├── Chart.lock ├── Chart.yaml ├── README.md ├── charts ├── neurox-control-api │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── neurox-control-manager │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── neurox-control-portal │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── neurox-workload │ ├── Chart.lock │ ├── Chart.yaml │ ├── charts │ │ ├── neurox-workload-agent │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── daemonset.yaml │ │ │ │ ├── service.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── servicemonitor.yaml │ │ │ └── values.yaml │ │ └── neurox-workload-manager │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── deployment.yaml │ │ │ ├── namespace.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ │ └── values.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── hooks │ │ │ ├── 1-rbac.yaml │ │ │ ├── 2-setup-job.yaml │ │ │ └── 3-cleanup-job.yaml │ │ ├── prometheus.yaml │ │ ├── rbac.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── redis │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── charts │ │ └── common │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── templates │ │ │ ├── _affinities.tpl │ │ │ ├── _capabilities.tpl │ │ │ ├── _compatibility.tpl │ │ │ ├── _errors.tpl │ │ │ ├── _images.tpl │ │ │ ├── _ingress.tpl │ │ │ ├── _labels.tpl │ │ │ ├── _names.tpl │ │ │ ├── _resources.tpl │ │ │ ├── _secrets.tpl │ │ │ ├── _storage.tpl │ │ │ ├── _tplvalues.tpl │ │ │ ├── _utils.tpl │ │ │ ├── _warnings.tpl │ │ │ └── validations │ │ │ │ ├── _cassandra.tpl │ │ │ │ ├── _mariadb.tpl │ │ │ │ ├── _mongodb.tpl │ │ │ │ ├── _mysql.tpl │ │ │ │ ├── _postgresql.tpl │ │ │ │ ├── _redis.tpl │ │ │ │ └── _validations.tpl │ │ │ └── values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── extra-list.yaml │ │ ├── headless-svc.yaml │ │ ├── health-configmap.yaml │ │ ├── master │ │ │ ├── application.yaml │ │ │ ├── pdb.yaml │ │ │ ├── psp.yaml │ │ │ ├── pvc.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ ├── metrics-svc.yaml │ │ ├── networkpolicy.yaml │ │ ├── podmonitor.yaml │ │ ├── prometheusrule.yaml │ │ ├── replicas │ │ │ ├── application.yaml │ │ │ ├── hpa.yaml │ │ │ ├── pdb.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── scripts-configmap.yaml │ │ ├── secret-svcbind.yaml │ │ ├── secret.yaml │ │ ├── sentinel │ │ │ ├── hpa.yaml │ │ │ ├── node-services.yaml │ │ │ ├── pdb.yaml │ │ │ ├── ports-configmap.yaml │ │ │ ├── service.yaml │ │ │ └── statefulset.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── svc-external.yaml │ │ └── tls-secret.yaml │ ├── values.schema.json │ └── values.yaml └── thanos │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── charts │ ├── common │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── _affinities.tpl │ │ │ ├── _capabilities.tpl │ │ │ ├── _compatibility.tpl │ │ │ ├── _errors.tpl │ │ │ ├── _images.tpl │ │ │ ├── _ingress.tpl │ │ │ ├── _labels.tpl │ │ │ ├── _names.tpl │ │ │ ├── _resources.tpl │ │ │ ├── _secrets.tpl │ │ │ ├── _storage.tpl │ │ │ ├── _tplvalues.tpl │ │ │ ├── _utils.tpl │ │ │ ├── _warnings.tpl │ │ │ └── validations │ │ │ │ ├── _cassandra.tpl │ │ │ │ ├── _mariadb.tpl │ │ │ │ ├── _mongodb.tpl │ │ │ │ ├── _mysql.tpl │ │ │ │ ├── _postgresql.tpl │ │ │ │ ├── _redis.tpl │ │ │ │ └── _validations.tpl │ │ └── values.yaml │ └── minio │ │ ├── .helmignore │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── charts │ │ └── common │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── templates │ │ │ ├── _affinities.tpl │ │ │ ├── _capabilities.tpl │ │ │ ├── _compatibility.tpl │ │ │ ├── _errors.tpl │ │ │ ├── _images.tpl │ │ │ ├── _ingress.tpl │ │ │ ├── _labels.tpl │ │ │ ├── _names.tpl │ │ │ ├── _resources.tpl │ │ │ ├── _secrets.tpl │ │ │ ├── _storage.tpl │ │ │ ├── _tplvalues.tpl │ │ │ ├── _utils.tpl │ │ │ ├── _warnings.tpl │ │ │ └── validations │ │ │ │ ├── _cassandra.tpl │ │ │ │ ├── _mariadb.tpl │ │ │ │ ├── _mongodb.tpl │ │ │ │ ├── _mysql.tpl │ │ │ │ ├── _postgresql.tpl │ │ │ │ ├── _redis.tpl │ │ │ │ └── _validations.tpl │ │ │ └── values.yaml │ │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── api-ingress.yaml │ │ ├── distributed │ │ │ ├── headless-svc.yaml │ │ │ └── statefulset.yaml │ │ ├── extra-list.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb.yaml │ │ ├── prometheusrule.yaml │ │ ├── provisioning-configmap.yaml │ │ ├── provisioning-job.yaml │ │ ├── provisioning-networkpolicy.yaml │ │ ├── pvc.yaml │ │ ├── secrets.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── standalone │ │ │ └── deployment.yaml │ │ └── tls-secrets.yaml │ │ └── values.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── alert-rule │ │ ├── absent_rules.yml │ │ ├── compaction.yml │ │ ├── query.yml │ │ ├── receive.yml │ │ ├── replicate.yml │ │ ├── ruler.yml │ │ ├── sidecar.yml │ │ └── store_gateway.yml │ ├── bucketweb │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ └── tls-secrets.yaml │ ├── compactor │ │ ├── _pod-template.tpl │ │ ├── cronjob.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pvc.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ └── tls-secrets.yaml │ ├── extra-list.yaml │ ├── grpc-tls-secrets.yaml │ ├── http-certs-secret.yaml │ ├── httpconfig-secret.yaml │ ├── objstore-secret.yaml │ ├── prometheusrule.yaml │ ├── query-frontend │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb.yaml │ │ ├── psp-clusterrole.yaml │ │ ├── psp-clusterrolebinding.yaml │ │ ├── psp.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ └── tls-secrets.yaml │ ├── query │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress-grpc.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb.yaml │ │ ├── psp-clusterrole.yaml │ │ ├── psp-clusterrolebinding.yaml │ │ ├── psp.yaml │ │ ├── sd-configmap.yaml │ │ ├── service-grpc-headless.yaml │ │ ├── service-grpc.yaml │ │ ├── service-headless.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── tls-secrets-grpc.yaml │ │ └── tls-secrets.yaml │ ├── receive-distributor │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── pdb.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ ├── receive │ │ ├── configmap.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb.yaml │ │ ├── service-headless.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── statefulset.yaml │ │ └── tls-secrets.yaml │ ├── ruler │ │ ├── configmap.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb.yaml │ │ ├── secret.yaml │ │ ├── service-headless.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── statefulset.yaml │ │ └── tls-secrets.yaml │ └── storegateway │ │ ├── configmap.yaml │ │ ├── hpa-sharded.yaml │ │ ├── hpa.yaml │ │ ├── ingress-grpc.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb-sharded.yaml │ │ ├── pdb.yaml │ │ ├── service-headless.yaml │ │ ├── service-sharded.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── statefulset-sharded.yaml │ │ ├── statefulset.yaml │ │ └── tls-secrets.yaml │ └── values.yaml ├── templates ├── NOTES.txt ├── _helpers.tpl ├── configmap.yaml ├── deployment.yaml ├── extra-objects.yaml ├── hooks │ ├── 1-rbac.yaml │ ├── 1-registration-configmap.yaml │ ├── 2-registration-job.yaml │ ├── 2-secrets-job.yaml │ └── 3-cleanup-job.yaml ├── ingress.yaml ├── issuer.yaml ├── rbac.yaml ├── secret.yaml ├── service.yaml └── serviceaccount.yaml └── values.yaml /Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: neurox-control-api 3 | repository: oci://ghcr.io/neuroxhq/helm-charts 4 | version: 2.233.1 5 | - name: neurox-control-portal 6 | repository: oci://ghcr.io/neuroxhq/helm-charts 7 | version: 1.255.0 8 | - name: redis 9 | repository: oci://registry-1.docker.io/bitnamicharts 10 | version: 20.11.3 11 | - name: neurox-control-manager 12 | repository: oci://ghcr.io/neuroxhq/helm-charts 13 | version: 1.151.0 14 | - name: thanos 15 | repository: oci://registry-1.docker.io/bitnamicharts 16 | version: 15.13.2 17 | - name: neurox-workload 18 | repository: oci://ghcr.io/neuroxhq/helm-charts 19 | version: 2.0.4 20 | digest: sha256:8b7c8a39b1c553d988392c5a829abdaeb5b8eb0ad3376677789c05d1df33030f 21 | generated: "2025-04-28T23:02:05.230021851Z" 22 | -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.0.223 3 | dependencies: 4 | - alias: api 5 | name: neurox-control-api 6 | repository: oci://ghcr.io/neuroxhq/helm-charts 7 | version: 2.233.1 8 | - alias: portal 9 | condition: portal.enabled 10 | name: neurox-control-portal 11 | repository: oci://ghcr.io/neuroxhq/helm-charts 12 | version: 1.255.0 13 | - name: redis 14 | repository: oci://registry-1.docker.io/bitnamicharts 15 | version: 20.11.3 16 | - alias: manager 17 | condition: manager.enabled 18 | name: neurox-control-manager 19 | repository: oci://ghcr.io/neuroxhq/helm-charts 20 | version: 1.151.0 21 | - condition: thanos.enabled 22 | name: thanos 23 | repository: oci://registry-1.docker.io/bitnamicharts 24 | version: 15.13.2 25 | - alias: workload 26 | name: neurox-workload 27 | repository: oci://ghcr.io/neuroxhq/helm-charts 28 | version: 2.0.4 29 | description: A Helm chart for deploying the Neurox Control Cluster 30 | name: neurox-control 31 | version: 2.0.223 32 | -------------------------------------------------------------------------------- /charts/neurox-control-api/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.233.1 3 | description: A Helm chart for deploying the Neurox Control API 4 | name: neurox-control-api 5 | version: 2.233.1 6 | -------------------------------------------------------------------------------- /charts/neurox-control-api/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: '{{ include "neurox-control-api.fullname" . }}' 6 | namespace: "{{ .Release.Namespace }}" 7 | spec: 8 | ports: 9 | - port: {{ .Values.service.port }} 10 | targetPort: 3080 11 | selector: 12 | app: '{{ include "neurox-control-api.fullname" . }}' 13 | type: ClusterIP 14 | -------------------------------------------------------------------------------- /charts/neurox-control-api/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: '{{ include "neurox-control-api.fullname" . }}' 6 | namespace: "{{ .Release.Namespace }}" 7 | imagePullSecrets: 8 | - name: "{{ .Values.global.image.pullSecretName}}" 9 | -------------------------------------------------------------------------------- /charts/neurox-control-manager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 1.151.0 3 | description: A Helm chart for deploying the Neurox Control Manager 4 | name: neurox-control-manager 5 | version: 1.151.0 6 | -------------------------------------------------------------------------------- /charts/neurox-control-manager/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "neurox-control-manager.fullname" -}} 2 | {{- tpl (.Values.fullnameOverride | default "neurox-control-manager") . -}} 3 | {{- end -}} 4 | 5 | {{- define "neurox-control-manager.api.serviceName" -}} 6 | {{ $globalOverride := .Values.global.fullnameOverride | default "neurox-control" }} 7 | {{- tpl (.Values.api.serviceOverride.host | default (printf "%s-api" $globalOverride)) . }} 8 | {{- end -}} 9 | 10 | {{- define "neurox-control-manager.api.servicePort" -}} 11 | {{- tpl (.Values.api.serviceOverride.port | default "80") . -}} 12 | {{- end }} 13 | 14 | {{- define "neurox-control-manager.image.init.pullPolicy" -}} 15 | {{- tpl (.Values.image.init.pullPolicy | default .Values.global.image.pullPolicy) . -}} 16 | {{- end -}} 17 | {{- define "neurox-control-manager.image.run.pullPolicy" -}} 18 | {{- tpl (.Values.image.run.pullPolicy | default .Values.global.image.pullPolicy) . -}} 19 | {{- end -}} 20 | {{- define "neurox-control-manager.image.run.registry" -}} 21 | {{- printf "%s/%s" .Values.global.image.baseRegistry .Values.image.run.repository -}} 22 | {{- end -}} 23 | 24 | {{- define "neurox-control-manager.redis.hosts" -}} 25 | {{- $namespace := .Release.Namespace -}} 26 | {{- $redisFullname := .Values.global.redis.fullnameOverride -}} 27 | {{- $hosts := list -}} 28 | {{- range $i := until 3 -}} 29 | {{- $fqdn := printf "%s-node-%d.%s-headless.%s" $redisFullname $i $redisFullname $namespace -}} 30 | {{- $hosts = append $hosts $fqdn -}} 31 | {{- end -}} 32 | {{- join "," $hosts -}} 33 | {{- end -}} 34 | 35 | {{- define "neurox-control-manager.relay.serviceName" -}} 36 | {{- printf "%s-relay-server" (.Values.global.fullnameOverride | default "neurox-control") }} 37 | {{- end }} 38 | {{- define "neurox-control-manager.relay.url" -}} 39 | {{- printf "http://%s.%s:%d" (include "neurox-control-manager.relay.serviceName" .) .Release.Namespace (.Values.global.relay.apiPort | int) }} 40 | {{- end }} 41 | 42 | {{- define "neurox-control-manager.redis.port" -}} 43 | {{- printf "6379" -}} 44 | {{- end -}} 45 | {{- define "neurox-control-manager.redis.service" -}} 46 | {{- $namespace := .Release.Namespace -}} 47 | {{- $redisFullname := .Values.global.redis.fullnameOverride -}} 48 | {{- printf "%s.%s" $redisFullname $namespace -}} 49 | {{- end -}} 50 | -------------------------------------------------------------------------------- /charts/neurox-control-manager/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: '{{ include "neurox-control-manager.fullname" . }}' 6 | namespace: {{ .Release.Namespace }} 7 | imagePullSecrets: 8 | - name: "{{ .Values.global.image.pullSecretName }}" 9 | -------------------------------------------------------------------------------- /charts/neurox-control-manager/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | domain: '' 3 | image: 4 | # Required to be set by parent chart 5 | baseRegistry: registry.neurox.com 6 | pullPolicy: Always 7 | pullSecretName: neurox-image-registry 8 | redis: 9 | fullnameOverride: '' 10 | secret: 11 | name: neurox-control-redis 12 | key: password 13 | relay: 14 | apiPort: 7080 15 | scheduler: 16 | queueName: Scheduler 17 | scheduling: 18 | affinity: {} 19 | nodeSelector: {} 20 | tolerations: [] 21 | nodeEnv: production 22 | log: 23 | level: info 24 | pretty: true 25 | 26 | api: 27 | serviceOverride: 28 | host: 29 | port: 30 | image: 31 | init: 32 | pullPolicy: '' 33 | repository: busybox 34 | tag: 1.37.0-glibc 35 | run: 36 | pullPolicy: '' 37 | repository: control-manager 38 | replicaCount: 1 39 | -------------------------------------------------------------------------------- /charts/neurox-control-portal/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 1.255.0 3 | description: A Helm chart for deploying the Neurox Control Portal 4 | name: neurox-control-portal 5 | version: 1.255.0 6 | -------------------------------------------------------------------------------- /charts/neurox-control-portal/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "neurox-control-portal.fullname" -}} 2 | {{- tpl (.Values.fullnameOverride | default "neurox-control-portal") . -}} 3 | {{- end -}} 4 | 5 | {{- define "neurox-control-portal.useNeuroxDomain" -}} 6 | {{- if or (hasSuffix ".goneurox.com" .Values.global.domain) (hasSuffix ".goneuroxhq.com" .Values.global.domain) -}} 7 | "true" 8 | {{- end -}} 9 | {{- end -}} 10 | 11 | {{- define "neurox-control-portal.annotations" -}} 12 | {{- tpl (.Values.ingress.annotations | default .Values.global.ingress.annotations | toYaml) . -}} 13 | {{- end -}} 14 | 15 | {{- define "neurox-control-portal.host.all" }} 16 | {{- $hosts := list .Values.global.domain -}} 17 | {{- if .Values.global.vanityDomain -}} 18 | {{- $hosts = append $hosts .Values.global.vanityDomain -}} 19 | {{- end }} 20 | {{- join "," $hosts -}} 21 | {{- end }} 22 | 23 | {{- define "neurox-control-portal.host.primary" }} 24 | {{- tpl (.Values.global.vanityDomain | default .Values.global.domain) . -}} 25 | {{- end }} 26 | 27 | {{- define "neurox-control-portal.image.pullPolicy" -}} 28 | {{- tpl (.Values.image.pullPolicy | default .Values.global.image.pullPolicy) . -}} 29 | {{- end -}} 30 | {{- define "neurox-control-portal.image.registry" -}} 31 | {{- printf "%s/%s" .Values.global.image.baseRegistry .Values.image.repository -}} 32 | {{- end -}} 33 | 34 | {{- define "neurox-control-portal.tlsSecretName" -}} 35 | {{- tpl (.Values.ingress.tlsSecretName | default .Values.global.ingress.tlsSecretName) . -}} 36 | {{- end -}} 37 | -------------------------------------------------------------------------------- /charts/neurox-control-portal/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: '{{ include "neurox-control-portal.fullname" . }}' 6 | namespace: "{{ .Release.Namespace }}" 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app: '{{ include "neurox-control-portal.fullname" . }}' 12 | template: 13 | metadata: 14 | labels: 15 | app: '{{ include "neurox-control-portal.fullname" . }}' 16 | spec: 17 | {{- if .Values.global.scheduling.affinity }} 18 | affinity: {{ toYaml .Values.global.scheduling.affinity | nindent 8 }} 19 | {{- end }} 20 | containers: 21 | - name: '{{ include "neurox-control-portal.fullname" . }}' 22 | image: '{{ include "neurox-control-portal.image.registry" . }}:{{ default .Chart.AppVersion .Values.image.tag }}' 23 | imagePullPolicy: '{{ include "neurox-control-portal.image.pullPolicy" . }}' 24 | {{- if .Values.envOverride.intercomAppId }} 25 | env: 26 | - name: INTERCOM_APP_ID 27 | value: '{{ .Values.envOverride.intercomAppId }}' 28 | {{- end }} 29 | ports: 30 | - containerPort: 80 31 | {{- if .Values.global.scheduling.nodeSelector }} 32 | nodeSelector: {{ toYaml .Values.global.scheduling.nodeSelector | nindent 8 }} 33 | {{- end }} 34 | serviceAccountName: '{{ include "neurox-control-portal.fullname" . }}' 35 | {{- if .Values.global.scheduling.tolerations }} 36 | tolerations: {{ toYaml .Values.global.scheduling.tolerations | nindent 8 }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /charts/neurox-control-portal/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: '{{ include "neurox-control-portal.fullname" . }}' 5 | namespace: "{{ .Release.Namespace }}" 6 | spec: 7 | type: ClusterIP 8 | ports: 9 | - port: {{ .Values.service.port }} 10 | targetPort: 80 11 | selector: 12 | app: '{{ include "neurox-control-portal.fullname" . }}' 13 | 14 | -------------------------------------------------------------------------------- /charts/neurox-control-portal/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: '{{ include "neurox-control-portal.fullname" . }}' 5 | namespace: "{{ .Release.Namespace }}" 6 | imagePullSecrets: 7 | - name: "{{ .Values.global.image.pullSecretName}}" 8 | -------------------------------------------------------------------------------- /charts/neurox-control-portal/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | domain: '' 3 | vanityDomain: '' 4 | fullnameOverride: '' 5 | image: 6 | # Required to be set by parent chart 7 | # baseRegistry: registry.neurox.com 8 | pullPolicy: Always 9 | pullSecretName: neurox-image-registry 10 | ingress: 11 | annotations: {} 12 | className: nginx 13 | issuerName: neurox-control 14 | tlsSecretName: neurox-control-tls 15 | useNeuroxIssuer: true 16 | # Control where pods run 17 | scheduling: 18 | affinity: {} 19 | nodeSelector: {} 20 | tolerations: [] 21 | 22 | fullnameOverride: '' 23 | envOverride: 24 | intercomAppId: '' 25 | image: 26 | repository: control-portal 27 | # defaults to the chart version but can be overridden 28 | #tag: latest 29 | pullPolicy: '' 30 | ingress: 31 | annotations: {} 32 | host: '' 33 | tlsSecretName: '' 34 | replicaCount: 1 35 | service: 36 | port: 80 37 | -------------------------------------------------------------------------------- /charts/neurox-workload/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: neurox-workload-agent 3 | repository: oci://ghcr.io/neuroxhq/helm-charts 4 | version: 2.10.2 5 | - name: neurox-workload-manager 6 | repository: oci://ghcr.io/neuroxhq/helm-charts 7 | version: 2.18.0 8 | digest: sha256:4f8763d0e9e7ca901d12b084a35da68b1a53972c5d02e55c14b6a90cb3ac4fd6 9 | generated: "2025-04-28T23:02:01.251452467Z" 10 | -------------------------------------------------------------------------------- /charts/neurox-workload/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.0.4 3 | dependencies: 4 | - alias: agent 5 | condition: agent.enabled,enabled 6 | name: neurox-workload-agent 7 | repository: oci://ghcr.io/neuroxhq/helm-charts 8 | version: 2.10.2 9 | - alias: manager 10 | condition: manager.enabled,enabled 11 | name: neurox-workload-manager 12 | repository: oci://ghcr.io/neuroxhq/helm-charts 13 | version: 2.18.0 14 | description: A Helm chart for deploying the Neurox Workload Cluster 15 | name: neurox-workload 16 | version: 2.0.4 17 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-agent/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.10.2 3 | description: A Helm chart for deploying the Neurox Workload Agent 4 | name: neurox-workload-agent 5 | version: 2.10.2 6 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-agent/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "neurox-workload-agent.fullname" -}} 2 | {{- tpl (.Values.fullnameOverride | default "neurox-workload-agent") . -}} 3 | {{- end -}} 4 | 5 | {{- define "neurox-workload-agent.image.address" -}} 6 | {{- tpl (printf "%s:%s" .Values.image.repository (.Values.image.tag | default .Chart.AppVersion)) . -}} 7 | {{- end -}} 8 | {{- define "neurox-workload-agent.image.pullPolicy" -}} 9 | {{- tpl (.Values.image.pullPolicy | default .Values.global.image.pullPolicy) . -}} 10 | {{- end -}} 11 | {{- define "neurox-workload-agent.image.registry" -}} 12 | {{- printf "%s/%s" .Values.global.image.baseRegistry .Values.image.repository -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-agent/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: '{{ include "neurox-workload-agent.fullname" . }}' 7 | name: '{{ include "neurox-workload-agent.fullname" . }}' 8 | namespace: "{{ .Release.Namespace }}" 9 | spec: 10 | ports: 11 | - name: metrics 12 | port: {{ .Values.service.port }} 13 | targetPort: 8000 14 | selector: 15 | app: '{{ include "neurox-workload-agent.fullname" . }}' 16 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-agent/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: '{{ include "neurox-workload-agent.fullname" . }}' 6 | namespace: "{{ .Release.Namespace }}" 7 | imagePullSecrets: 8 | - name: "{{ .Values.global.image.pullSecretName }}" 9 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-agent/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: '{{ include "neurox-workload-agent.fullname" . }}' 6 | spec: 7 | endpoints: 8 | - port: metrics 9 | interval: 15s 10 | path: /metrics 11 | scheme: http 12 | jobLabel: app 13 | namespaceSelector: 14 | matchNames: 15 | - "{{ .Release.Namespace }}" 16 | selector: 17 | matchLabels: 18 | app: '{{ include "neurox-workload-agent.fullname" . }}' 19 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-agent/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | image: 3 | # Required to be set by parent chart 4 | baseRegistry: registry.neurox.com 5 | pullPolicy: Always 6 | pullSecretName: neurox-image-registry 7 | 8 | nodeEnv: production 9 | 10 | log: 11 | level: info 12 | pretty: true 13 | requests: false 14 | 15 | # Used by parent chart to enable/disable this chart 16 | # Keep commented otherwise the agent will always render 17 | # enabled: true 18 | 19 | # May need override runtimeClassName in very specific cases 20 | runtimeClassName: nvidia 21 | 22 | image: 23 | pullPolicy: '' 24 | repository: workload-agent 25 | # defaults to the agent chart version but can be overridden 26 | #tag: latest 27 | metricsInterval: 15 28 | # true when used in dev 29 | mockData: false 30 | 31 | service: 32 | containerPort: 8000 33 | port: 80 34 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.18.0 3 | description: A Helm chart for deploying the Neurox Workload Manager 4 | name: neurox-workload-manager 5 | version: 2.18.0 6 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "neurox-workload-manager.fullname" -}} 2 | {{- tpl (.Values.fullnameOverride | default "neurox-workload-manager") . -}} 3 | {{- end -}} 4 | 5 | {{- define "neurox-workload-manager.apiUrl" -}} 6 | {{- $apiHost := .Values.api.host | default .Values.global.controlHost -}} 7 | {{- $apiProtocol := "https"}} 8 | {{- $apiPort := int .Values.api.port }} 9 | {{- if .Values.global.workloadCluster.local }} 10 | {{- $localApiServiceName := printf "%s-api" (.Values.global.fullnameOverride | default "neurox-control") }} 11 | {{- $apiHost = $apiHost | default (printf "%s.%s" $localApiServiceName .Release.Namespace) }} 12 | {{- $apiProtocol = "http" }} 13 | {{- if eq $apiPort 443 }} 14 | {{- $apiPort = 80 }} 15 | {{- end }} 16 | {{- end }} 17 | {{- printf "%s://%s:%d" $apiProtocol $apiHost $apiPort }} 18 | {{- end -}} 19 | 20 | {{- define "neurox-workload-manager.chartConfigMap.name" -}} 21 | {{- printf "neurox-workload-%s" .Values.global.chartConfigMap.nameSuffix -}} 22 | {{- end -}} 23 | 24 | {{- define "neurox-workload-manager.image.pullPolicy" -}} 25 | {{- tpl (.Values.image.pullPolicy | default .Values.global.image.pullPolicy) . -}} 26 | {{- end -}} 27 | {{- define "neurox-workload-manager.image.registry" -}} 28 | {{- printf "%s/%s" .Values.global.image.baseRegistry .Values.image.repository -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: '{{ include "neurox-workload-manager.fullname" . }}' 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: '{{ include "neurox-workload-manager.fullname" . }}-cluster' 10 | subjects: 11 | - kind: ServiceAccount 12 | name: '{{ include "neurox-workload-manager.fullname" . }}' 13 | namespace: "{{ .Release.Namespace }}" 14 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.workloadNamespaces }} 2 | --- 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | annotations: 7 | neurox.com/workload.namespace: 'true' 8 | labels: 9 | neurox.com/workload.namespace: 'true' 10 | name: {{ . }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- $parent := . }} 2 | {{- range .Values.workloadNamespaces }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: RoleBinding 6 | metadata: 7 | name: '{{ include "neurox-workload-manager.fullname" $parent }}' 8 | namespace: "{{ . }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: '{{ include "neurox-workload-manager.fullname" $parent }}' 12 | namespace: "{{ $parent.Release.Namespace }}" 13 | roleRef: 14 | kind: ClusterRole 15 | name: '{{ include "neurox-workload-manager.fullname" $parent }}-namespaced' 16 | apiGroup: rbac.authorization.k8s.io 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: '{{ include "neurox-workload-manager.fullname" . }}' 6 | namespace: "{{ .Release.Namespace }}" 7 | spec: 8 | ports: 9 | - port: {{ .Values.service.port }} 10 | targetPort: http 11 | selector: 12 | app: '{{ include "neurox-workload-manager.fullname" . }}' 13 | type: ClusterIP 14 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: '{{ include "neurox-workload-manager.fullname" . }}' 5 | namespace: "{{ .Release.Namespace }}" 6 | imagePullSecrets: 7 | - name: "{{ .Values.global.image.pullSecretName }}" 8 | -------------------------------------------------------------------------------- /charts/neurox-workload/charts/neurox-workload-manager/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | controlHost: '' 3 | 4 | configmap: 5 | name: neurox-workload-cluster 6 | key: clusterId 7 | 8 | image: 9 | # Required to be set by parent chart 10 | baseRegistry: registry.neurox.com 11 | pullPolicy: Always 12 | pullSecretName: neurox-image-registry 13 | 14 | scheduling: 15 | affinity: {} 16 | nodeSelector: {} 17 | tolerations: [] 18 | 19 | workloadCluster: 20 | name: '' 21 | local: false 22 | 23 | chartConfigMap: 24 | nameSuffix: chart 25 | workloadKeys: 26 | name: workloadName 27 | version: workloadVersion 28 | 29 | nodeEnv: production 30 | 31 | log: 32 | level: info 33 | pretty: true 34 | requests: false 35 | 36 | api: 37 | host: '' 38 | port: 443 39 | fullnameOverride: '' 40 | image: 41 | pullPolicy: '' 42 | repository: workload-manager 43 | # defaults to the chart version but can be overridden 44 | # tag: latest 45 | replicaCount: 1 46 | secret: 47 | name: neurox-control-auth 48 | key: shared-secret 49 | service: 50 | port: 80 51 | workloadNamespaces: 52 | - neurox-workloads 53 | -------------------------------------------------------------------------------- /charts/neurox-workload/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: '{{ include "neurox-workload.fullname" . }}-{{ .Values.global.chartConfigMap.nameSuffix }}' 7 | namespace: "{{ .Release.Namespace }}" 8 | data: 9 | {{ .Values.global.chartConfigMap.workloadKeys.name }}: {{ .Chart.Name }} 10 | {{ .Values.global.chartConfigMap.workloadKeys.version }}: {{ .Chart.Version }} 11 | {{ .Values.global.chartConfigMap.workloadKeys.values }}: | 12 | {{ toYaml .Values | nindent 4 }} 13 | --- 14 | apiVersion: v1 15 | kind: ConfigMap 16 | metadata: 17 | name: '{{ include "neurox-workload.fullname" . }}-relay-client' 18 | namespace: "{{ .Release.Namespace }}" 19 | data: 20 | config.yaml: | 21 | services: 22 | - name: neurox-workload-manager 23 | addr: :0 24 | handler: 25 | type: rtcp 26 | listener: 27 | type: rtcp 28 | chain: neurox-control-relay-server 29 | forwarder: 30 | nodes: 31 | - name: neurox-workload-manager 32 | addr: {{ include "neurox-workload.manager.service.address" . }} 33 | chains: 34 | - name: neurox-control-relay-server 35 | hops: 36 | - name: hop-0 37 | nodes: 38 | - name: neurox-control-relay-server 39 | addr: {{ include "neurox-workload.relay.server.address" . }} 40 | connector: 41 | type: tunnel 42 | metadata: 43 | tunnel.id: ${CLUSTER_ID} 44 | tunnel.weight: 1 45 | dialer: 46 | type: {{ include "neurox-workload.relay.protocol" . }} 47 | {{- end }} 48 | -------------------------------------------------------------------------------- /charts/neurox-workload/templates/hooks/3-cleanup-job.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | --- 3 | apiVersion: batch/v1 4 | kind: Job 5 | metadata: 6 | name: '{{ include "neurox-workload.fullname" . }}-cleanup-job-hook' 7 | namespace: "{{ .Release.Namespace }}" 8 | annotations: 9 | helm.sh/hook: pre-install,pre-upgrade 10 | helm.sh/hook-weight: "4" 11 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 12 | spec: 13 | backoffLimit: 1 14 | template: 15 | spec: 16 | {{- if .Values.global.scheduling.affinity }} 17 | affinity: {{ toYaml .Values.global.scheduling.affinity | nindent 8 }} 18 | {{- end }} 19 | containers: 20 | - name: rbac-cleanup 21 | image: "{{ .Values.hooks.image.repository }}:{{ .Values.hooks.image.tag }}" 22 | command: 23 | - /bin/sh 24 | - -c 25 | - | 26 | echo "Cleaning up setup job hook resources..." 27 | kubectl delete rolebinding {{ include "neurox-workload.fullname" . }}-setup-job-hook -n ${NAMESPACE} 28 | kubectl delete role {{ include "neurox-workload.fullname" . }}-setup-job-hook -n ${NAMESPACE} 29 | kubectl delete serviceaccount {{ include "neurox-workload.fullname" . }}-setup-job-hook -n ${NAMESPACE} 30 | 31 | echo "Cleaning up cleanup job rolebinding..." 32 | kubectl delete rolebinding {{ include "neurox-workload.fullname" . }}-cleanup-job-hook -n ${NAMESPACE} 33 | env: 34 | - name: NAMESPACE 35 | valueFrom: 36 | fieldRef: 37 | fieldPath: metadata.namespace 38 | {{- if .Values.global.scheduling.nodeSelector }} 39 | nodeSelector: {{ toYaml .Values.global.scheduling.nodeSelector | nindent 8 }} 40 | {{- end }} 41 | restartPolicy: Never 42 | serviceAccountName: '{{ include "neurox-workload.fullname" . }}-cleanup-job-hook' 43 | {{- if .Values.global.scheduling.tolerations }} 44 | tolerations: {{ toYaml .Values.global.scheduling.tolerations | nindent 8 }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/neurox-workload/templates/prometheus.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheus.enabled }} 2 | --- 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: Prometheus 5 | metadata: 6 | name: '{{ include "neurox-workload.fullname" . }}-metrics-forwarder' 7 | namespace: "{{ .Release.Namespace }}" 8 | spec: 9 | replicas: 1 10 | scrapeInterval: 15s 11 | evaluationInterval: 15s 12 | remoteWrite: 13 | - url: '{{ include "neurox-workload.prometheus.remoteWriteUrl" . }}' 14 | writeRelabelConfigs: 15 | - sourceLabels: [__name__] 16 | regex: '{{ include "neurox-workload.prometheus.metricFilter" . }}' 17 | action: keep 18 | serviceAccountName: '{{ include "neurox-workload.fullname" . }}-prometheus' 19 | serviceMonitorNamespaceSelector: {} 20 | serviceMonitorSelector: {} 21 | initContainers: 22 | - name: init-config-reloader 23 | env: 24 | - name: CLUSTER_ID 25 | valueFrom: 26 | configMapKeyRef: 27 | name: "{{ .Values.global.configmap.name }}" 28 | key: "{{ .Values.global.configmap.key }}" 29 | containers: 30 | - name: config-reloader 31 | env: 32 | - name: CLUSTER_ID 33 | valueFrom: 34 | configMapKeyRef: 35 | name: "{{ .Values.global.configmap.name }}" 36 | key: "{{ .Values.global.configmap.key }}" 37 | enableFeatures: 38 | - expand-external-labels 39 | externalLabels: 40 | neurox_cluster: $(CLUSTER_ID) 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/neurox-workload/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheus.enabled }} 2 | --- 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: '{{ include "neurox-workload.fullname" . }}-prometheus' 7 | namespace: "{{ .Release.Namespace }}" 8 | --- 9 | # Used to scrape prometheus metrics 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRole 12 | metadata: 13 | name: '{{ include "neurox-workload.fullname" . }}-prometheus' 14 | rules: 15 | - apiGroups: 16 | - "" 17 | resources: 18 | - nodes 19 | - nodes/metrics 20 | - pods 21 | - endpoints 22 | - services 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - nonResourceURLs: 28 | - /metrics 29 | - /metrics/cadvisor 30 | verbs: 31 | - get 32 | --- 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | kind: ClusterRoleBinding 35 | metadata: 36 | name: '{{ include "neurox-workload.fullname" . }}-prometheus' 37 | roleRef: 38 | apiGroup: rbac.authorization.k8s.io 39 | kind: ClusterRole 40 | name: '{{ include "neurox-workload.fullname" . }}-prometheus' 41 | subjects: 42 | - kind: ServiceAccount 43 | name: '{{ include "neurox-workload.fullname" . }}-prometheus' 44 | namespace: "{{ .Release.Namespace }}" 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /charts/neurox-workload/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | --- 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: '{{ include "neurox-workload.fullname" . }}-relay-client' 7 | namespace: "{{ .Release.Namespace }}" 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /charts/neurox-workload/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | controlHost: "" 3 | 4 | configmap: 5 | name: neurox-workload-cluster 6 | key: clusterId 7 | 8 | image: 9 | baseRegistry: registry.neurox.com 10 | pullPolicy: Always 11 | pullSecretName: neurox-image-registry 12 | 13 | scheduling: 14 | affinity: {} 15 | nodeSelector: {} 16 | tolerations: [] 17 | 18 | workloadCluster: 19 | name: "" 20 | local: false 21 | 22 | chartConfigMap: 23 | nameSuffix: chart 24 | workloadKeys: 25 | name: workloadName 26 | values: workloadValues 27 | version: workloadVersion 28 | 29 | nodeEnv: production 30 | 31 | log: 32 | level: info 33 | pretty: true 34 | requests: false 35 | 36 | enabled: true 37 | 38 | agent: 39 | # enabled: true 40 | image: 41 | pullPolicy: "" 42 | repository: workload-agent 43 | # defaults to the agent chart version but can be overridden 44 | #tag: latest 45 | service: 46 | port: 80 47 | 48 | hooks: 49 | image: 50 | repository: bitnami/kubectl 51 | tag: 1.31.1 52 | 53 | manager: 54 | # enabled: true 55 | fullnameOverride: "" 56 | image: 57 | pullPolicy: "" 58 | repository: workload-manager 59 | # defaults to the workload-manager chart version but can be overridden 60 | # tag: latest 61 | replicaCount: 1 62 | secret: 63 | name: neurox-control-auth 64 | key: shared-secret 65 | service: 66 | port: 80 67 | workloadNamespaces: 68 | - neurox-workloads 69 | 70 | prometheus: 71 | enabled: true 72 | extraMetrics: [] 73 | remoteWrite: 74 | host: "" 75 | path: /metrics/v1/receive 76 | port: 443 77 | 78 | relay: 79 | image: 80 | init: 81 | pullPolicy: "" 82 | repository: busybox 83 | tag: 1.37.0-glibc 84 | run: 85 | pullPolicy: Always 86 | repository: gogost/gost 87 | tag: 3.0.0 88 | server: 89 | host: "" 90 | port: 443 91 | -------------------------------------------------------------------------------- /charts/redis/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | # img folder 23 | img/ 24 | # Changelog 25 | CHANGELOG.md 26 | -------------------------------------------------------------------------------- /charts/redis/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: oci://registry-1.docker.io/bitnamicharts 4 | version: 2.30.0 5 | digest: sha256:46afdf79eae69065904d430f03f7e5b79a148afed20aa45ee83ba88adc036169 6 | generated: "2025-02-20T04:21:03.219089337Z" 7 | -------------------------------------------------------------------------------- /charts/redis/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Database 3 | images: | 4 | - name: kubectl 5 | image: docker.io/bitnami/kubectl:1.32.2-debian-12-r2 6 | - name: os-shell 7 | image: docker.io/bitnami/os-shell:12-debian-12-r38 8 | - name: redis 9 | image: docker.io/bitnami/redis:7.4.2-debian-12-r4 10 | - name: redis-exporter 11 | image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r9 12 | - name: redis-sentinel 13 | image: docker.io/bitnami/redis-sentinel:7.4.2-debian-12-r4 14 | licenses: Apache-2.0 15 | apiVersion: v2 16 | appVersion: 7.4.2 17 | dependencies: 18 | - name: common 19 | repository: oci://registry-1.docker.io/bitnamicharts 20 | tags: 21 | - bitnami-common 22 | version: 2.x.x 23 | description: Redis(R) is an open source, advanced key-value store. It is often referred 24 | to as a data structure server since keys can contain strings, hashes, lists, sets 25 | and sorted sets. 26 | home: https://bitnami.com 27 | icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/redis/img/redis-stack-220x234.png 28 | keywords: 29 | - redis 30 | - keyvalue 31 | - database 32 | maintainers: 33 | - name: Broadcom, Inc. All Rights Reserved. 34 | url: https://github.com/bitnami/charts 35 | name: redis 36 | sources: 37 | - https://github.com/bitnami/charts/tree/main/bitnami/redis 38 | version: 20.11.3 39 | -------------------------------------------------------------------------------- /charts/redis/charts/common/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | # img folder 24 | img/ 25 | # Changelog 26 | CHANGELOG.md 27 | -------------------------------------------------------------------------------- /charts/redis/charts/common/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Infrastructure 3 | licenses: Apache-2.0 4 | apiVersion: v2 5 | appVersion: 2.30.0 6 | description: A Library Helm Chart for grouping common logic between bitnami charts. 7 | This chart is not deployable by itself. 8 | home: https://bitnami.com 9 | icon: https://dyltqmyl993wv.cloudfront.net/downloads/logos/bitnami-mark.png 10 | keywords: 11 | - common 12 | - helper 13 | - template 14 | - function 15 | - bitnami 16 | maintainers: 17 | - name: Broadcom, Inc. All Rights Reserved. 18 | url: https://github.com/bitnami/charts 19 | name: common 20 | sources: 21 | - https://github.com/bitnami/charts/tree/main/bitnami/common 22 | type: library 23 | version: 2.30.0 24 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Kubernetes standard labels 10 | {{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} 11 | */}} 12 | {{- define "common.labels.standard" -}} 13 | {{- if and (hasKey . "customLabels") (hasKey . "context") -}} 14 | {{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} 15 | {{- with .context.Chart.AppVersion -}} 16 | {{- $_ := set $default "app.kubernetes.io/version" . -}} 17 | {{- end -}} 18 | {{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} 19 | {{- else -}} 20 | app.kubernetes.io/name: {{ include "common.names.name" . }} 21 | helm.sh/chart: {{ include "common.names.chart" . }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | app.kubernetes.io/managed-by: {{ .Release.Service }} 24 | {{- with .Chart.AppVersion }} 25 | app.kubernetes.io/version: {{ . | quote }} 26 | {{- end -}} 27 | {{- end -}} 28 | {{- end -}} 29 | 30 | {{/* 31 | Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector 32 | {{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} 33 | 34 | We don't want to loop over custom labels appending them to the selector 35 | since it's very likely that it will break deployments, services, etc. 36 | However, it's important to overwrite the standard labels if the user 37 | overwrote them on metadata.labels fields. 38 | */}} 39 | {{- define "common.labels.matchLabels" -}} 40 | {{- if and (hasKey . "customLabels") (hasKey . "context") -}} 41 | {{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} 42 | {{- else -}} 43 | app.kubernetes.io/name: {{ include "common.names.name" . }} 44 | app.kubernetes.io/instance: {{ .Release.Name }} 45 | {{- end -}} 46 | {{- end -}} 47 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/_resources.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Return a resource request/limit object based on a given preset. 10 | These presets are for basic testing and not meant to be used in production 11 | {{ include "common.resources.preset" (dict "type" "nano") -}} 12 | */}} 13 | {{- define "common.resources.preset" -}} 14 | {{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} 15 | {{- $presets := dict 16 | "nano" (dict 17 | "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") 18 | "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") 19 | ) 20 | "micro" (dict 21 | "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") 22 | "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") 23 | ) 24 | "small" (dict 25 | "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") 26 | "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") 27 | ) 28 | "medium" (dict 29 | "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") 30 | "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") 31 | ) 32 | "large" (dict 33 | "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") 34 | "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") 35 | ) 36 | "xlarge" (dict 37 | "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") 38 | "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") 39 | ) 40 | "2xlarge" (dict 41 | "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") 42 | "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") 43 | ) 44 | }} 45 | {{- if hasKey $presets .type -}} 46 | {{- index $presets .type | toYaml -}} 47 | {{- else -}} 48 | {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} 49 | {{- end -}} 50 | {{- end -}} 51 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/_storage.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Return the proper Storage Class 10 | {{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} 11 | */}} 12 | {{- define "common.storage.class" -}} 13 | {{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} 14 | {{- if $storageClass -}} 15 | {{- if (eq "-" $storageClass) -}} 16 | {{- printf "storageClassName: \"\"" -}} 17 | {{- else -}} 18 | {{- printf "storageClassName: %s" $storageClass -}} 19 | {{- end -}} 20 | {{- end -}} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/_tplvalues.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Renders a value that contains template perhaps with scope if the scope is present. 9 | Usage: 10 | {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} 11 | {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} 12 | */}} 13 | {{- define "common.tplvalues.render" -}} 14 | {{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} 15 | {{- if contains "{{" (toJson .value) }} 16 | {{- if .scope }} 17 | {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} 18 | {{- else }} 19 | {{- tpl $value .context }} 20 | {{- end }} 21 | {{- else }} 22 | {{- $value }} 23 | {{- end }} 24 | {{- end -}} 25 | 26 | {{/* 27 | Merge a list of values that contains template after rendering them. 28 | Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge 29 | Usage: 30 | {{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} 31 | */}} 32 | {{- define "common.tplvalues.merge" -}} 33 | {{- $dst := dict -}} 34 | {{- range .values -}} 35 | {{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} 36 | {{- end -}} 37 | {{ $dst | toYaml }} 38 | {{- end -}} 39 | 40 | {{/* 41 | Merge a list of values that contains template after rendering them. 42 | Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite 43 | Usage: 44 | {{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} 45 | */}} 46 | {{- define "common.tplvalues.merge-overwrite" -}} 47 | {{- $dst := dict -}} 48 | {{- range .values -}} 49 | {{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} 50 | {{- end -}} 51 | {{ $dst | toYaml }} 52 | {{- end -}} 53 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/validations/_cassandra.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.cassandra.values.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.cassandra.values.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.dbUser.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled cassandra. 25 | 26 | Usage: 27 | {{ include "common.cassandra.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.cassandra.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.cassandra.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for the key dbUser 39 | 40 | Usage: 41 | {{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.cassandra.values.key.dbUser" -}} 46 | {{- if .subchart -}} 47 | cassandra.dbUser 48 | {{- else -}} 49 | dbUser 50 | {{- end -}} 51 | {{- end -}} 52 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/validations/_mongodb.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.mongodb.values.auth.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.mongodb.auth.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.auth.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled mongodb. 25 | 26 | Usage: 27 | {{ include "common.mongodb.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.mongodb.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.mongodb.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for the key auth 39 | 40 | Usage: 41 | {{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.mongodb.values.key.auth" -}} 46 | {{- if .subchart -}} 47 | mongodb.auth 48 | {{- else -}} 49 | auth 50 | {{- end -}} 51 | {{- end -}} 52 | 53 | {{/* 54 | Auxiliary function to get the right value for architecture 55 | 56 | Usage: 57 | {{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} 58 | Params: 59 | - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false 60 | */}} 61 | {{- define "common.mongodb.values.architecture" -}} 62 | {{- if .subchart -}} 63 | {{- .context.Values.mongodb.architecture -}} 64 | {{- else -}} 65 | {{- .context.Values.architecture -}} 66 | {{- end -}} 67 | {{- end -}} 68 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/validations/_mysql.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.mysql.values.auth.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.mysql.auth.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.auth.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled mysql. 25 | 26 | Usage: 27 | {{ include "common.mysql.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.mysql.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.mysql.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for architecture 39 | 40 | Usage: 41 | {{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.mysql.values.architecture" -}} 46 | {{- if .subchart -}} 47 | {{- .context.Values.mysql.architecture -}} 48 | {{- else -}} 49 | {{- .context.Values.architecture -}} 50 | {{- end -}} 51 | {{- end -}} 52 | 53 | {{/* 54 | Auxiliary function to get the right value for the key auth 55 | 56 | Usage: 57 | {{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} 58 | Params: 59 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 60 | */}} 61 | {{- define "common.mysql.values.key.auth" -}} 62 | {{- if .subchart -}} 63 | mysql.auth 64 | {{- else -}} 65 | auth 66 | {{- end -}} 67 | {{- end -}} 68 | -------------------------------------------------------------------------------- /charts/redis/charts/common/templates/validations/_redis.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | 7 | {{/* vim: set filetype=mustache: */}} 8 | {{/* 9 | Auxiliary function to get the right value for enabled redis. 10 | 11 | Usage: 12 | {{ include "common.redis.values.enabled" (dict "context" $) }} 13 | */}} 14 | {{- define "common.redis.values.enabled" -}} 15 | {{- if .subchart -}} 16 | {{- printf "%v" .context.Values.redis.enabled -}} 17 | {{- else -}} 18 | {{- printf "%v" (not .context.Values.enabled) -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{/* 23 | Auxiliary function to get the right prefix path for the values 24 | 25 | Usage: 26 | {{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} 27 | Params: 28 | - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false 29 | */}} 30 | {{- define "common.redis.values.keys.prefix" -}} 31 | {{- if .subchart -}}redis.{{- else -}}{{- end -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Checks whether the redis chart's includes the standarizations (version >= 14) 36 | 37 | Usage: 38 | {{ include "common.redis.values.standarized.version" (dict "context" $) }} 39 | */}} 40 | {{- define "common.redis.values.standarized.version" -}} 41 | 42 | {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} 43 | {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} 44 | 45 | {{- if $standarizedAuthValues -}} 46 | {{- true -}} 47 | {{- end -}} 48 | {{- end -}} 49 | -------------------------------------------------------------------------------- /charts/redis/charts/common/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Broadcom, Inc. All Rights Reserved. 2 | # SPDX-License-Identifier: APACHE-2.0 3 | 4 | ## bitnami/common 5 | ## It is required by CI/CD tools and processes. 6 | ## @skip exampleValue 7 | ## 8 | exampleValue: common-chart 9 | -------------------------------------------------------------------------------- /charts/redis/templates/extra-list.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- range .Values.extraDeploy }} 7 | --- 8 | {{ include "common.tplvalues.render" (dict "value" . "context" $) }} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /charts/redis/templates/headless-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | apiVersion: v1 7 | kind: Service 8 | metadata: 9 | name: {{ printf "%s-headless" (include "common.names.fullname" .) }} 10 | namespace: {{ include "common.names.namespace" . | quote }} 11 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations (include "redis.externalDNS.annotations" .) }} 13 | annotations: 14 | {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} 16 | {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | {{- include "redis.externalDNS.annotations" . | nindent 4 }} 19 | {{- end }} 20 | spec: 21 | type: ClusterIP 22 | clusterIP: None 23 | {{- if .Values.sentinel.enabled }} 24 | publishNotReadyAddresses: true 25 | {{- end }} 26 | ports: 27 | - name: tcp-redis 28 | port: {{ if .Values.sentinel.enabled }}{{ .Values.sentinel.service.ports.redis }}{{ else }}{{ .Values.master.service.ports.redis }}{{ end }} 29 | targetPort: redis 30 | {{- if .Values.sentinel.enabled }} 31 | - name: tcp-sentinel 32 | port: {{ .Values.sentinel.service.ports.sentinel }} 33 | targetPort: redis-sentinel 34 | {{- end }} 35 | {{- if .Values.sentinel.service.headless.extraPorts }} 36 | {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.headless.extraPorts "context" $) | nindent 4 }} 37 | {{- end }} 38 | selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 39 | -------------------------------------------------------------------------------- /charts/redis/templates/master/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | {{- $pdb := coalesce .Values.pdb .Values.master.pdb }} 6 | {{- if and $pdb.create (gt (int64 .Values.master.count) 0) (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ printf "%s-master" (include "common.names.fullname" .) }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: master 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if $pdb.minAvailable }} 19 | minAvailable: {{ $pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or $pdb.maxUnavailable (not $pdb.minAvailable)}} 22 | maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | selector: 25 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} 26 | app.kubernetes.io/component: master 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/redis/templates/master/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }} 7 | apiVersion: policy/v1beta1 8 | kind: PodSecurityPolicy 9 | metadata: 10 | name: {{ printf "%s-master" (include "common.names.fullname" .) }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | allowPrivilegeEscalation: false 18 | fsGroup: 19 | rule: 'MustRunAs' 20 | ranges: 21 | - min: {{ .Values.master.podSecurityContext.fsGroup }} 22 | max: {{ .Values.master.podSecurityContext.fsGroup }} 23 | hostIPC: false 24 | hostNetwork: false 25 | hostPID: false 26 | privileged: false 27 | readOnlyRootFilesystem: false 28 | requiredDropCapabilities: 29 | - ALL 30 | runAsUser: 31 | rule: 'MustRunAs' 32 | ranges: 33 | - min: {{ .Values.master.containerSecurityContext.runAsUser }} 34 | max: {{ .Values.master.containerSecurityContext.runAsUser }} 35 | seLinux: 36 | rule: 'RunAsAny' 37 | supplementalGroups: 38 | rule: 'MustRunAs' 39 | ranges: 40 | - min: {{ .Values.master.containerSecurityContext.runAsUser }} 41 | max: {{ .Values.master.containerSecurityContext.runAsUser }} 42 | volumes: 43 | - 'configMap' 44 | - 'secret' 45 | - 'emptyDir' 46 | - 'persistentVolumeClaim' 47 | {{- end }} 48 | -------------------------------------------------------------------------------- /charts/redis/templates/master/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (eq .Values.architecture "standalone") (eq .Values.master.kind "Deployment") (.Values.master.persistence.enabled) (not .Values.master.persistence.existingClaim) }} 7 | kind: PersistentVolumeClaim 8 | apiVersion: v1 9 | metadata: 10 | name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} 14 | app.kubernetes.io/component: master 15 | {{- if .Values.master.persistence.annotations }} 16 | annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | accessModes: 20 | {{- range .Values.master.persistence.accessModes }} 21 | - {{ . | quote }} 22 | {{- end }} 23 | resources: 24 | requests: 25 | storage: {{ .Values.master.persistence.size | quote }} 26 | {{- if .Values.master.persistence.selector }} 27 | selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 4 }} 28 | {{- end }} 29 | {{- if .Values.master.persistence.dataSource }} 30 | dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 4 }} 31 | {{- end }} 32 | {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 2 }} 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/redis/templates/master/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.master.serviceAccount.create (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }} 10 | metadata: 11 | name: {{ template "redis.masterServiceAccountName" . }} 12 | namespace: {{ include "common.names.namespace" . | quote }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 14 | {{- if or .Values.master.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/redis/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} 7 | apiVersion: monitoring.coreos.com/v1 8 | kind: PrometheusRule 9 | metadata: 10 | name: {{ template "common.names.fullname" . }} 11 | namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.metrics.prometheusRule.additionalLabels }} 14 | {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} 15 | {{- end }} 16 | {{- if .Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | groups: 21 | - name: {{ include "common.names.fullname" . }} 22 | rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/redis/templates/replicas/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.replica.autoscaling.enabled (not .Values.sentinel.enabled) }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: replica 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} 20 | kind: StatefulSet 21 | name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} 22 | minReplicas: {{ .Values.replica.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.replica.autoscaling.targetCPU }} 26 | - type: Resource 27 | resource: 28 | name: cpu 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.replica.autoscaling.targetMemory }} 38 | - type: Resource 39 | resource: 40 | name: memory 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/redis/templates/replicas/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} 7 | {{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) $pdb.create }} 8 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 9 | kind: PodDisruptionBudget 10 | metadata: 11 | name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} 12 | namespace: {{ include "common.names.namespace" . | quote }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 14 | app.kubernetes.io/component: replica 15 | {{- if .Values.commonAnnotations }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if $pdb.minAvailable }} 20 | minAvailable: {{ $pdb.minAvailable }} 21 | {{- end }} 22 | {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} 23 | maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} 24 | {{- end }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: replica 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/redis/templates/replicas/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.replica.serviceAccount.create (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }} 10 | metadata: 11 | name: {{ template "redis.replicaServiceAccountName" . }} 12 | namespace: {{ include "common.names.namespace" . | quote }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 14 | {{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/redis/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.rbac.create }} 7 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 8 | kind: Role 9 | metadata: 10 | name: {{ template "common.names.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | rules: 17 | {{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.enabled }} 18 | - apiGroups: 19 | - '{{ template "podSecurityPolicy.apiGroup" . }}' 20 | resources: 21 | - 'podsecuritypolicies' 22 | verbs: 23 | - 'use' 24 | resourceNames: [{{ printf "%s-master" (include "common.names.fullname" .) }}] 25 | {{- end }} 26 | {{- if and .Values.sentinel.enabled (or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster) }} 27 | - apiGroups: [""] 28 | resources: ["pods"] 29 | verbs: ["list", "patch"] 30 | {{- end -}} 31 | {{- if .Values.rbac.rules }} 32 | {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} 33 | {{- end }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/redis/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.rbac.create }} 7 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 8 | kind: RoleBinding 9 | metadata: 10 | name: {{ template "common.names.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: Role 19 | name: {{ template "common.names.fullname" . }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ template "redis.serviceAccountName" . }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/redis/templates/secret-svcbind.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.serviceBindings.enabled }} 7 | {{- $host := include "common.names.fullname" . }} 8 | {{- if not .Values.sentinel.enabled }} 9 | {{- $host = printf "%s-master" (include "common.names.fullname" .) }} 10 | {{- end }} 11 | {{- $port := print .Values.master.service.ports.redis }} 12 | {{- if .Values.sentinel.enabled }} 13 | {{- $port = print .Values.sentinel.service.ports.redis }} 14 | {{- end }} 15 | {{- $password := include "redis.password" . }} 16 | apiVersion: v1 17 | kind: Secret 18 | metadata: 19 | name: {{ include "common.names.fullname" . }}-svcbind 20 | namespace: {{ include "common.names.namespace" . | quote }} 21 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 22 | {{- if .Values.commonAnnotations }} 23 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 24 | {{- end }} 25 | type: servicebinding.io/redis 26 | data: 27 | provider: {{ print "bitnami" | b64enc | quote }} 28 | type: {{ print "redis" | b64enc | quote }} 29 | host: {{ print $host | b64enc | quote }} 30 | port: {{ print $port | b64enc | quote }} 31 | password: {{ print $password | b64enc | quote }} 32 | {{- if $password }} 33 | uri: {{ printf "redis://:%s@%s:%s" $password $host $port | b64enc | quote }} 34 | {{- else }} 35 | uri: {{ printf "redis://%s:%s" $host $port | b64enc | quote }} 36 | {{- end }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /charts/redis/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (or .Values.auth.usePasswordFileFromSecret (not .Values.auth.usePasswordFiles)) -}} 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: {{ template "common.names.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if or .Values.secretAnnotations .Values.commonAnnotations }} 14 | annotations: 15 | {{- if .Values.secretAnnotations }} 16 | {{- include "common.tplvalues.render" ( dict "value" .Values.secretAnnotations "context" $ ) | nindent 4 }} 17 | {{- end }} 18 | {{- if .Values.commonAnnotations }} 19 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 20 | {{- end }} 21 | {{- end }} 22 | type: Opaque 23 | data: 24 | redis-password: {{ include "redis.password" . | b64enc | quote }} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/redis/templates/sentinel/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.replica.autoscaling.enabled .Values.sentinel.enabled }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ printf "%s-node" (include "common.names.fullname" .) }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: replica 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} 20 | kind: StatefulSet 21 | name: {{ printf "%s-node" (include "common.names.fullname" .) }} 22 | minReplicas: {{ .Values.replica.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.replica.autoscaling.targetMemory }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.replica.autoscaling.targetCPU }} 38 | - type: Resource 39 | resource: 40 | name: cpu 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/redis/templates/sentinel/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | {{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} 6 | {{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled $pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ printf "%s-node" (include "common.names.fullname" .) }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: node 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if $pdb.minAvailable }} 19 | minAvailable: {{ $pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} 22 | maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | selector: 25 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} 26 | app.kubernetes.io/component: node 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/redis/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.serviceAccount.create .Values.sentinel.enabled }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 10 | metadata: 11 | name: {{ template "redis.serviceAccountName" . }} 12 | namespace: {{ include "common.names.namespace" . | quote }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 14 | {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/redis/templates/tls-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "redis.createTlsSecret" .) }} 7 | {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} 8 | {{- $ca := genCA "redis-ca" 365 }} 9 | {{- $releaseNamespace := (include "common.names.namespace" .) }} 10 | {{- $clusterDomain := .Values.clusterDomain }} 11 | {{- $fullname := include "common.names.fullname" . }} 12 | {{- $serviceName := include "common.names.fullname" . }} 13 | {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} 14 | {{- $masterServiceName := printf "%s-master" (include "common.names.fullname" .) }} 15 | {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} 16 | {{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} 17 | apiVersion: v1 18 | kind: Secret 19 | metadata: 20 | name: {{ $secretName }} 21 | namespace: {{ include "common.names.namespace" . | quote }} 22 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 23 | {{- if .Values.commonAnnotations }} 24 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 25 | {{- end }} 26 | type: kubernetes.io/tls 27 | data: 28 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 29 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 30 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/thanos/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | # img folder 23 | img/ 24 | # Changelog 25 | CHANGELOG.md 26 | -------------------------------------------------------------------------------- /charts/thanos/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: minio 3 | repository: oci://registry-1.docker.io/bitnamicharts 4 | version: 15.0.5 5 | - name: common 6 | repository: oci://registry-1.docker.io/bitnamicharts 7 | version: 2.30.0 8 | digest: sha256:c21010fcd391c9564b494e001720005981d7e2ef81aa9ea473e18b7a9324567d 9 | generated: "2025-03-05T05:09:56.729039288Z" 10 | -------------------------------------------------------------------------------- /charts/thanos/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Analytics 3 | images: | 4 | - name: os-shell 5 | image: docker.io/bitnami/os-shell:12-debian-12-r39 6 | - name: thanos 7 | image: docker.io/bitnami/thanos:0.37.2-debian-12-r8 8 | licenses: Apache-2.0 9 | apiVersion: v2 10 | appVersion: 0.37.2 11 | dependencies: 12 | - condition: minio.enabled 13 | name: minio 14 | repository: oci://registry-1.docker.io/bitnamicharts 15 | version: 15.x.x 16 | - name: common 17 | repository: oci://registry-1.docker.io/bitnamicharts 18 | tags: 19 | - bitnami-common 20 | version: 2.x.x 21 | description: Thanos is a highly available metrics system that can be added on top 22 | of existing Prometheus deployments, providing a global query view across all Prometheus 23 | installations. 24 | home: https://bitnami.com 25 | icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/thanos/img/thanos-stack-220x234.png 26 | keywords: 27 | - analytics 28 | - monitoring 29 | - prometheus 30 | - thanos 31 | maintainers: 32 | - name: Broadcom, Inc. All Rights Reserved. 33 | url: https://github.com/bitnami/charts 34 | name: thanos 35 | sources: 36 | - https://github.com/bitnami/charts/tree/main/bitnami/thanos 37 | version: 15.13.2 38 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | # img folder 24 | img/ 25 | # Changelog 26 | CHANGELOG.md 27 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Infrastructure 3 | licenses: Apache-2.0 4 | apiVersion: v2 5 | appVersion: 2.30.0 6 | description: A Library Helm Chart for grouping common logic between bitnami charts. 7 | This chart is not deployable by itself. 8 | home: https://bitnami.com 9 | icon: https://dyltqmyl993wv.cloudfront.net/downloads/logos/bitnami-mark.png 10 | keywords: 11 | - common 12 | - helper 13 | - template 14 | - function 15 | - bitnami 16 | maintainers: 17 | - name: Broadcom, Inc. All Rights Reserved. 18 | url: https://github.com/bitnami/charts 19 | name: common 20 | sources: 21 | - https://github.com/bitnami/charts/tree/main/bitnami/common 22 | type: library 23 | version: 2.30.0 24 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Kubernetes standard labels 10 | {{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} 11 | */}} 12 | {{- define "common.labels.standard" -}} 13 | {{- if and (hasKey . "customLabels") (hasKey . "context") -}} 14 | {{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} 15 | {{- with .context.Chart.AppVersion -}} 16 | {{- $_ := set $default "app.kubernetes.io/version" . -}} 17 | {{- end -}} 18 | {{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} 19 | {{- else -}} 20 | app.kubernetes.io/name: {{ include "common.names.name" . }} 21 | helm.sh/chart: {{ include "common.names.chart" . }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | app.kubernetes.io/managed-by: {{ .Release.Service }} 24 | {{- with .Chart.AppVersion }} 25 | app.kubernetes.io/version: {{ . | quote }} 26 | {{- end -}} 27 | {{- end -}} 28 | {{- end -}} 29 | 30 | {{/* 31 | Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector 32 | {{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} 33 | 34 | We don't want to loop over custom labels appending them to the selector 35 | since it's very likely that it will break deployments, services, etc. 36 | However, it's important to overwrite the standard labels if the user 37 | overwrote them on metadata.labels fields. 38 | */}} 39 | {{- define "common.labels.matchLabels" -}} 40 | {{- if and (hasKey . "customLabels") (hasKey . "context") -}} 41 | {{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} 42 | {{- else -}} 43 | app.kubernetes.io/name: {{ include "common.names.name" . }} 44 | app.kubernetes.io/instance: {{ .Release.Name }} 45 | {{- end -}} 46 | {{- end -}} 47 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/_resources.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Return a resource request/limit object based on a given preset. 10 | These presets are for basic testing and not meant to be used in production 11 | {{ include "common.resources.preset" (dict "type" "nano") -}} 12 | */}} 13 | {{- define "common.resources.preset" -}} 14 | {{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} 15 | {{- $presets := dict 16 | "nano" (dict 17 | "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") 18 | "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") 19 | ) 20 | "micro" (dict 21 | "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") 22 | "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") 23 | ) 24 | "small" (dict 25 | "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") 26 | "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") 27 | ) 28 | "medium" (dict 29 | "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") 30 | "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") 31 | ) 32 | "large" (dict 33 | "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") 34 | "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") 35 | ) 36 | "xlarge" (dict 37 | "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") 38 | "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") 39 | ) 40 | "2xlarge" (dict 41 | "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") 42 | "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") 43 | ) 44 | }} 45 | {{- if hasKey $presets .type -}} 46 | {{- index $presets .type | toYaml -}} 47 | {{- else -}} 48 | {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} 49 | {{- end -}} 50 | {{- end -}} 51 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/_storage.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Return the proper Storage Class 10 | {{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} 11 | */}} 12 | {{- define "common.storage.class" -}} 13 | {{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} 14 | {{- if $storageClass -}} 15 | {{- if (eq "-" $storageClass) -}} 16 | {{- printf "storageClassName: \"\"" -}} 17 | {{- else -}} 18 | {{- printf "storageClassName: %s" $storageClass -}} 19 | {{- end -}} 20 | {{- end -}} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/_tplvalues.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Renders a value that contains template perhaps with scope if the scope is present. 9 | Usage: 10 | {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} 11 | {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} 12 | */}} 13 | {{- define "common.tplvalues.render" -}} 14 | {{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} 15 | {{- if contains "{{" (toJson .value) }} 16 | {{- if .scope }} 17 | {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} 18 | {{- else }} 19 | {{- tpl $value .context }} 20 | {{- end }} 21 | {{- else }} 22 | {{- $value }} 23 | {{- end }} 24 | {{- end -}} 25 | 26 | {{/* 27 | Merge a list of values that contains template after rendering them. 28 | Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge 29 | Usage: 30 | {{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} 31 | */}} 32 | {{- define "common.tplvalues.merge" -}} 33 | {{- $dst := dict -}} 34 | {{- range .values -}} 35 | {{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} 36 | {{- end -}} 37 | {{ $dst | toYaml }} 38 | {{- end -}} 39 | 40 | {{/* 41 | Merge a list of values that contains template after rendering them. 42 | Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite 43 | Usage: 44 | {{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} 45 | */}} 46 | {{- define "common.tplvalues.merge-overwrite" -}} 47 | {{- $dst := dict -}} 48 | {{- range .values -}} 49 | {{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} 50 | {{- end -}} 51 | {{ $dst | toYaml }} 52 | {{- end -}} 53 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/validations/_cassandra.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.cassandra.values.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.cassandra.values.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.dbUser.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled cassandra. 25 | 26 | Usage: 27 | {{ include "common.cassandra.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.cassandra.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.cassandra.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for the key dbUser 39 | 40 | Usage: 41 | {{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.cassandra.values.key.dbUser" -}} 46 | {{- if .subchart -}} 47 | cassandra.dbUser 48 | {{- else -}} 49 | dbUser 50 | {{- end -}} 51 | {{- end -}} 52 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/validations/_mongodb.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.mongodb.values.auth.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.mongodb.auth.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.auth.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled mongodb. 25 | 26 | Usage: 27 | {{ include "common.mongodb.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.mongodb.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.mongodb.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for the key auth 39 | 40 | Usage: 41 | {{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.mongodb.values.key.auth" -}} 46 | {{- if .subchart -}} 47 | mongodb.auth 48 | {{- else -}} 49 | auth 50 | {{- end -}} 51 | {{- end -}} 52 | 53 | {{/* 54 | Auxiliary function to get the right value for architecture 55 | 56 | Usage: 57 | {{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} 58 | Params: 59 | - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false 60 | */}} 61 | {{- define "common.mongodb.values.architecture" -}} 62 | {{- if .subchart -}} 63 | {{- .context.Values.mongodb.architecture -}} 64 | {{- else -}} 65 | {{- .context.Values.architecture -}} 66 | {{- end -}} 67 | {{- end -}} 68 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/validations/_mysql.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.mysql.values.auth.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.mysql.auth.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.auth.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled mysql. 25 | 26 | Usage: 27 | {{ include "common.mysql.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.mysql.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.mysql.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for architecture 39 | 40 | Usage: 41 | {{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.mysql.values.architecture" -}} 46 | {{- if .subchart -}} 47 | {{- .context.Values.mysql.architecture -}} 48 | {{- else -}} 49 | {{- .context.Values.architecture -}} 50 | {{- end -}} 51 | {{- end -}} 52 | 53 | {{/* 54 | Auxiliary function to get the right value for the key auth 55 | 56 | Usage: 57 | {{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} 58 | Params: 59 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 60 | */}} 61 | {{- define "common.mysql.values.key.auth" -}} 62 | {{- if .subchart -}} 63 | mysql.auth 64 | {{- else -}} 65 | auth 66 | {{- end -}} 67 | {{- end -}} 68 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/templates/validations/_redis.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | 7 | {{/* vim: set filetype=mustache: */}} 8 | {{/* 9 | Auxiliary function to get the right value for enabled redis. 10 | 11 | Usage: 12 | {{ include "common.redis.values.enabled" (dict "context" $) }} 13 | */}} 14 | {{- define "common.redis.values.enabled" -}} 15 | {{- if .subchart -}} 16 | {{- printf "%v" .context.Values.redis.enabled -}} 17 | {{- else -}} 18 | {{- printf "%v" (not .context.Values.enabled) -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{/* 23 | Auxiliary function to get the right prefix path for the values 24 | 25 | Usage: 26 | {{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} 27 | Params: 28 | - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false 29 | */}} 30 | {{- define "common.redis.values.keys.prefix" -}} 31 | {{- if .subchart -}}redis.{{- else -}}{{- end -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Checks whether the redis chart's includes the standarizations (version >= 14) 36 | 37 | Usage: 38 | {{ include "common.redis.values.standarized.version" (dict "context" $) }} 39 | */}} 40 | {{- define "common.redis.values.standarized.version" -}} 41 | 42 | {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} 43 | {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} 44 | 45 | {{- if $standarizedAuthValues -}} 46 | {{- true -}} 47 | {{- end -}} 48 | {{- end -}} 49 | -------------------------------------------------------------------------------- /charts/thanos/charts/common/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Broadcom, Inc. All Rights Reserved. 2 | # SPDX-License-Identifier: APACHE-2.0 3 | 4 | ## bitnami/common 5 | ## It is required by CI/CD tools and processes. 6 | ## @skip exampleValue 7 | ## 8 | exampleValue: common-chart 9 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | # img folder 23 | img/ 24 | # Changelog 25 | CHANGELOG.md 26 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: oci://registry-1.docker.io/bitnamicharts 4 | version: 2.30.0 5 | digest: sha256:46afdf79eae69065904d430f03f7e5b79a148afed20aa45ee83ba88adc036169 6 | generated: "2025-02-19T23:09:00.050521217Z" 7 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Infrastructure 3 | images: | 4 | - name: minio 5 | image: docker.io/bitnami/minio:2025.2.28-debian-12-r0 6 | - name: minio-client 7 | image: docker.io/bitnami/minio-client:2025.2.21-debian-12-r0 8 | - name: os-shell 9 | image: docker.io/bitnami/os-shell:12-debian-12-r39 10 | licenses: Apache-2.0 11 | apiVersion: v2 12 | appVersion: 2025.2.28 13 | dependencies: 14 | - name: common 15 | repository: oci://registry-1.docker.io/bitnamicharts 16 | tags: 17 | - bitnami-common 18 | version: 2.x.x 19 | description: MinIO(R) is an object storage server, compatible with Amazon S3 cloud 20 | storage service, mainly used for storing unstructured data (such as photos, videos, 21 | log files, etc.). 22 | home: https://bitnami.com 23 | icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/minio/img/minio-stack-220x234.png 24 | keywords: 25 | - minio 26 | - storage 27 | - object-storage 28 | - s3 29 | - cluster 30 | maintainers: 31 | - name: Broadcom, Inc. All Rights Reserved. 32 | url: https://github.com/bitnami/charts 33 | name: minio 34 | sources: 35 | - https://github.com/bitnami/charts/tree/main/bitnami/minio 36 | version: 15.0.5 37 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | # img folder 24 | img/ 25 | # Changelog 26 | CHANGELOG.md 27 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Infrastructure 3 | licenses: Apache-2.0 4 | apiVersion: v2 5 | appVersion: 2.30.0 6 | description: A Library Helm Chart for grouping common logic between bitnami charts. 7 | This chart is not deployable by itself. 8 | home: https://bitnami.com 9 | icon: https://dyltqmyl993wv.cloudfront.net/downloads/logos/bitnami-mark.png 10 | keywords: 11 | - common 12 | - helper 13 | - template 14 | - function 15 | - bitnami 16 | maintainers: 17 | - name: Broadcom, Inc. All Rights Reserved. 18 | url: https://github.com/bitnami/charts 19 | name: common 20 | sources: 21 | - https://github.com/bitnami/charts/tree/main/bitnami/common 22 | type: library 23 | version: 2.30.0 24 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Kubernetes standard labels 10 | {{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} 11 | */}} 12 | {{- define "common.labels.standard" -}} 13 | {{- if and (hasKey . "customLabels") (hasKey . "context") -}} 14 | {{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} 15 | {{- with .context.Chart.AppVersion -}} 16 | {{- $_ := set $default "app.kubernetes.io/version" . -}} 17 | {{- end -}} 18 | {{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} 19 | {{- else -}} 20 | app.kubernetes.io/name: {{ include "common.names.name" . }} 21 | helm.sh/chart: {{ include "common.names.chart" . }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | app.kubernetes.io/managed-by: {{ .Release.Service }} 24 | {{- with .Chart.AppVersion }} 25 | app.kubernetes.io/version: {{ . | quote }} 26 | {{- end -}} 27 | {{- end -}} 28 | {{- end -}} 29 | 30 | {{/* 31 | Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector 32 | {{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} 33 | 34 | We don't want to loop over custom labels appending them to the selector 35 | since it's very likely that it will break deployments, services, etc. 36 | However, it's important to overwrite the standard labels if the user 37 | overwrote them on metadata.labels fields. 38 | */}} 39 | {{- define "common.labels.matchLabels" -}} 40 | {{- if and (hasKey . "customLabels") (hasKey . "context") -}} 41 | {{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} 42 | {{- else -}} 43 | app.kubernetes.io/name: {{ include "common.names.name" . }} 44 | app.kubernetes.io/instance: {{ .Release.Name }} 45 | {{- end -}} 46 | {{- end -}} 47 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/_resources.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Return a resource request/limit object based on a given preset. 10 | These presets are for basic testing and not meant to be used in production 11 | {{ include "common.resources.preset" (dict "type" "nano") -}} 12 | */}} 13 | {{- define "common.resources.preset" -}} 14 | {{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} 15 | {{- $presets := dict 16 | "nano" (dict 17 | "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") 18 | "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") 19 | ) 20 | "micro" (dict 21 | "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") 22 | "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") 23 | ) 24 | "small" (dict 25 | "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") 26 | "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") 27 | ) 28 | "medium" (dict 29 | "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") 30 | "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") 31 | ) 32 | "large" (dict 33 | "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") 34 | "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") 35 | ) 36 | "xlarge" (dict 37 | "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") 38 | "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") 39 | ) 40 | "2xlarge" (dict 41 | "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") 42 | "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") 43 | ) 44 | }} 45 | {{- if hasKey $presets .type -}} 46 | {{- index $presets .type | toYaml -}} 47 | {{- else -}} 48 | {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} 49 | {{- end -}} 50 | {{- end -}} 51 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/_storage.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | 8 | {{/* 9 | Return the proper Storage Class 10 | {{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} 11 | */}} 12 | {{- define "common.storage.class" -}} 13 | {{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} 14 | {{- if $storageClass -}} 15 | {{- if (eq "-" $storageClass) -}} 16 | {{- printf "storageClassName: \"\"" -}} 17 | {{- else -}} 18 | {{- printf "storageClassName: %s" $storageClass -}} 19 | {{- end -}} 20 | {{- end -}} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/_tplvalues.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Renders a value that contains template perhaps with scope if the scope is present. 9 | Usage: 10 | {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} 11 | {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} 12 | */}} 13 | {{- define "common.tplvalues.render" -}} 14 | {{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} 15 | {{- if contains "{{" (toJson .value) }} 16 | {{- if .scope }} 17 | {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} 18 | {{- else }} 19 | {{- tpl $value .context }} 20 | {{- end }} 21 | {{- else }} 22 | {{- $value }} 23 | {{- end }} 24 | {{- end -}} 25 | 26 | {{/* 27 | Merge a list of values that contains template after rendering them. 28 | Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge 29 | Usage: 30 | {{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} 31 | */}} 32 | {{- define "common.tplvalues.merge" -}} 33 | {{- $dst := dict -}} 34 | {{- range .values -}} 35 | {{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} 36 | {{- end -}} 37 | {{ $dst | toYaml }} 38 | {{- end -}} 39 | 40 | {{/* 41 | Merge a list of values that contains template after rendering them. 42 | Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite 43 | Usage: 44 | {{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} 45 | */}} 46 | {{- define "common.tplvalues.merge-overwrite" -}} 47 | {{- $dst := dict -}} 48 | {{- range .values -}} 49 | {{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} 50 | {{- end -}} 51 | {{ $dst | toYaml }} 52 | {{- end -}} 53 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/validations/_cassandra.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.cassandra.values.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.cassandra.values.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.dbUser.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled cassandra. 25 | 26 | Usage: 27 | {{ include "common.cassandra.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.cassandra.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.cassandra.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for the key dbUser 39 | 40 | Usage: 41 | {{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.cassandra.values.key.dbUser" -}} 46 | {{- if .subchart -}} 47 | cassandra.dbUser 48 | {{- else -}} 49 | dbUser 50 | {{- end -}} 51 | {{- end -}} 52 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/validations/_mongodb.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.mongodb.values.auth.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.mongodb.auth.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.auth.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled mongodb. 25 | 26 | Usage: 27 | {{ include "common.mongodb.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.mongodb.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.mongodb.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for the key auth 39 | 40 | Usage: 41 | {{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.mongodb.values.key.auth" -}} 46 | {{- if .subchart -}} 47 | mongodb.auth 48 | {{- else -}} 49 | auth 50 | {{- end -}} 51 | {{- end -}} 52 | 53 | {{/* 54 | Auxiliary function to get the right value for architecture 55 | 56 | Usage: 57 | {{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} 58 | Params: 59 | - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false 60 | */}} 61 | {{- define "common.mongodb.values.architecture" -}} 62 | {{- if .subchart -}} 63 | {{- .context.Values.mongodb.architecture -}} 64 | {{- else -}} 65 | {{- .context.Values.architecture -}} 66 | {{- end -}} 67 | {{- end -}} 68 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/validations/_mysql.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Auxiliary function to get the right value for existingSecret. 9 | 10 | Usage: 11 | {{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} 12 | Params: 13 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 14 | */}} 15 | {{- define "common.mysql.values.auth.existingSecret" -}} 16 | {{- if .subchart -}} 17 | {{- .context.Values.mysql.auth.existingSecret | quote -}} 18 | {{- else -}} 19 | {{- .context.Values.auth.existingSecret | quote -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{/* 24 | Auxiliary function to get the right value for enabled mysql. 25 | 26 | Usage: 27 | {{ include "common.mysql.values.enabled" (dict "context" $) }} 28 | */}} 29 | {{- define "common.mysql.values.enabled" -}} 30 | {{- if .subchart -}} 31 | {{- printf "%v" .context.Values.mysql.enabled -}} 32 | {{- else -}} 33 | {{- printf "%v" (not .context.Values.enabled) -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Auxiliary function to get the right value for architecture 39 | 40 | Usage: 41 | {{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} 42 | Params: 43 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 44 | */}} 45 | {{- define "common.mysql.values.architecture" -}} 46 | {{- if .subchart -}} 47 | {{- .context.Values.mysql.architecture -}} 48 | {{- else -}} 49 | {{- .context.Values.architecture -}} 50 | {{- end -}} 51 | {{- end -}} 52 | 53 | {{/* 54 | Auxiliary function to get the right value for the key auth 55 | 56 | Usage: 57 | {{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} 58 | Params: 59 | - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false 60 | */}} 61 | {{- define "common.mysql.values.key.auth" -}} 62 | {{- if .subchart -}} 63 | mysql.auth 64 | {{- else -}} 65 | auth 66 | {{- end -}} 67 | {{- end -}} 68 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/templates/validations/_redis.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | 7 | {{/* vim: set filetype=mustache: */}} 8 | {{/* 9 | Auxiliary function to get the right value for enabled redis. 10 | 11 | Usage: 12 | {{ include "common.redis.values.enabled" (dict "context" $) }} 13 | */}} 14 | {{- define "common.redis.values.enabled" -}} 15 | {{- if .subchart -}} 16 | {{- printf "%v" .context.Values.redis.enabled -}} 17 | {{- else -}} 18 | {{- printf "%v" (not .context.Values.enabled) -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{/* 23 | Auxiliary function to get the right prefix path for the values 24 | 25 | Usage: 26 | {{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} 27 | Params: 28 | - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false 29 | */}} 30 | {{- define "common.redis.values.keys.prefix" -}} 31 | {{- if .subchart -}}redis.{{- else -}}{{- end -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Checks whether the redis chart's includes the standarizations (version >= 14) 36 | 37 | Usage: 38 | {{ include "common.redis.values.standarized.version" (dict "context" $) }} 39 | */}} 40 | {{- define "common.redis.values.standarized.version" -}} 41 | 42 | {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} 43 | {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} 44 | 45 | {{- if $standarizedAuthValues -}} 46 | {{- true -}} 47 | {{- end -}} 48 | {{- end -}} 49 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/charts/common/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Broadcom, Inc. All Rights Reserved. 2 | # SPDX-License-Identifier: APACHE-2.0 3 | 4 | ## bitnami/common 5 | ## It is required by CI/CD tools and processes. 6 | ## @skip exampleValue 7 | ## 8 | exampleValue: common-chart 9 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/distributed/headless-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (eq .Values.mode "distributed") }} 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} 14 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} 15 | annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | type: ClusterIP 19 | clusterIP: None 20 | ports: 21 | - name: minio-api 22 | port: {{ .Values.service.ports.api }} 23 | targetPort: minio-api 24 | - name: minio-console 25 | port: {{ .Values.service.ports.console }} 26 | targetPort: minio-console 27 | publishNotReadyAddresses: true 28 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} 29 | selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/extra-list.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- range .Values.extraDeploy }} 7 | --- 8 | {{ include "common.tplvalues.render" (dict "value" . "context" $) }} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "common.names.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | {{- if .Values.pdb.minAvailable }} 18 | minAvailable: {{ .Values.pdb.minAvailable }} 19 | {{- end }} 20 | {{- if or .Values.pdb.maxUnavailable ( not .Values.pdb.minAvailable ) }} 21 | maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }} 22 | {{- end }} 23 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} 24 | selector: 25 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} 7 | {{- $releaseNamespace := default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace }} 8 | apiVersion: monitoring.coreos.com/v1 9 | kind: PrometheusRule 10 | metadata: 11 | name: {{ include "common.names.fullname" . }} 12 | namespace: {{ $releaseNamespace | quote }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 14 | app.kubernetes.io/component: metrics 15 | {{- if .Values.metrics.prometheusRule.additionalLabels }} 16 | {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} 17 | {{- end }} 18 | {{- if .Values.commonAnnotations }} 19 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 20 | {{- end }} 21 | spec: 22 | groups: 23 | - name: {{ include "common.names.fullname" . }} 24 | rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/provisioning-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.provisioning.enabled .Values.provisioning.networkPolicy.enabled }} 7 | kind: NetworkPolicy 8 | apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} 9 | metadata: 10 | name: {{ printf "%s-provisioning" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} 18 | podSelector: 19 | matchLabels: 20 | app.kubernetes.io/component: minio-provisioning 21 | policyTypes: 22 | - Ingress 23 | - Egress 24 | {{- if .Values.provisioning.networkPolicy.allowExternalEgress }} 25 | egress: 26 | - {} 27 | {{- else }} 28 | egress: 29 | # Allow dns resolution 30 | - ports: 31 | - port: 53 32 | protocol: UDP 33 | # Allow outbound connections to other cluster pods 34 | - ports: 35 | - port: {{ .Values.containerPorts.api }} 36 | - port: {{ .Values.containerPorts.console }} 37 | - port: {{ .Values.service.ports.api }} 38 | - port: {{ .Values.service.ports.console }} 39 | to: 40 | - podSelector: 41 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} 42 | {{- if .Values.provisioning.networkPolicy.extraEgress }} 43 | {{- include "common.tplvalues.render" ( dict "value" .Values.dataCoord.networkPolicy.extraEgress "context" $ ) | nindent 4 }} 44 | {{- end }} 45 | {{- end }} 46 | ingress: 47 | {{- if .Values.provisioning.networkPolicy.extraIngress }} 48 | {{- include "common.tplvalues.render" ( dict "value" .Values.initJob.networkPolicy.extraIngress "context" $ ) | nindent 4 }} 49 | {{- end }} 50 | {{- end }} 51 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "minio.createPVC" .) }} 7 | kind: PersistentVolumeClaim 8 | apiVersion: v1 9 | metadata: 10 | name: {{ include "common.names.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if or .Values.persistence.annotations .Values.commonAnnotations }} 14 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} 15 | annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | accessModes: 19 | {{- range .Values.persistence.accessModes }} 20 | - {{ . | quote }} 21 | {{- end }} 22 | resources: 23 | requests: 24 | storage: {{ .Values.persistence.size | quote }} 25 | {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "minio.createSecret" .) }} 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: {{ include "common.names.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | type: Opaque 17 | data: 18 | root-user: {{ include "minio.secret.userValue" . }} 19 | root-password: {{ include "minio.secret.passwordValue" . }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/thanos/charts/minio/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ template "minio.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} 14 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 15 | annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} 16 | {{- end }} 17 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 18 | secrets: 19 | - name: {{ include "common.names.fullname" . }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/thanos/templates/bucketweb/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.bucketweb.enabled .Values.bucketweb.autoscaling.enabled }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ include "thanos.bucketweb.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} 20 | kind: Deployment 21 | name: {{ include "thanos.bucketweb.fullname" . }} 22 | minReplicas: {{ .Values.bucketweb.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.bucketweb.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.bucketweb.autoscaling.targetMemory }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.bucketweb.autoscaling.targetMemory }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.bucketweb.autoscaling.targetMemory }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.bucketweb.autoscaling.targetCPU }} 38 | - type: Resource 39 | resource: 40 | name: cpu 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.bucketweb.autoscaling.targetCPU }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.bucketweb.autoscaling.targetCPU }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/thanos/templates/bucketweb/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.bucketweb.enabled .Values.bucketweb.pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "thanos.bucketweb.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: bucketweb 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.bucketweb.pdb.minAvailable }} 19 | minAvailable: {{ .Values.bucketweb.pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or .Values.bucketweb.pdb.maxUnavailable ( not .Values.bucketweb.pdb.minAvailable ) }} 22 | maxUnavailable: {{ .Values.bucketweb.pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.podLabels .Values.commonLabels ) "context" . ) }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: bucketweb 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/bucketweb/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.bucketweb.enabled .Values.bucketweb.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.bucketweb.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: bucketweb 14 | {{- if or .Values.bucketweb.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.bucketweb.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/bucketweb/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.bucketweb.ingress.enabled }} 7 | {{- if .Values.bucketweb.ingress.secrets }} 8 | {{- range .Values.bucketweb.ingress.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-bucketweb 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: bucketweb 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.bucketweb.ingress.tls .Values.bucketweb.ingress.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.bucketweb.ingress.hostname }} 28 | {{- $ca := genCA "thanos-bucketweb-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.bucketweb.ingress.hostname nil (list .Values.bucketweb.ingress.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: bucketweb 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 43 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 44 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/thanos/templates/compactor/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.compactor.enabled (not .Values.compactor.cronJob.enabled) }} 7 | apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} 8 | kind: Deployment 9 | metadata: 10 | name: {{ include "thanos.compactor.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: compactor 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | replicas: 1 19 | revisionHistoryLimit: {{ .Values.compactor.revisionHistoryLimit }} 20 | {{- if .Values.compactor.updateStrategy }} 21 | strategy: {{- toYaml .Values.compactor.updateStrategy | nindent 4 }} 22 | {{- end }} 23 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} 24 | selector: 25 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 26 | app.kubernetes.io/component: compactor 27 | template: 28 | {{- include "thanos.compactor.podTemplate" . | nindent 4 }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/thanos/templates/compactor/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.compactor.persistence.enabled (not (or .Values.compactor.persistence.existingClaim .Values.compactor.persistence.ephemeral)) .Values.compactor.enabled }} 7 | kind: PersistentVolumeClaim 8 | apiVersion: v1 9 | metadata: 10 | name: {{ include "thanos.compactor.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.labels .Values.commonLabels ) "context" . ) }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} 14 | app.kubernetes.io/component: compactor 15 | {{- if or .Values.compactor.persistence.annotations .Values.commonAnnotations }} 16 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.annotations .Values.commonAnnotations ) "context" . ) }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | accessModes: 21 | {{- range .Values.compactor.persistence.accessModes }} 22 | - {{ . | quote }} 23 | {{- end }} 24 | resources: 25 | requests: 26 | storage: {{ .Values.compactor.persistence.size | quote }} 27 | {{- include "common.storage.class" (dict "persistence" .Values.compactor.persistence "global" .Values.global) | nindent 2 }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/compactor/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.compactor.enabled .Values.compactor.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.compactor.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: compactor 14 | {{- if or .Values.compactor.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.compactor.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/compactor/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.compactor.ingress.enabled }} 7 | {{- if .Values.compactor.ingress.secrets }} 8 | {{- range .Values.compactor.ingress.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-compactor 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: compactor 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.compactor.ingress.tls .Values.compactor.ingress.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.compactor.ingress.hostname }} 28 | {{- $ca := genCA "thanos-compactor-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.compactor.ingress.hostname nil (list .Values.compactor.ingress.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: compactor 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 43 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 44 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/thanos/templates/extra-list.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- range .Values.extraDeploy }} 7 | --- 8 | {{ include "common.tplvalues.render" (dict "value" . "context" $) }} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /charts/thanos/templates/http-certs-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.https.enabled (not .Values.https.existingSecret) }} 7 | {{- $secretName := printf "%s-http-certs-secret" (include "common.names.fullname" .) }} 8 | apiVersion: v1 9 | kind: Secret 10 | metadata: 11 | name: {{ $secretName }} 12 | namespace: {{ include "common.names.namespace" . }} 13 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | type: Opaque 18 | data: 19 | {{- if .Values.https.autoGenerated }} 20 | {{- $ca := genCA "thanos-ca" 365 }} 21 | {{- $hostname := printf "%s" (include "common.names.fullname" .) }} 22 | {{- $cert := genSignedCert $hostname nil (list $hostname) 365 $ca }} 23 | {{ .Values.https.certFilename }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.https.certFilename "defaultValue" $cert.Cert "context" $) }} 24 | {{ .Values.https.keyFilename }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.https.keyFilename "defaultValue" $cert.Key "context" $) }} 25 | {{- if .Values.https.clientAuthType }} 26 | {{ .Values.https.caFilename }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.https.caFilename "defaultValue" $ca.Cert "context" $) }} 27 | {{- end }} 28 | {{- else }} 29 | {{ .Values.https.certFilename }}: {{ required "'https.cert' is required when 'https.enabled=true'" .Values.https.cert | b64enc | quote }} 30 | {{ .Values.https.keyFilename }}: {{ required "'https.key' is required when 'https.enabled=true'" .Values.https.key | b64enc | quote }} 31 | {{- if .Values.https.clientAuthType }} 32 | {{ .Values.https.caFilename }}: {{ required "'https.ca' is required when 'https.clientAuthType' is provided" .Values.https.ca | b64enc | quote }} 33 | {{- end }} 34 | {{- end }} 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /charts/thanos/templates/httpconfig-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "thanos.createHttpConfigSecret" .) }} 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: {{ include "common.names.fullname" . }}-http-config-secret 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | stringData: 14 | http-config.yml: |- 15 | {{- if .Values.httpConfig }} 16 | {{- include "common.tplvalues.render" (dict "value" .Values.httpConfig "context" $) | nindent 4 }} 17 | {{- else }} 18 | {{- if .Values.https.enabled }} 19 | tls_server_config: 20 | cert_file: /certs/{{ .Values.https.certFilename }} 21 | key_file: /certs/{{ .Values.https.keyFilename }} 22 | {{- if .Values.https.clientAuthType }} 23 | client_auth_type: {{ .Values.https.clientAuthType }} 24 | # CA certificate for client certificate authentication to the server. 25 | client_ca_file: /certs/{{ .Values.https.caFilename }} 26 | {{- end }} 27 | {{- if .Values.https.extraTlsServerConfig }} 28 | {{- include "common.tplvalues.render" (dict "value" .Values.https.extraTlsServerConfig "context" $) | nindent 6 }} 29 | {{- end }} 30 | {{- end }} 31 | {{- if .Values.auth.basicAuthUsers }} 32 | basic_auth_users: 33 | {{- range $user, $password := .Values.auth.basicAuthUsers }} 34 | {{ $user }}: {{ (split ":" (htpasswd $user $password))._1 }} 35 | {{- end }} 36 | {{- end }} 37 | {{- end }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /charts/thanos/templates/objstore-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "thanos.createObjstoreSecret" .) }} 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: {{ include "common.names.fullname" . }}-objstore-secret 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | data: 14 | {{- include "thanos.objstoreConfig" . | nindent 2 }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/thanos/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.groups }} 7 | apiVersion: monitoring.coreos.com/v1 8 | kind: PrometheusRule 9 | metadata: 10 | name: {{ template "common.names.fullname" . }} 11 | namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.metrics.prometheusRule.additionalLabels }} 14 | {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} 15 | {{- end }} 16 | {{- if .Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | groups: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.groups "context" $ ) | nindent 2 }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "thanos.queryFrontend.createConfigmap" .) }} 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ include "thanos.query-frontend.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query-frontend 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | data: 18 | {{- include "thanos.queryFrontendConfigMap" . | nindent 2 }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.queryFrontend.enabled .Values.queryFrontend.autoscaling.enabled }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ include "thanos.query-frontend.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query-frontend 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} 20 | kind: Deployment 21 | name: {{ include "thanos.query-frontend.fullname" . }} 22 | minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.queryFrontend.autoscaling.targetMemory }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.queryFrontend.autoscaling.targetMemory }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.queryFrontend.autoscaling.targetMemory }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.queryFrontend.autoscaling.targetCPU }} 38 | - type: Resource 39 | resource: 40 | name: cpu 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.queryFrontend.autoscaling.targetCPU }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.queryFrontend.autoscaling.targetCPU }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.queryFrontend.enabled .Values.queryFrontend.pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "thanos.query-frontend.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query-frontend 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.queryFrontend.pdb.minAvailable }} 19 | minAvailable: {{ .Values.queryFrontend.pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or .Values.queryFrontend.pdb.maxUnavailable ( not .Values.queryFrontend.pdb.minAvailable ) }} 22 | maxUnavailable: {{ .Values.queryFrontend.pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: query-frontend 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (include "common.capabilities.psp.supported" .) .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create }} 7 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 8 | kind: ClusterRole 9 | metadata: 10 | name: {{ include "thanos.query-frontend.fullname" . }} 11 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | app.kubernetes.io/component: query-frontend 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | rules: 17 | - apiGroups: ['policy'] 18 | resources: ['podsecuritypolicies'] 19 | verbs: ['use'] 20 | resourceNames: 21 | - {{ include "thanos.query-frontend.fullname" . }} 22 | {{- if .Values.queryFrontend.rbac.rules }} 23 | {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.rbac.rules "context" $ ) | nindent 2 }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (include "common.capabilities.psp.supported" .) .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create }} 7 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 8 | kind: ClusterRoleBinding 9 | metadata: 10 | name: {{ include "thanos.query-frontend.fullname" . }} 11 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | app.kubernetes.io/component: query-frontend 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | roleRef: 17 | kind: ClusterRole 18 | name: {{ include "thanos.query-frontend.fullname" . }} 19 | apiGroup: rbac.authorization.k8s.io 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ include "thanos.query-frontend.serviceAccountName" . }} 23 | namespace: {{ include "common.names.namespace" . }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (include "common.capabilities.psp.supported" .) .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create -}} 7 | apiVersion: policy/v1beta1 8 | kind: PodSecurityPolicy 9 | metadata: 10 | name: {{ include "thanos.query-frontend.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query-frontend 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | fsGroup: 19 | rule: RunAsAny 20 | runAsUser: 21 | ranges: 22 | - max: 1001 23 | min: 1001 24 | rule: MustRunAs 25 | seLinux: 26 | rule: RunAsAny 27 | supplementalGroups: 28 | rule: RunAsAny 29 | volumes: 30 | - secret 31 | {{- end -}} 32 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.queryFrontend.enabled .Values.queryFrontend.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.query-frontend.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query-frontend 14 | {{- if or .Values.queryFrontend.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.queryFrontend.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/query-frontend/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.queryFrontend.ingress.enabled }} 7 | {{- if .Values.queryFrontend.ingress.secrets }} 8 | {{- range .Values.queryFrontend.ingress.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-query-frontend 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: query-frontend 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.queryFrontend.ingress.tls .Values.queryFrontend.ingress.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.queryFrontend.ingress.hostname }} 28 | {{- $ca := genCA "thanos-queryFrontend-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.queryFrontend.ingress.hostname nil (list .Values.queryFrontend.ingress.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: query-frontend 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 43 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 44 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.query.enabled .Values.query.pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "thanos.query.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.query.pdb.minAvailable }} 19 | minAvailable: {{ .Values.query.pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or .Values.query.pdb.maxUnavailable ( not .Values.query.pdb.minAvailable ) }} 22 | maxUnavailable: {{ .Values.query.pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: query 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create }} 7 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 8 | kind: ClusterRole 9 | metadata: 10 | name: {{ include "thanos.query.fullname" . }} 11 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | app.kubernetes.io/component: query 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | rules: 17 | - apiGroups: ['policy'] 18 | resources: ['podsecuritypolicies'] 19 | verbs: ['use'] 20 | resourceNames: 21 | - {{ include "thanos.query.fullname" . }} 22 | {{- if .Values.query.rbac.rules }} 23 | {{- include "common.tplvalues.render" ( dict "value" .Values.query.rbac.rules "context" $ ) | nindent 2 }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create }} 7 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 8 | kind: ClusterRoleBinding 9 | metadata: 10 | name: {{ include "thanos.query.fullname" . }} 11 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | app.kubernetes.io/component: query 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | roleRef: 17 | kind: ClusterRole 18 | name: {{ include "thanos.query.fullname" . }} 19 | apiGroup: rbac.authorization.k8s.io 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ include "thanos.query.serviceAccountName" . }} 23 | namespace: {{ include "common.names.namespace" . }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create -}} 7 | apiVersion: policy/v1beta1 8 | kind: PodSecurityPolicy 9 | metadata: 10 | name: {{ include "thanos.query.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | fsGroup: 19 | rule: RunAsAny 20 | runAsUser: 21 | ranges: 22 | - max: 1001 23 | min: 1001 24 | rule: MustRunAs 25 | seLinux: 26 | rule: RunAsAny 27 | supplementalGroups: 28 | rule: RunAsAny 29 | volumes: 30 | - secret 31 | {{- end -}} 32 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/sd-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "thanos.query.createSDConfigmap" .) }} 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ include "thanos.query.fullname" . }}-sd 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | data: 18 | {{- include "thanos.querySDConfigMap" . | nindent 2 }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/service-grpc-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.query.enabled .Values.query.serviceGrpc.additionalHeadless }} 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: {{ include "thanos.query.fullname" . }}-grpc-headless 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query 14 | {{- if or .Values.query.serviceGrpc.headless.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceGrpc.headless.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: ClusterIP 20 | clusterIP: None 21 | ports: 22 | - port: {{ .Values.query.serviceGrpc.ports.grpc }} 23 | targetPort: grpc 24 | protocol: TCP 25 | name: grpc 26 | {{- if .Values.query.serviceGrpc.extraPorts }} 27 | {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.extraPorts "context" $) | nindent 4 }} 28 | {{- end }} 29 | selector: 30 | {{- if .Values.query.serviceGrpc.labelSelectorsOverride }} 31 | {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.labelSelectorsOverride "context" $) | nindent 4 }} 32 | {{- else }} 33 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} 34 | {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} 35 | app.kubernetes.io/component: query 36 | {{- end }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/service-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.query.enabled .Values.query.service.additionalHeadless }} 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: {{ include "thanos.query.fullname" . }}-headless 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query 14 | {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} 15 | {{- if or .Values.query.service.headless.annotations .Values.commonAnnotations }} 16 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | type: ClusterIP 21 | clusterIP: None 22 | ports: 23 | - port: {{ .Values.query.service.ports.http }} 24 | targetPort: http 25 | protocol: TCP 26 | name: http 27 | {{- if .Values.query.service.extraPorts }} 28 | {{- include "common.tplvalues.render" (dict "value" .Values.query.service.extraPorts "context" $) | nindent 4 }} 29 | {{- end }} 30 | selector: 31 | {{- if .Values.query.service.labelSelectorsOverride }} 32 | {{- include "common.tplvalues.render" (dict "value" .Values.query.service.labelSelectorsOverride "context" $) | nindent 4 }} 33 | {{- else }} 34 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} 35 | {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: query 37 | {{- end }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.query.enabled .Values.query.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.query.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: query 14 | {{- if or .Values.query.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.query.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/tls-secrets-grpc.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (.Values.query.ingress.grpc.enabled) (not .Values.query.ingress.grpc.secretName) }} 7 | {{- if .Values.query.ingress.grpc.secrets }} 8 | {{- range .Values.query.ingress.grpc.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-grpc 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: query 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.query.ingress.grpc.tls .Values.query.ingress.grpc.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.query.ingress.grpc.hostname }} 28 | {{- $ca := genCA "thanos-query-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.query.ingress.grpc.hostname nil (list .Values.query.ingress.grpc.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: query 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 43 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 44 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/thanos/templates/query/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (.Values.query.ingress.enabled) (not .Values.query.ingress.secretName) }} 7 | {{- if .Values.query.ingress.secrets }} 8 | {{- range .Values.query.ingress.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-query 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: query 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.query.ingress.tls .Values.query.ingress.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.query.ingress.hostname }} 28 | {{- $ca := genCA "thanos-query-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.query.ingress.hostname nil (list .Values.query.ingress.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: query 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 43 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 44 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive-distributor/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.autoscaling.enabled }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ include "thanos.receive-distributor.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive-distributor 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} 20 | kind: Deployment 21 | name: {{ include "thanos.receive-distributor.fullname" . }} 22 | minReplicas: {{ .Values.receiveDistributor.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.receiveDistributor.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.receiveDistributor.autoscaling.targetMemory }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.receiveDistributor.autoscaling.targetMemory }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.receiveDistributor.autoscaling.targetMemory }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.receiveDistributor.autoscaling.targetCPU }} 38 | - type: Resource 39 | resource: 40 | name: cpu 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.receiveDistributor.autoscaling.targetCPU }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.receiveDistributor.autoscaling.targetCPU }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive-distributor/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "thanos.receive-distributor.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive-distributor 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.receiveDistributor.pdb.minAvailable }} 19 | minAvailable: {{ .Values.receiveDistributor.pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or .Values.receiveDistributor.pdb.maxUnavailable ( not .Values.receiveDistributor.pdb.minAvailable ) }} 22 | maxUnavailable: {{ .Values.receiveDistributor.pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receiveDistributor.podLabels .Values.commonLabels ) "context" . ) }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: receive-distributor 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive-distributor/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.receive-distributor.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive-distributor 14 | {{- if or .Values.receiveDistributor.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receiveDistributor.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.receiveDistributor.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "thanos.receive.createConfigmap" .) }} 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ include "thanos.receive.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | data: 18 | {{- include "thanos.receiveConfigMap" . | nindent 2 }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.receive.enabled .Values.receive.autoscaling.enabled }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ include "thanos.receive.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} 20 | kind: StatefulSet 21 | name: {{ include "thanos.receive.fullname" . }} 22 | minReplicas: {{ .Values.receive.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.receive.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.receive.autoscaling.targetMemory }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.receive.autoscaling.targetMemory }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.receive.autoscaling.targetMemory }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.receive.autoscaling.targetCPU }} 38 | - type: Resource 39 | resource: 40 | name: cpu 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.receive.autoscaling.targetCPU }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.receive.autoscaling.targetCPU }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.receive.enabled .Values.receive.pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "thanos.receive.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.receive.pdb.minAvailable }} 19 | minAvailable: {{ .Values.receive.pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or .Values.receive.pdb.maxUnavailable ( not .Values.receive.pdb.minAvailable ) }} 22 | maxUnavailable: {{ .Values.receive.pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: receive 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive/service-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (.Values.receive.enabled) (.Values.receive.service.additionalHeadless) -}} 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: {{ include "thanos.receive.fullname" . }}-headless 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive 14 | {{- if eq .Values.receive.mode "dual-mode" }} 15 | {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} 16 | {{- end }} 17 | {{- if or .Values.receive.service.headless.annotations .Values.commonAnnotations }} 18 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} 19 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 20 | {{- end }} 21 | spec: 22 | type: ClusterIP 23 | clusterIP: None 24 | ports: 25 | - port: {{ .Values.receive.service.ports.http }} 26 | targetPort: http 27 | protocol: TCP 28 | name: http 29 | - port: {{ .Values.receive.service.ports.grpc }} 30 | targetPort: grpc 31 | protocol: TCP 32 | name: grpc 33 | - port: {{ .Values.receive.service.ports.capnproto }} 34 | targetPort: capnproto 35 | protocol: TCP 36 | name: capnproto 37 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} 38 | selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} 39 | app.kubernetes.io/component: receive 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.receive.enabled .Values.receive.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.receive.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive 14 | {{- if or .Values.receive.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.receive.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/receive/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.receive.ingress.enabled }} 7 | {{- if .Values.receive.ingress.secrets }} 8 | {{- range .Values.receive.ingress.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-receive 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: receive 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.receive.ingress.tls .Values.receive.ingress.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.receive.ingress.hostname }} 28 | {{- $ca := genCA "thanos-receive-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.receive.ingress.hostname nil (list .Values.receive.ingress.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: receive 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 43 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 44 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/thanos/templates/ruler/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "thanos.ruler.createConfigmap" .) }} 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ include "thanos.ruler.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: ruler 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | data: 18 | {{- include "thanos.rulerConfigMap" . | nindent 2 }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/ruler/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.ruler.enabled .Values.ruler.autoscaling.enabled }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ include "thanos.ruler.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: receive 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} 20 | kind: StatefulSet 21 | name: {{ include "thanos.ruler.fullname" . }} 22 | minReplicas: {{ .Values.ruler.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.ruler.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.ruler.autoscaling.targetMemory }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.ruler.autoscaling.targetMemory }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.ruler.autoscaling.targetMemory }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.ruler.autoscaling.targetCPU }} 38 | - type: Resource 39 | resource: 40 | name: cpu 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.ruler.autoscaling.targetCPU }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.ruler.autoscaling.targetCPU }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/thanos/templates/ruler/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.ruler.enabled .Values.ruler.pdb.create }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "thanos.ruler.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: ruler 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.ruler.pdb.minAvailable }} 19 | minAvailable: {{ .Values.ruler.pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or .Values.ruler.pdb.maxUnavailable ( not .Values.ruler.pdb.minAvailable ) }} 22 | maxUnavailable: {{ .Values.ruler.pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: ruler 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/ruler/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.ruler.enabled .Values.ruler.alertmanagersConfig }} 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: {{ include "thanos.ruler.fullname" . }}-alertmanagers-config 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: ruler 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | data: 18 | alertmanagers_config.yml: |- 19 | {{- include "common.tplvalues.render" (dict "value" .Values.ruler.alertmanagersConfig "context" $) | b64enc | nindent 4 }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/thanos/templates/ruler/service-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (.Values.ruler.enabled) (.Values.ruler.service.additionalHeadless) -}} 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: {{ include "thanos.ruler.fullname" . }}-headless 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: ruler 14 | {{- if or .Values.ruler.service.headless.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: ClusterIP 20 | clusterIP: None 21 | ports: 22 | - port: {{ .Values.ruler.service.ports.http }} 23 | targetPort: http 24 | protocol: TCP 25 | name: http 26 | - port: {{ .Values.ruler.service.ports.grpc }} 27 | targetPort: grpc 28 | protocol: TCP 29 | name: grpc 30 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} 31 | selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} 32 | app.kubernetes.io/component: ruler 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/thanos/templates/ruler/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.ruler.enabled .Values.ruler.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.ruler.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: ruler 14 | {{- if or .Values.ruler.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.ruler.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/ruler/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.ruler.ingress.enabled }} 7 | {{- if .Values.ruler.ingress.secrets }} 8 | {{- range .Values.ruler.ingress.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-ruler 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: ruler 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.ruler.ingress.tls .Values.ruler.ingress.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.ruler.ingress.hostname }} 28 | {{- $ca := genCA "thanos-ruler-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.ruler.ingress.hostname nil (list .Values.ruler.ingress.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: ruler 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 43 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 44 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/thanos/templates/storegateway/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "thanos.storegateway.createConfigmap" .) }} 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ include "thanos.storegateway.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: storegateway 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | data: 18 | {{- include "thanos.storegatewayConfigMap" . | nindent 2 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/storegateway/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.storegateway.enabled .Values.storegateway.autoscaling.enabled (not .Values.storegateway.sharded.enabled) }} 7 | apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} 8 | kind: HorizontalPodAutoscaler 9 | metadata: 10 | name: {{ include "thanos.storegateway.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: storegateway 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | scaleTargetRef: 19 | apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} 20 | kind: StatefulSet 21 | name: {{ include "thanos.storegateway.fullname" . }} 22 | minReplicas: {{ .Values.storegateway.autoscaling.minReplicas }} 23 | maxReplicas: {{ .Values.storegateway.autoscaling.maxReplicas }} 24 | metrics: 25 | {{- if .Values.storegateway.autoscaling.targetMemory }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 30 | targetAverageUtilization: {{ .Values.storegateway.autoscaling.targetMemory }} 31 | {{- else }} 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.storegateway.autoscaling.targetMemory }} 35 | {{- end }} 36 | {{- end }} 37 | {{- if .Values.storegateway.autoscaling.targetCPU }} 38 | - type: Resource 39 | resource: 40 | name: cpu 41 | {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} 42 | targetAverageUtilization: {{ .Values.storegateway.autoscaling.targetCPU }} 43 | {{- else }} 44 | target: 45 | type: Utilization 46 | averageUtilization: {{ .Values.storegateway.autoscaling.targetCPU }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/thanos/templates/storegateway/pdb-sharded.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.storegateway.enabled .Values.storegateway.pdb.create .Values.storegateway.sharded.enabled }} 7 | 8 | {{- $shards := int 0 }} 9 | {{- $hashShards := int 1 }} 10 | {{- $timeShards := int 1 }} 11 | {{- if .Values.storegateway.sharded.hashPartitioning.shards }} 12 | {{- $hashShards = int .Values.storegateway.sharded.hashPartitioning.shards }} 13 | {{- end }} 14 | {{- if not (empty .Values.storegateway.sharded.timePartitioning) }} 15 | {{- $timeShards = len .Values.storegateway.sharded.timePartitioning }} 16 | {{- end }} 17 | {{- $shards = mul $hashShards $timeShards | int }} 18 | 19 | {{- range $index, $_ := until $shards }} 20 | apiVersion: {{ include "common.capabilities.policy.apiVersion" $ }} 21 | kind: PodDisruptionBudget 22 | metadata: 23 | name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} 24 | namespace: {{ include "common.names.namespace" $ }} 25 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 26 | app.kubernetes.io/component: storegateway 27 | shard: {{ $index | quote }} 28 | {{- if $.Values.commonAnnotations }} 29 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 30 | {{- end }} 31 | spec: 32 | {{- if $.Values.storegateway.pdb.minAvailable }} 33 | minAvailable: {{ $.Values.storegateway.pdb.minAvailable }} 34 | {{- end }} 35 | {{- if or $.Values.storegateway.pdb.maxUnavailable ( not $.Values.storegateway.pdb.minAvailable ) }} 36 | maxUnavailable: {{ $.Values.storegateway.pdb.maxUnavailable | default 1 }} 37 | {{- end }} 38 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.storegateway.podLabels $.Values.commonLabels ) "context" $ ) }} 39 | selector: 40 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 41 | app.kubernetes.io/component: storegateway 42 | shard: {{ $index | quote }} 43 | --- 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /charts/thanos/templates/storegateway/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.storegateway.enabled .Values.storegateway.pdb.create (not .Values.storegateway.sharded.enabled) }} 7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 8 | kind: PodDisruptionBudget 9 | metadata: 10 | name: {{ include "thanos.storegateway.fullname" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: storegateway 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.storegateway.pdb.minAvailable }} 19 | minAvailable: {{ .Values.storegateway.pdb.minAvailable }} 20 | {{- end }} 21 | {{- if or .Values.storegateway.pdb.maxUnavailable ( not .Values.storegateway.pdb.minAvailable ) }} 22 | maxUnavailable: {{ .Values.storegateway.pdb.maxUnavailable | default 1 }} 23 | {{- end }} 24 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} 25 | selector: 26 | matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} 27 | app.kubernetes.io/component: storegateway 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/thanos/templates/storegateway/service-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and (.Values.storegateway.enabled) (.Values.storegateway.service.additionalHeadless) -}} 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: {{ include "thanos.storegateway.fullname" . }}-headless 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: storegateway 14 | {{- if or .Values.storegateway.service.headless.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: ClusterIP 20 | clusterIP: None 21 | ports: 22 | - port: {{ .Values.storegateway.service.ports.http }} 23 | targetPort: http 24 | protocol: TCP 25 | name: http 26 | - port: {{ .Values.storegateway.service.ports.grpc }} 27 | targetPort: grpc 28 | protocol: TCP 29 | name: grpc 30 | {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} 31 | selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} 32 | app.kubernetes.io/component: storegateway 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/thanos/templates/storegateway/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.storegateway.enabled .Values.storegateway.serviceAccount.create }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ include "thanos.storegateway.serviceAccountName" . }} 11 | namespace: {{ include "common.names.namespace" . }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: storegateway 14 | {{- if or .Values.storegateway.serviceAccount.annotations .Values.commonAnnotations }} 15 | {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} 16 | annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | automountServiceAccountToken: {{ .Values.storegateway.serviceAccount.automountServiceAccountToken }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/thanos/templates/storegateway/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright Broadcom, Inc. All Rights Reserved. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.storegateway.ingress.enabled }} 7 | {{- if .Values.storegateway.ingress.secrets }} 8 | {{- range .Values.storegateway.ingress.secrets }} 9 | apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ include "common.names.fullname" $ }}-storegateway 13 | namespace: {{ include "common.names.namespace" $ }} 14 | labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | app.kubernetes.io/component: storegateway 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | type: kubernetes.io/tls 20 | data: 21 | tls.crt: {{ .certificate | b64enc }} 22 | tls.key: {{ .key | b64enc }} 23 | --- 24 | {{- end }} 25 | {{- end }} 26 | {{- if and .Values.storegateway.ingress.tls .Values.storegateway.ingress.selfSigned }} 27 | {{- $secretName := printf "%s-tls" .Values.storegateway.ingress.hostname }} 28 | {{- $ca := genCA "thanos-storegateway-ca" 365 }} 29 | {{- $cert := genSignedCert .Values.storegateway.ingress.hostname nil (list .Values.storegateway.ingress.hostname) 365 $ca }} 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: {{ $secretName }} 34 | namespace: {{ include "common.names.namespace" . }} 35 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 36 | app.kubernetes.io/component: storegateway 37 | {{- if .Values.commonAnnotations }} 38 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 39 | {{- end }} 40 | type: kubernetes.io/tls 41 | data: 42 | ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} 43 | tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} 44 | tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Congratulations! You have successfully installed release "{{.Release.Name }}" of Neurox Control Cluster! 2 | 3 | To access the Neurox Web Portal, follow these steps: 4 | 5 | 1. Run the command below to get the local administrator password: 6 | ``` 7 | kubectl get secret -n {{ .Release.Namespace }} {{ .Values.idp.local.secret.name }} -o jsonpath="{.data.{{ .Values.idp.local.secret.key }}}" | base64 --decode 8 | ``` 9 | 10 | 2. Open the following URL in your browser: https://{{include "neurox-control.host.primary" . }} 11 | 12 | 3. Log in with the email setup@neurox.com and the password from step 1. 13 | -------------------------------------------------------------------------------- /templates/extra-objects.yaml: -------------------------------------------------------------------------------- 1 | {{ range .Values.global.extraObjects }} 2 | --- 3 | {{ tpl . $ }} 4 | {{ end }} 5 | -------------------------------------------------------------------------------- /templates/issuer.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.global.ingress.useNeuroxIssuer (include "neurox-control.useNeuroxDomain" .) }} 2 | --- 3 | apiVersion: cert-manager.io/v1 4 | kind: Issuer 5 | metadata: 6 | name: "{{ .Values.global.ingress.issuerName }}" 7 | namespace: "{{ .Release.Namespace }}" 8 | spec: 9 | acme: 10 | server: https://acme-v02.api.letsencrypt.org/directory 11 | privateKeySecretRef: 12 | name: '{{ include "neurox-control.fullname" . }}-issuer' 13 | solvers: 14 | - http01: 15 | ingress: 16 | ingressClassName: "{{ .Values.global.ingress.className }}" 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- $controlFullName := include "neurox-control.fullname" . }} 2 | # Required for neurox-control-idp to use Kubernetes CRDs as storage 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRole 6 | metadata: 7 | name: '{{ $controlFullName }}-idp' 8 | rules: 9 | - apiGroups: ["apiextensions.k8s.io"] 10 | resources: ["customresourcedefinitions"] 11 | verbs: ["list", "create"] 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: ClusterRoleBinding 15 | metadata: 16 | name: '{{ $controlFullName }}-idp-cluster' 17 | roleRef: 18 | kind: ClusterRole 19 | apiGroup: rbac.authorization.k8s.io 20 | name: '{{ $controlFullName }}-idp' 21 | subjects: 22 | - kind: ServiceAccount 23 | namespace: {{ .Release.Namespace }} 24 | name: '{{ $controlFullName }}-idp' 25 | --- 26 | apiVersion: rbac.authorization.k8s.io/v1 27 | kind: Role 28 | metadata: 29 | name: '{{ $controlFullName }}-idp' 30 | namespace: {{ .Release.Namespace }} 31 | rules: 32 | - apiGroups: ["dex.coreos.com"] 33 | resources: ["*"] 34 | verbs: ["*"] 35 | --- 36 | apiVersion: rbac.authorization.k8s.io/v1 37 | kind: RoleBinding 38 | metadata: 39 | name: '{{ $controlFullName }}-idp' 40 | namespace: {{ .Release.Namespace }} 41 | roleRef: 42 | kind: Role 43 | apiGroup: rbac.authorization.k8s.io 44 | name: '{{ $controlFullName }}-idp' 45 | subjects: 46 | - kind: ServiceAccount 47 | namespace: neurox 48 | name: '{{ $controlFullName }}-idp' 49 | -------------------------------------------------------------------------------- /templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $hostPrimary := include "neurox-control.host.primary" . -}} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: '{{ include "neurox-control.fullname" . }}-idp' 7 | namespace: "{{ .Release.Namespace }}" 8 | stringData: 9 | config.yaml: | 10 | enablePasswordDB: true 11 | 12 | expiry: 13 | authRequests: "1h" 14 | 15 | grpc: 16 | reflection: true 17 | 18 | issuer: https://{{ $hostPrimary }}/idp 19 | 20 | oauth2: 21 | alwaysShowLoginScreen: false 22 | skipApprovalScreen: true 23 | 24 | staticClients: 25 | - idEnv: OIDC_CLIENT_ID 26 | name: "Neurox Single Sign-On" 27 | redirectURIs: 28 | - https://{{ $hostPrimary }}/sso/auth 29 | secretEnv: OIDC_CLIENT_SECRET 30 | 31 | storage: 32 | type: kubernetes 33 | config: 34 | inCluster: true 35 | 36 | connectors: 37 | - type: oidc 38 | id: google 39 | name: Google 40 | config: 41 | issuer: https://accounts.google.com 42 | {{- if has "google" .Values.global.identityProviders.enabled }} 43 | clientID: $GOOGLE_CLIENT_ID 44 | clientSecret: $GOOGLE_CLIENT_SECRET 45 | redirectURI: https://{{ $hostPrimary }}/idp/callback 46 | 47 | scopes: 48 | - email 49 | - openid 50 | - profile 51 | 52 | claimMapping: 53 | preferred_username: picture 54 | 55 | {{- if .Values.global.identityProviders.google.hostedDomains }} 56 | providerDiscoveryOverrides: 57 | authURL: https://accounts.google.com/o/oauth2/v2/auth?hd={{ join "," .Values.global.identityProviders.google.hostedDomains }} 58 | {{- end }} 59 | {{- end }} 60 | -------------------------------------------------------------------------------- /templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- $controlFullName := include "neurox-control.fullname" . }} 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: '{{ $controlFullName }}-idp' 7 | namespace: {{ .Release.Namespace }} 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - name: http 12 | port: 5556 13 | targetPort: http 14 | protocol: TCP 15 | appProtocol: http 16 | - name: grpc 17 | port: 5557 18 | targetPort: grpc 19 | protocol: TCP 20 | appProtocol: http 21 | - name: telemetry 22 | port: 5558 23 | targetPort: telemetry 24 | protocol: TCP 25 | appProtocol: http 26 | selector: 27 | app: '{{ $controlFullName }}-idp' 28 | --- 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | labels: 33 | app: '{{ $controlFullName }}-sso' 34 | name: '{{ $controlFullName }}-sso' 35 | namespace: {{ .Release.Namespace }} 36 | spec: 37 | ports: 38 | - name: http 39 | port: 80 40 | protocol: TCP 41 | targetPort: 9090 42 | selector: 43 | app: '{{ $controlFullName }}-sso' 44 | --- 45 | apiVersion: v1 46 | kind: Service 47 | metadata: 48 | name: '{{ $controlFullName }}-relay-server' 49 | spec: 50 | selector: 51 | app: '{{ $controlFullName }}-relay-server' 52 | ports: 53 | - protocol: TCP 54 | port: {{ .Values.relay.service.relayPort }} 55 | targetPort: 8080 56 | name: relay 57 | - protocol: TCP 58 | port: {{ .Values.global.relay.apiPort }} 59 | targetPort: 7080 60 | name: api 61 | -------------------------------------------------------------------------------- /templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: '{{ include "neurox-control.fullname" . }}-idp' 6 | namespace: "{{ .Release.Namespace }}" 7 | imagePullSecrets: 8 | - name: "{{ .Values.global.image.pullSecretName }}" 9 | --- 10 | apiVersion: v1 11 | kind: ServiceAccount 12 | metadata: 13 | name: '{{ include "neurox-control.fullname" . }}-sso' 14 | namespace: "{{ .Release.Namespace }}" 15 | imagePullSecrets: 16 | - name: "{{ .Values.global.image.pullSecretName }}" 17 | --- 18 | apiVersion: v1 19 | kind: ServiceAccount 20 | metadata: 21 | name: '{{ include "neurox-control.fullname" . }}-relay-server' 22 | namespace: "{{ .Release.Namespace }}" 23 | imagePullSecrets: 24 | - name: "{{ .Values.global.image.pullSecretName }}" 25 | --------------------------------------------------------------------------------