCompactionRetention` | Auto compaction retention for mvcc key value store in hour, by default 0, means disabled | `""` | +| `initialClusterState` | Initial cluster state. Allowed values: 'new' or 'existing' | `""` | +| `initialClusterToken` | Initial cluster token. Can be used to protect etcd from cross-cluster-interaction, which might corrupt the clusters. | `etcd-cluster-k8s` | +| `logLevel` | Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' | `info` | +| `maxProcs` | Limits the number of operating system threads that can execute user-level | `""` | +| `removeMemberOnContainerTermination` | Use a PreStop hook to remove the etcd members from the etcd cluster on container termination | `true` | +| `configuration` | etcd configuration. Specify content for etcd.conf.yml | `""` | +| `existingConfigmap` | Existing ConfigMap with etcd configuration | `""` | +| `extraEnvVars` | Extra environment variables to be set on etcd container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `command` | Default container command (useful when using custom images) | `[]` | +| `args` | Default container args (useful when using custom images) | `[]` | ### etcd statefulset parameters @@ -134,6 +137,7 @@ The command removes all the Kubernetes components associated with the chart and | `lifecycleHooks` | Override default etcd container hooks | `{}` | | `containerPorts.client` | Client port to expose at container level | `2379` | | `containerPorts.peer` | Peer port to expose at container level | `2380` | +| `containerPorts.metrics` | Metrics port to expose at container level when metrics.useSeparateEndpoint is true | `9090` | | `podSecurityContext.enabled` | Enabled etcd pods' Security Context | `true` | | `podSecurityContext.fsGroup` | Set etcd pod's Security Context fsGroup | `1001` | | `containerSecurityContext.enabled` | Enabled etcd containers' Security Context | `true` | @@ -165,6 +169,7 @@ The command removes all the Kubernetes components associated with the chart and | `customStartupProbe` | Override default startup probe | `{}` | | `extraVolumes` | Optionally specify extra list of additional volumes for etcd pods | `[]` | | `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for etcd container(s) | `[]` | +| `extraVolumeClaimTemplates` | Optionally specify extra list of additional volumeClaimTemplates for etcd container(s) | `[]` | | `initContainers` | Add additional init containers to the etcd pods | `[]` | | `sidecars` | Add additional sidecar containers to the etcd pods | `[]` | | `podAnnotations` | Annotations for etcd pods | `{}` | @@ -189,26 +194,29 @@ The command removes all the Kubernetes components associated with the chart and ### Traffic exposure parameters -| Name | Description | Value | -| ---------------------------------- | ---------------------------------------------------------------------------------- | ----------- | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.enabled` | create second service if equal true | `true` | -| `service.clusterIP` | Kubernetes service Cluster IP | `""` | -| `service.ports.client` | etcd client port | `2379` | -| `service.ports.peer` | etcd peer port | `2380` | -| `service.nodePorts.client` | Specify the nodePort client value for the LoadBalancer and NodePort service types. | `""` | -| `service.nodePorts.peer` | Specify the nodePort peer value for the LoadBalancer and NodePort service types. | `""` | -| `service.clientPortNameOverride` | etcd client port name override | `""` | -| `service.peerPortNameOverride` | etcd peer port name override | `""` | -| `service.loadBalancerIP` | loadBalancerIP for the etcd service (optional, cloud specific) | `""` | -| `service.loadBalancerSourceRanges` | Load Balancer source ranges | `[]` | -| `service.externalIPs` | External IPs | `[]` | -| `service.externalTrafficPolicy` | %%MAIN_CONTAINER_NAME%% service external traffic policy | `Cluster` | -| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `service.annotations` | Additional annotations for the etcd service | `{}` | -| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.enabled` | create second service if equal true | `true` | +| `service.clusterIP` | Kubernetes service Cluster IP | `""` | +| `service.ports.client` | etcd client port | `2379` | +| `service.ports.peer` | etcd peer port | `2380` | +| `service.ports.metrics` | etcd metrics port when metrics.useSeparateEndpoint is true | `9090` | +| `service.nodePorts.client` | Specify the nodePort client value for the LoadBalancer and NodePort service types. | `""` | +| `service.nodePorts.peer` | Specify the nodePort peer value for the LoadBalancer and NodePort service types. | `""` | +| `service.nodePorts.metrics` | Specify the nodePort metrics value for the LoadBalancer and NodePort service types. The metrics port is only exposed when metrics.useSeparateEndpoint is true. | `""` | +| `service.clientPortNameOverride` | etcd client port name override | `""` | +| `service.peerPortNameOverride` | etcd peer port name override | `""` | +| `service.metricsPortNameOverride` | etcd metrics port name override. The metrics port is only exposed when metrics.useSeparateEndpoint is true. | `""` | +| `service.loadBalancerIP` | loadBalancerIP for the etcd service (optional, cloud specific) | `""` | +| `service.loadBalancerSourceRanges` | Load Balancer source ranges | `[]` | +| `service.externalIPs` | External IPs | `[]` | +| `service.externalTrafficPolicy` | %%MAIN_CONTAINER_NAME%% service external traffic policy | `Cluster` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Additional annotations for the etcd service | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | ### Persistence parameters @@ -224,17 +232,17 @@ The command removes all the Kubernetes components associated with the chart and ### Volume Permissions parameters -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r118` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| Name | Description | Value | +| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/os-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r40` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | ### Network Policy parameters @@ -252,6 +260,7 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ | | `metrics.enabled` | Expose etcd metrics | `false` | +| `metrics.useSeparateEndpoint` | Use a separate endpoint for exposing metrics | `false` | | `metrics.podAnnotations` | Annotations for the Prometheus metrics on etcd pods | `{}` | | `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | | `metrics.podMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | @@ -440,6 +449,29 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 9.0.0 + +This version adds a new label `app.kubernetes.io/component=etcd` to the StatefulSet and pods. Due to this change, the StatefulSet will be replaced (as it's not possible to add additional `spec.selector.matchLabels` to an existing StatefulSet) and the pods will be recreated. To upgrade to this version from a previous version, you need to run the following steps: + +1. Add new label to your pods + + ```console + kubectl label pod my-release-0 app.kubernetes.io/component=etcd + # Repeat for all etcd pods, based on configured .replicaCount (excluding the etcd snappshoter pod, if .disasterRecovery.enabled is set to true) + ```` + +2. Remove the StatefulSet keeping the pods: + + ```console + kubectl delete statefulset my-release --cascade=orphan + ``` + +3. Upgrade your cluster: + + ```console + helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/etcd --set auth.rbac.rootPassword=$ETCD_ROOT_PASSWORD + ``` + ### To 8.0.0 This version reverts the change in the previous major bump ([7.0.0](https://github.com/bitnami/charts/tree/main/bitnami/etcd#to-700)). Now the default `etcd` branch is `3.5` again once confirmed by the [etcd developers](https://github.com/etcd-io/etcd/tree/main/CHANGELOG#production-recommendation) that this version is production-ready once solved the data corruption issue. @@ -466,7 +498,7 @@ This version introduces several features and performance improvements: - New parameters/features were added: - `extraDeploy` to deploy any extra desired object. - `initContainers` and `sidecars` to define custom init containers and sidecars. - - `extraVolumes` and `extraVolumeMounts` to define custom volumes and mount points. + - `extraVolumes`, `extraVolumeMounts` and `extraVolumeClaimTemplates` to define custom volumes, mount points and volume claim templates. - Probes can be now customized, and support to startup probes is added. - LifecycleHooks can be customized using `lifecycleHooks` parameter. - The default command/args can be customized using `command` and `args` parameters. @@ -522,7 +554,7 @@ kubectl delete statefulset etcd --cascade=false ## License -Copyright © 2023 Bitnami +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/helm-charts/etcd/charts/common/Chart.yaml b/helm-charts/etcd/charts/common/Chart.yaml index 4fc56bbb..644d2a79 100644 --- a/helm-charts/etcd/charts/common/Chart.yaml +++ b/helm-charts/etcd/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.4.0 +appVersion: 2.9.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.4.0 +version: 2.9.0 diff --git a/helm-charts/etcd/charts/common/README.md b/helm-charts/etcd/charts/common/README.md index 72fca33d..fe6a0100 100644 --- a/helm-charts/etcd/charts/common/README.md +++ b/helm-charts/etcd/charts/common/README.md @@ -2,14 +2,12 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. -Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```yaml dependencies: - name: common - version: 1.x.x + version: 2.x.x repository: oci://registry-1.docker.io/bitnamicharts ``` @@ -32,6 +30,8 @@ This chart provides a common template helpers which can be used to develop new c Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2023 Bitnami +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/helm-charts/etcd/charts/common/templates/_affinities.tpl b/helm-charts/etcd/charts/common/templates/_affinities.tpl index 81902a68..b77534bb 100644 --- a/helm-charts/etcd/charts/common/templates/_affinities.tpl +++ b/helm-charts/etcd/charts/common/templates/_affinities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* @@ -55,15 +60,16 @@ Return a topologyKey definition {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} {{- if not (empty $component) }} {{ printf "app.kubernetes.io/component: %s" $component }} {{- end }} @@ -76,14 +82,15 @@ preferredDuringSchedulingIgnoredDuringExecution: {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} {{- if not (empty $component) }} {{ printf "app.kubernetes.io/component: %s" $component }} {{- end }} diff --git a/helm-charts/etcd/charts/common/templates/_capabilities.tpl b/helm-charts/etcd/charts/common/templates/_capabilities.tpl index 697486a3..c6d115fe 100644 --- a/helm-charts/etcd/charts/common/templates/_capabilities.tpl +++ b/helm-charts/etcd/charts/common/templates/_capabilities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/helm-charts/etcd/charts/common/templates/_errors.tpl b/helm-charts/etcd/charts/common/templates/_errors.tpl index a79cc2e3..07ded6f6 100644 --- a/helm-charts/etcd/charts/common/templates/_errors.tpl +++ b/helm-charts/etcd/charts/common/templates/_errors.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Through error when upgrading using empty passwords values that must not be empty. diff --git a/helm-charts/etcd/charts/common/templates/_images.tpl b/helm-charts/etcd/charts/common/templates/_images.tpl index d60c22e2..2181f322 100644 --- a/helm-charts/etcd/charts/common/templates/_images.tpl +++ b/helm-charts/etcd/charts/common/templates/_images.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name diff --git a/helm-charts/etcd/charts/common/templates/_ingress.tpl b/helm-charts/etcd/charts/common/templates/_ingress.tpl index 831da9ca..efa5b85c 100644 --- a/helm-charts/etcd/charts/common/templates/_ingress.tpl +++ b/helm-charts/etcd/charts/common/templates/_ingress.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/helm-charts/etcd/charts/common/templates/_labels.tpl b/helm-charts/etcd/charts/common/templates/_labels.tpl index 252066c7..fac46076 100644 --- a/helm-charts/etcd/charts/common/templates/_labels.tpl +++ b/helm-charts/etcd/charts/common/templates/_labels.tpl @@ -1,18 +1,55 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} + {{/* Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} */}} {{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge + (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) + (dict + "app.kubernetes.io/name" (include "common.names.name" .context) + "helm.sh/chart" (include "common.names.chart" .context) + "app.kubernetes.io/instance" .context.Release.Name + "app.kubernetes.io/managed-by" .context.Release.Service + ) + | toYaml +}} +{{- else -}} app.kubernetes.io/name: {{ include "common.names.name" . }} helm.sh/chart: {{ include "common.names.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} +{{- end -}} {{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. */}} {{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge + (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") + (dict + "app.kubernetes.io/name" (include "common.names.name" .context) + "app.kubernetes.io/instance" .context.Release.Name + ) + | toYaml +}} +{{- else -}} app.kubernetes.io/name: {{ include "common.names.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} +{{- end -}} diff --git a/helm-charts/etcd/charts/common/templates/_names.tpl b/helm-charts/etcd/charts/common/templates/_names.tpl index 617a2348..a222924f 100644 --- a/helm-charts/etcd/charts/common/templates/_names.tpl +++ b/helm-charts/etcd/charts/common/templates/_names.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/helm-charts/etcd/charts/common/templates/_secrets.tpl b/helm-charts/etcd/charts/common/templates/_secrets.tpl index a1708b2e..a193c46b 100644 --- a/helm-charts/etcd/charts/common/templates/_secrets.tpl +++ b/helm-charts/etcd/charts/common/templates/_secrets.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Generate secret name. @@ -72,7 +77,7 @@ Params: - strong - Boolean - Optional - Whether to add symbols to the generated random password. - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - context - Context - Required - Parent context. - + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. The order in which this function returns a secret password: 1. Already existing 'Secret' resource (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) @@ -86,6 +91,7 @@ The order in which this function returns a secret password: {{- $password := "" }} {{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} {{- $chartName := default "" .chartName }} {{- $passwordLength := default 10 .length }} {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} @@ -94,7 +100,7 @@ The order in which this function returns a secret password: {{- if $secretData }} {{- if hasKey $secretData .key }} {{- $password = index $secretData .key | quote }} - {{- else }} + {{- else if $failOnNew }} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} {{- end -}} {{- else if $providedPasswordValue }} @@ -137,15 +143,16 @@ Params: */}} {{- define "common.secrets.lookup" -}} {{- $value := "" -}} -{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} {{- if and $secretData (hasKey $secretData .key) -}} {{- $value = index $secretData .key -}} -{{- else -}} - {{- $value = $defaultValue | toString | b64enc -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} {{- end -}} +{{- if $value -}} {{- printf "%s" $value -}} {{- end -}} +{{- end -}} {{/* Returns whether a previous generated secret already exists diff --git a/helm-charts/etcd/charts/common/templates/_storage.tpl b/helm-charts/etcd/charts/common/templates/_storage.tpl index 60e2a844..16405a0f 100644 --- a/helm-charts/etcd/charts/common/templates/_storage.tpl +++ b/helm-charts/etcd/charts/common/templates/_storage.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper Storage Class diff --git a/helm-charts/etcd/charts/common/templates/_tplvalues.tpl b/helm-charts/etcd/charts/common/templates/_tplvalues.tpl index 2db16685..dc15f7fd 100644 --- a/helm-charts/etcd/charts/common/templates/_tplvalues.tpl +++ b/helm-charts/etcd/charts/common/templates/_tplvalues.tpl @@ -1,13 +1,27 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* -Renders a value that contains template. +Renders a value that contains template perhaps with scope if the scope is present. Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{- if .scope }} + {{- if typeIs "string" .value }} + {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- end }} +{{- else }} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} {{- end -}} diff --git a/helm-charts/etcd/charts/common/templates/_utils.tpl b/helm-charts/etcd/charts/common/templates/_utils.tpl index b1ead50c..c87040cd 100644 --- a/helm-charts/etcd/charts/common/templates/_utils.tpl +++ b/helm-charts/etcd/charts/common/templates/_utils.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Print instructions to get a secret value. diff --git a/helm-charts/etcd/charts/common/templates/_warnings.tpl b/helm-charts/etcd/charts/common/templates/_warnings.tpl index ae10fa41..66dffc1f 100644 --- a/helm-charts/etcd/charts/common/templates/_warnings.tpl +++ b/helm-charts/etcd/charts/common/templates/_warnings.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Warning about using rolling tag. diff --git a/helm-charts/etcd/charts/common/templates/validations/_cassandra.tpl b/helm-charts/etcd/charts/common/templates/validations/_cassandra.tpl index ded1ae3b..eda9aada 100644 --- a/helm-charts/etcd/charts/common/templates/validations/_cassandra.tpl +++ b/helm-charts/etcd/charts/common/templates/validations/_cassandra.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate Cassandra required passwords are not empty. diff --git a/helm-charts/etcd/charts/common/templates/validations/_mariadb.tpl b/helm-charts/etcd/charts/common/templates/validations/_mariadb.tpl index b6906ff7..17d83a2f 100644 --- a/helm-charts/etcd/charts/common/templates/validations/_mariadb.tpl +++ b/helm-charts/etcd/charts/common/templates/validations/_mariadb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MariaDB required passwords are not empty. diff --git a/helm-charts/etcd/charts/common/templates/validations/_mongodb.tpl b/helm-charts/etcd/charts/common/templates/validations/_mongodb.tpl index f820ec10..bbb445b8 100644 --- a/helm-charts/etcd/charts/common/templates/validations/_mongodb.tpl +++ b/helm-charts/etcd/charts/common/templates/validations/_mongodb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MongoDB® required passwords are not empty. diff --git a/helm-charts/etcd/charts/common/templates/validations/_mysql.tpl b/helm-charts/etcd/charts/common/templates/validations/_mysql.tpl index 74472a06..ca3953f8 100644 --- a/helm-charts/etcd/charts/common/templates/validations/_mysql.tpl +++ b/helm-charts/etcd/charts/common/templates/validations/_mysql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MySQL required passwords are not empty. diff --git a/helm-charts/etcd/charts/common/templates/validations/_postgresql.tpl b/helm-charts/etcd/charts/common/templates/validations/_postgresql.tpl index 164ec0d0..8c9aa570 100644 --- a/helm-charts/etcd/charts/common/templates/validations/_postgresql.tpl +++ b/helm-charts/etcd/charts/common/templates/validations/_postgresql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate PostgreSQL required passwords are not empty. diff --git a/helm-charts/etcd/charts/common/templates/validations/_redis.tpl b/helm-charts/etcd/charts/common/templates/validations/_redis.tpl index dcccfc1a..fc0d208d 100644 --- a/helm-charts/etcd/charts/common/templates/validations/_redis.tpl +++ b/helm-charts/etcd/charts/common/templates/validations/_redis.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/helm-charts/etcd/charts/common/templates/validations/_validations.tpl b/helm-charts/etcd/charts/common/templates/validations/_validations.tpl index 9a814cf4..31ceda87 100644 --- a/helm-charts/etcd/charts/common/templates/validations/_validations.tpl +++ b/helm-charts/etcd/charts/common/templates/validations/_validations.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate values must not be empty. diff --git a/helm-charts/etcd/charts/common/values.yaml b/helm-charts/etcd/charts/common/values.yaml index f2df68e5..9abe0e15 100644 --- a/helm-charts/etcd/charts/common/values.yaml +++ b/helm-charts/etcd/charts/common/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## bitnami/common ## It is required by CI/CD tools and processes. ## @skip exampleValue diff --git a/helm-charts/etcd/templates/_helpers.tpl b/helm-charts/etcd/templates/_helpers.tpl index 35b1a57e..747f8a83 100644 --- a/helm-charts/etcd/templates/_helpers.tpl +++ b/helm-charts/etcd/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/helm-charts/etcd/templates/configmap.yaml b/helm-charts/etcd/templates/configmap.yaml index ca69d7f4..264c0106 100644 --- a/helm-charts/etcd/templates/configmap.yaml +++ b/helm-charts/etcd/templates/configmap.yaml @@ -1,13 +1,16 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "etcd.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap metadata: name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/helm-charts/etcd/templates/cronjob.yaml b/helm-charts/etcd/templates/cronjob.yaml index 88faa310..288d464c 100644 --- a/helm-charts/etcd/templates/cronjob.yaml +++ b/helm-charts/etcd/templates/cronjob.yaml @@ -1,13 +1,15 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.disasterRecovery.enabled -}} apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} kind: CronJob metadata: name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} @@ -19,19 +21,19 @@ spec: spec: template: metadata: - labels: {{- include "common.labels.standard" . | nindent 12 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 12 }} app.kubernetes.io/component: snapshotter {{- if .Values.disasterRecovery.cronjob.podAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.disasterRecovery.cronjob.podAnnotations "context" $) | nindent 12 }} {{- end }} spec: + {{- include "etcd.imagePullSecrets" . | nindent 10 }} {{- if .Values.disasterRecovery.cronjob.nodeSelector }} nodeSelector: {{- toYaml .Values.disasterRecovery.cronjob.nodeSelector | nindent 12 }} {{- end }} {{- if .Values.disasterRecovery.cronjob.tolerations }} tolerations: {{- toYaml .Values.disasterRecovery.cronjob.tolerations | nindent 12 }} {{- end }} - {{- include "etcd.imagePullSecrets" . | nindent 10 }} restartPolicy: OnFailure {{- if .Values.podSecurityContext.enabled }} securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }} diff --git a/helm-charts/etcd/templates/extra-list.yaml b/helm-charts/etcd/templates/extra-list.yaml index 9ac65f9e..2d35a580 100644 --- a/helm-charts/etcd/templates/extra-list.yaml +++ b/helm-charts/etcd/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/helm-charts/etcd/templates/networkpolicy.yaml b/helm-charts/etcd/templates/networkpolicy.yaml index a2e333bb..370bca08 100644 --- a/helm-charts/etcd/templates/networkpolicy.yaml +++ b/helm-charts/etcd/templates/networkpolicy.yaml @@ -1,22 +1,24 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} metadata: name: {{ template "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: + {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 6 }} - {{- end }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd policyTypes: - Ingress - Egress @@ -32,11 +34,9 @@ spec: - port: {{ .Values.containerPorts.client }} - port: {{ .Values.containerPorts.peer }} to: - - podSelector: - matchLabels: {{- include "common.labels.standard" . | nindent 14 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 14 }} - {{- end }} + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: etcd {{- if .Values.networkPolicy.extraEgress }} {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} {{- end }} @@ -51,10 +51,8 @@ spec: matchLabels: {{ template "common.names.fullname" . }}-client: "true" - podSelector: - matchLabels: {{- include "common.labels.standard" . | nindent 14 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 14 }} - {{- end }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: etcd {{- if .Values.networkPolicy.ingressNSMatchLabels }} - namespaceSelector: matchLabels: @@ -73,7 +71,7 @@ spec: {{- if .Values.metrics.enabled }} # Allow prometheus scrapes for metrics - ports: - - port: 2379 + - port: {{ .Values.metrics.useSeparateEndpoint | ternary .Values.containerPorts.metrics .Values.containerPorts.client }} {{- end }} {{- if .Values.networkPolicy.extraIngress }} {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} diff --git a/helm-charts/etcd/templates/pdb.yaml b/helm-charts/etcd/templates/pdb.yaml index f0649288..797c7acd 100644 --- a/helm-charts/etcd/templates/pdb.yaml +++ b/helm-charts/etcd/templates/pdb.yaml @@ -1,13 +1,16 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} @@ -18,6 +21,8 @@ spec: {{- if .Values.pdb.maxUnavailable }} maxUnavailable: {{ .Values.pdb.maxUnavailable }} {{- end }} + {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd {{- end }} diff --git a/helm-charts/etcd/templates/podmonitor.yaml b/helm-charts/etcd/templates/podmonitor.yaml index 952e569b..9ee0fead 100644 --- a/helm-charts/etcd/templates/podmonitor.yaml +++ b/helm-charts/etcd/templates/podmonitor.yaml @@ -1,13 +1,15 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ ternary .Values.metrics.podMonitor.namespace .Release.Namespace (not (empty .Values.metrics.podMonitor.namespace)) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.metrics.podMonitor.additionalLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} {{- end }} @@ -16,7 +18,7 @@ metadata: {{- end }} spec: podMetricsEndpoints: - - port: client + - port: {{ .Values.metrics.useSeparateEndpoint | ternary "metrics" "client" }} path: /metrics {{- if .Values.metrics.podMonitor.interval }} interval: {{ .Values.metrics.podMonitor.interval }} @@ -37,6 +39,8 @@ spec: namespaceSelector: matchNames: - {{ .Release.Namespace }} + {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd {{- end }} diff --git a/helm-charts/etcd/templates/prometheusrule.yaml b/helm-charts/etcd/templates/prometheusrule.yaml index 58a5594b..40bac68e 100644 --- a/helm-charts/etcd/templates/prometheusrule.yaml +++ b/helm-charts/etcd/templates/prometheusrule.yaml @@ -1,18 +1,16 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.prometheusRule.namespace }} - namespace: {{ .Values.metrics.prometheusRule.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.metrics.prometheusRule.additionalLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} {{- end }} diff --git a/helm-charts/etcd/templates/secrets.yaml b/helm-charts/etcd/templates/secrets.yaml index ea46c28c..4898994c 100644 --- a/helm-charts/etcd/templates/secrets.yaml +++ b/helm-charts/etcd/templates/secrets.yaml @@ -1,13 +1,16 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and (or .Values.auth.rbac.create .Values.auth.rbac.enabled) (not .Values.auth.rbac.existingSecret) -}} apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/helm-charts/etcd/templates/serviceaccount.yaml b/helm-charts/etcd/templates/serviceaccount.yaml index a5721db4..748b3532 100644 --- a/helm-charts/etcd/templates/serviceaccount.yaml +++ b/helm-charts/etcd/templates/serviceaccount.yaml @@ -1,24 +1,19 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "etcd.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} + namespace: {{ .Release.Namespace | quote }} + {{- $labels := merge .Values.serviceAccount.labels .Values.commonLabels }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := merge .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} {{- end }} diff --git a/helm-charts/etcd/templates/snapshot-pvc.yaml b/helm-charts/etcd/templates/snapshot-pvc.yaml index 2415b891..3345a010 100644 --- a/helm-charts/etcd/templates/snapshot-pvc.yaml +++ b/helm-charts/etcd/templates/snapshot-pvc.yaml @@ -1,13 +1,15 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.disasterRecovery.enabled (not .Values.disasterRecovery.pvc.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/helm-charts/etcd/templates/statefulset.yaml b/helm-charts/etcd/templates/statefulset.yaml index f276eb09..e0c009c7 100644 --- a/helm-charts/etcd/templates/statefulset.yaml +++ b/helm-charts/etcd/templates/statefulset.yaml @@ -1,28 +1,31 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: replicas: {{ .Values.replicaCount }} + {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} podManagementPolicy: {{ .Values.podManagementPolicy }} updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} template: metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: etcd annotations: {{- if .Values.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} @@ -45,8 +48,8 @@ spec: affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.nodeSelector }} @@ -171,13 +174,17 @@ spec: {{- end }} {{- end }} - name: ETCD_ADVERTISE_CLIENT_URLS - value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.client }},{{ $etcdClientProtocol }}://{{ $etcdFullname }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}" + value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.client }}{{- if .Values.service.enabled }},{{ $etcdClientProtocol }}://{{ $etcdFullname }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}{{- end }}" - name: ETCD_LISTEN_CLIENT_URLS value: "{{ $etcdClientProtocol }}://0.0.0.0:{{ .Values.containerPorts.client }}" - name: ETCD_INITIAL_ADVERTISE_PEER_URLS value: "{{ $etcdPeerProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.peer }}" - name: ETCD_LISTEN_PEER_URLS value: "{{ $etcdPeerProtocol }}://0.0.0.0:{{ .Values.containerPorts.peer }}" + {{- if .Values.metrics.useSeparateEndpoint }} + - name: ETCD_LISTEN_METRICS_URLS + value: "http://0.0.0.0:{{ .Values.containerPorts.metrics }}" + {{- end }} {{- if .Values.autoCompactionMode }} - name: ETCD_AUTO_COMPACTION_MODE value: {{ .Values.autoCompactionMode | quote }} @@ -192,7 +199,7 @@ spec: {{- end }} {{- if gt $replicaCount 1 }} - name: ETCD_INITIAL_CLUSTER_TOKEN - value: "etcd-cluster-k8s" + value: {{ .Values.initialClusterToken | quote }} - name: ETCD_INITIAL_CLUSTER_STATE value: {{ default (ternary "new" "existing" .Release.IsInstall) .Values.initialClusterState | quote }} {{- $initialCluster := list }} @@ -265,6 +272,11 @@ spec: - name: peer containerPort: {{ .Values.containerPorts.peer }} protocol: TCP + {{- if .Values.metrics.useSeparateEndpoint }} + - name: metrics + containerPort: {{ .Values.containerPorts.metrics }} + protocol: TCP + {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} @@ -424,4 +436,7 @@ spec: selector: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.selector "context" $) | nindent 10 }} {{- end }} {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- if .Values.extraVolumeClaimTemplates }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeClaimTemplates "context" $) | nindent 4 }} + {{- end }} {{- end }} diff --git a/helm-charts/etcd/templates/svc-headless.yaml b/helm-charts/etcd/templates/svc-headless.yaml index 0d4df3e0..5f71d5d9 100644 --- a/helm-charts/etcd/templates/svc-headless.yaml +++ b/helm-charts/etcd/templates/svc-headless.yaml @@ -1,19 +1,20 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - {{- if .Values.service.headless.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.headless.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := merge .Values.service.headless.annotations .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: type: ClusterIP @@ -42,4 +43,15 @@ spec: {{- end }} port: {{ .Values.containerPorts.peer }} targetPort: peer - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + {{- if .Values.metrics.useSeparateEndpoint }} + {{- if .Values.service.metricsPortNameOverride }} + - name: {{ .Values.service.metricsPortNameOverride }} + {{- else }} + - name: metrics + {{- end }} + port: {{ .Values.containerPorts.metrics }} + targetPort: metrics + {{- end }} + {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd diff --git a/helm-charts/etcd/templates/svc.yaml b/helm-charts/etcd/templates/svc.yaml index abefe141..b4229eb7 100644 --- a/helm-charts/etcd/templates/svc.yaml +++ b/helm-charts/etcd/templates/svc.yaml @@ -1,20 +1,20 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.service.enabled }} apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := merge .Values.service.annotations .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} {{- if .Values.service.clusterIP }} @@ -55,8 +55,20 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} + {{- if .Values.metrics.useSeparateEndpoint }} + - name: {{ default "metrics" .Values.service.metricsPortNameOverride | quote }} + port: {{ .Values.service.ports.metrics }} + targetPort: metrics + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (.Values.service.nodePorts.metrics))) }} + nodePort: {{ .Values.service.nodePorts.metrics }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd {{- end }} diff --git a/helm-charts/etcd/templates/token-secrets.yaml b/helm-charts/etcd/templates/token-secrets.yaml index c0246fba..d126d03b 100644 --- a/helm-charts/etcd/templates/token-secrets.yaml +++ b/helm-charts/etcd/templates/token-secrets.yaml @@ -1,10 +1,15 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "etcd.token.createSecret" .) }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/helm-charts/etcd/values.yaml b/helm-charts/etcd/values.yaml index d657ac1b..c95f5fd3 100644 --- a/helm-charts/etcd/values.yaml +++ b/helm-charts/etcd/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -70,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/etcd - tag: 3.5.9-debian-11-r4 + tag: 3.5.9-debian-11-r100 digest: "" ## @param image.pullPolicy etcd image pull policy ## Specify a imagePullPolicy @@ -206,6 +209,12 @@ autoCompactionRetention: "" ## - 'existing': when upgrading the chart ('helm upgrade ...') ## initialClusterState: "" +## @param initialClusterToken Initial cluster token. Can be used to protect etcd from cross-cluster-interaction, which might corrupt the clusters. +## If spinning up multiple clusters (or creating and destroying a single cluster) +## with same configuration for testing purpose, it is highly recommended that each cluster is given a unique initial-cluster-token. +## By doing this, etcd can generate unique cluster IDs and member IDs for the clusters even if they otherwise have the exact same configuration. +## +initialClusterToken: "etcd-cluster-k8s" ## @param logLevel Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' ## logLevel: "info" @@ -277,10 +286,12 @@ lifecycleHooks: {} ## etcd container ports to open ## @param containerPorts.client Client port to expose at container level ## @param containerPorts.peer Peer port to expose at container level +## @param containerPorts.metrics Metrics port to expose at container level when metrics.useSeparateEndpoint is true ## containerPorts: client: 2379 peer: 2380 + metrics: 9090 ## etcd pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled etcd pods' Security Context @@ -381,6 +392,9 @@ extraVolumes: [] ## @param extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for etcd container(s) ## extraVolumeMounts: [] +## @param extraVolumeClaimTemplates [array] Optionally specify extra list of additional volumeClaimTemplates for etcd container(s) +## +extraVolumeClaimTemplates: [] ## @param initContainers [array] Add additional init containers to the etcd pods ## e.g: ## initContainers: @@ -506,23 +520,30 @@ service: clusterIP: "" ## @param service.ports.client etcd client port ## @param service.ports.peer etcd peer port + ## @param service.ports.metrics etcd metrics port when metrics.useSeparateEndpoint is true ## ports: client: 2379 peer: 2380 + metrics: 9090 ## @param service.nodePorts.client Specify the nodePort client value for the LoadBalancer and NodePort service types. ## @param service.nodePorts.peer Specify the nodePort peer value for the LoadBalancer and NodePort service types. + ## @param service.nodePorts.metrics Specify the nodePort metrics value for the LoadBalancer and NodePort service types. The metrics port is only exposed when metrics.useSeparateEndpoint is true. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: client: "" peer: "" + metrics: "" ## @param service.clientPortNameOverride etcd client port name override ## clientPortNameOverride: "" ## @param service.peerPortNameOverride etcd peer port name override ## peerPortNameOverride: "" + ## @param service.metricsPortNameOverride etcd metrics port name override. The metrics port is only exposed when metrics.useSeparateEndpoint is true. + ## + metricsPortNameOverride: "" ## @param service.loadBalancerIP loadBalancerIP for the etcd service (optional, cloud specific) ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## @@ -620,8 +641,8 @@ volumePermissions: ## image: registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r118 + repository: bitnami/os-shell + tag: 11-debian-11-r40 digest: "" ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @@ -713,11 +734,14 @@ metrics: ## @param metrics.enabled Expose etcd metrics ## enabled: false + ## @param metrics.useSeparateEndpoint Use a separate endpoint for exposing metrics + # + useSeparateEndpoint: false ## @param metrics.podAnnotations [object] Annotations for the Prometheus metrics on etcd pods ## podAnnotations: prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.containerPorts.client }}" + prometheus.io/port: "{{ .Values.metrics.useSeparateEndpoint | ternary .Values.containerPorts.metrics .Values.containerPorts.client }}" ## Prometheus Service Monitor ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ##