diff --git a/dragonfly/Chart.yaml b/dragonfly/Chart.yaml new file mode 100644 index 0000000..0a38621 --- /dev/null +++ b/dragonfly/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: dragonfly +description: "a modern superfast in-memory datastore, fully compatible with Redis and Memcached APIs" + +version: v1.20.1 +appVersion: "v1.20.1" diff --git a/dragonfly/templates/_helpers.tpl b/dragonfly/templates/_helpers.tpl new file mode 100644 index 0000000..02a2289 --- /dev/null +++ b/dragonfly/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "dragonfly.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dragonfly.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dragonfly.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "dragonfly.labels" -}} +helm.sh/chart: {{ include "dragonfly.chart" . }} +{{ include "dragonfly.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dragonfly.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dragonfly.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "dragonfly.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "dragonfly.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/dragonfly/templates/_pod.tpl b/dragonfly/templates/_pod.tpl new file mode 100644 index 0000000..ca4dec2 --- /dev/null +++ b/dragonfly/templates/_pod.tpl @@ -0,0 +1,132 @@ +{{- define "dragonfly.volumemounts" -}} +{{- if or (.Values.storage.enabled) (.Values.extraVolumeMounts) (.Values.tls.enabled) }} +volumeMounts: + {{- if .Values.storage.enabled }} + - mountPath: /data + name: "{{ .Release.Name }}-data" + {{- end }} + {{- if and .Values.tls .Values.tls.enabled }} + - mountPath: /etc/dragonfly/tls + name: tls + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | trim | nindent 2 }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "dragonfly.pod" -}} +{{- if ne .Values.priorityClassName "" }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- with .Values.tolerations }} +tolerations: + {{- toYaml . | trim | nindent 2 -}} +{{- end }} +{{- with .Values.nodeSelector }} +nodeSelector: + {{- toYaml . | trim | nindent 2 -}} +{{- end }} +{{- with .Values.affinity }} +affinity: + {{- toYaml . | trim | nindent 2 -}} +{{- end }} +serviceAccountName: {{ include "dragonfly.serviceAccountName" . }} +{{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | trim | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +securityContext: + {{- toYaml . | trim | nindent 2 }} +{{- end }} +{{- with .Values.initContainers }} +initContainers: + {{- if eq (typeOf .) "string" }} + {{- tpl . $ | trim | nindent 2 }} + {{- else }} + {{- toYaml . | trim | nindent 2 }} + {{- end }} +{{- end }} +containers: + {{- with .Values.extraContainers }} + {{- if eq (typeOf .) "string" -}} + {{- tpl . $ | trim | nindent 2 }} + {{- else }} + {{- toYaml . | trim | nindent 2 }} + {{- end }} + {{- end }} + - name: {{ .Chart.Name }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | trim | nindent 6 }} + {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: dragonfly + containerPort: 6379 + protocol: TCP + {{- with .Values.probes }} + {{- toYaml . | trim | nindent 4 }} + {{- end }} + {{- with .Values.command }} + command: + {{- toYaml . | trim | nindent 6 }} + {{- end }} + args: + - "--alsologtostderr" + {{- with .Values.extraArgs }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} + {{- if .Values.tls.enabled }} + - "--tls" + - "--tls_cert_file=/etc/dragonfly/tls/tls.crt" + - "--tls_key_file=/etc/dragonfly/tls/tls.key" + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | trim | nindent 6 }} + {{- end }} + {{- include "dragonfly.volumemounts" . | trim | nindent 4 }} + {{- if .Values.passwordFromSecret.enable }} + {{- $appVersion := .Chart.AppVersion | trimPrefix "v" }} + {{- $imageTag := .Values.image.tag | trimPrefix "v" }} + {{- $effectiveVersion := $appVersion }} + {{- if and $imageTag (ne $imageTag "") }} + {{- $effectiveVersion = $imageTag }} + {{- end }} + env: + {{- if semverCompare ">=1.14.0" $effectiveVersion }} + - name: DFLY_requirepass + {{- else }} + - name: DFLY_PASSWORD + {{- end }} + valueFrom: + secretKeyRef: + name: {{ .Values.passwordFromSecret.existingSecret.name }} + key: {{ .Values.passwordFromSecret.existingSecret.key }} + {{- end }} + +{{- if or (.Values.tls.enabled) (.Values.extraVolumes) }} +volumes: +{{- if and .Values.tls .Values.tls.enabled }} + {{- if .Values.tls.existing_secret }} + - name: tls + secret: + secretName: {{ .Values.tls.existing_secret }} + {{- else if .Values.tls.createCerts }} + - name: tls + secret: + secretName: '{{ include "dragonfly.fullname" . }}-server-tls' + {{- else }} + - name: tls + secret: + secretName: {{ include "dragonfly.fullname" . }}-tls + {{- end }} +{{- end }} +{{- with .Values.extraVolumes }} + {{- toYaml . | trim | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/dragonfly/templates/certificate.yaml b/dragonfly/templates/certificate.yaml new file mode 100644 index 0000000..bfd2510 --- /dev/null +++ b/dragonfly/templates/certificate.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.tls.enabled .Values.tls.createCerts }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "dragonfly.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dragonfly.labels" . | nindent 4 }} +spec: + commonName: '{{ include "dragonfly.fullname" . }}' + dnsNames: + - '*.{{ include "dragonfly.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local' + - '{{ include "dragonfly.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local' + - '{{ include "dragonfly.fullname" . }}.{{ .Release.Namespace }}.svc' + - '{{ include "dragonfly.fullname" . }}.{{ .Release.Namespace }}' + - '{{ include "dragonfly.fullname" . }}' + - localhost + duration: {{ required "tls.duration is required, if createCerts is enabled" .Values.tls.duration }} + ipAddresses: + - 127.0.0.1 + issuerRef: + kind: {{ required "tls.issuer.kind is required, if createCerts is enabled" .Values.tls.issuer.kind }} + name: {{ required "tls.issuer.name is required, if createCerts is enabled" .Values.tls.issuer.name }} + group: {{ .Values.tls.issuer.group }} + secretName: '{{ include "dragonfly.fullname" . }}-server-tls' + usages: + - client auth + - server auth + - signing + - key encipherment +{{- end }} \ No newline at end of file diff --git a/dragonfly/templates/deployment.yaml b/dragonfly/templates/deployment.yaml new file mode 100644 index 0000000..69ce36a --- /dev/null +++ b/dragonfly/templates/deployment.yaml @@ -0,0 +1,33 @@ +{{- if not .Values.storage.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dragonfly.fullname" .}} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dragonfly.labels" . | nindent 4 }} + + +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "dragonfly.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + {{- if and (.Values.tls.enabled) (not .Values.tls.existing_secret) }} + checksum/tls-secret: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "dragonfly.selectorLabels" . | nindent 8 }} + spec: + {{- include "dragonfly.pod" . | trim | nindent 6 }} +{{- end }} + + + \ No newline at end of file diff --git a/dragonfly/templates/metrics-service.yaml b/dragonfly/templates/metrics-service.yaml new file mode 100644 index 0000000..cd47e2a --- /dev/null +++ b/dragonfly/templates/metrics-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "dragonfly.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} + labels: + {{- include "dragonfly.labels" . | nindent 4 }} + type: metrics +spec: + type: {{ .Values.service.metrics.serviceType }} + ports: + - name: {{ .Values.service.metrics.portName }} + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + protocol: TCP + selector: + {{- include "dragonfly.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/dragonfly/templates/prometheusrule.yaml b/dragonfly/templates/prometheusrule.yaml new file mode 100644 index 0000000..4cbc1a4 --- /dev/null +++ b/dragonfly/templates/prometheusrule.yaml @@ -0,0 +1,14 @@ +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.serviceMonitor.enabled .Values.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "dragonfly.fullname" . }}-metrics + namespace: {{ .Values.prometheusRule.namespace | default .Release.Namespace }} + labels: + {{- include "dragonfly.labels" . | nindent 4 }} +spec: + groups: + - name: {{ template "dragonfly.name" . }} + rules: + {{- toYaml .Values.prometheusRule.spec | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/dragonfly/templates/service.yaml b/dragonfly/templates/service.yaml new file mode 100644 index 0000000..fc3dd99 --- /dev/null +++ b/dragonfly/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "dragonfly.fullname" . }} + namespace: {{ .Release.Namespace }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- include "dragonfly.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "LoadBalancer") (ne .Values.service.loadBalancerIP "") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: dragonfly + protocol: TCP + name: dragonfly + selector: + {{- include "dragonfly.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/dragonfly/templates/serviceaccount.yaml b/dragonfly/templates/serviceaccount.yaml new file mode 100644 index 0000000..9529e2f --- /dev/null +++ b/dragonfly/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "dragonfly.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "dragonfly.labels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/dragonfly/templates/statefulset.yaml b/dragonfly/templates/statefulset.yaml new file mode 100644 index 0000000..a0c6326 --- /dev/null +++ b/dragonfly/templates/statefulset.yaml @@ -0,0 +1,37 @@ +{{- if .Values.storage.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "dragonfly.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dragonfly.labels" . | nindent 4 }} +spec: + serviceName: {{ .Release.Name }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "dragonfly.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if and (.Values.tls.enabled) (not .Values.tls.existing_secret) }} + checksum/tls-secret: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "dragonfly.selectorLabels" . | nindent 8 }} + spec: + {{- include "dragonfly.pod" . | trim | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: "{{ .Release.Name }}-data" + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.storage.storageClassName }} + resources: + requests: + storage: {{ .Values.storage.requests }} +{{- end }} \ No newline at end of file diff --git a/dragonfly/templates/tls-secret.yaml b/dragonfly/templates/tls-secret.yaml new file mode 100644 index 0000000..81b09c3 --- /dev/null +++ b/dragonfly/templates/tls-secret.yaml @@ -0,0 +1,13 @@ +{{- if and (.Values.tls.enabled) (.Values.tls.cert) (.Values.tls.key) (not .Values.tls.existing_secret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "dragonfly.fullname" . }}-tls + namespace: {{ .Release.Namespace }} + labels: + {{- include "dragonfly.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + tls.crt: {{ default "" .Values.tls.cert | b64enc | quote }} + tls.key: {{ default "" .Values.tls.key | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/dragonfly/values.schema.json b/dragonfly/values.schema.json new file mode 100644 index 0000000..3f22821 --- /dev/null +++ b/dragonfly/values.schema.json @@ -0,0 +1,83 @@ +{ + "properties": { + "replicaCount":{ + "description": "number of replicas of dragonflyDb", + "type":"integer" + }, + "storage":{ + "description": "storage for dragonflydb,default is 128Mi", + "type":"object", + "properties": { + "enabled":{ + "description": "enables storage if set to true ,default is false", + "type":"boolean" + }, + "requests":{ + "description":"requests storage,default 128Mi", + "type":"string" + } + } + }, + "serviceMonitor":{ + "description": "enables service monitor ,requires kube-promtheus installed in your cluster", + "type":"object", + "properties": { + "enabled":{ + "type":"boolean" + }, + "namespace":{ + "description": "namespace to deploy in,default is application namespace", + "type":"string" + } + } + }, + "resources":{ + "description": "allocate cpu and ram for dragonfly", + "title": "resources", + "type":"object", + "properties": { + "requests":{ + "title": "Request resoures", + "type":"object", + "properties": { + "cpu":{ + "description":"request to allocates cpu resource,default is 100m", + "type":"string" + }, + "memory":{ + "description":"requests memory for dragonfly, default 128Mi(Megabyte)", + "type":"string" + } + } + }, + "limits":{ + "title":"resource limits", + "description": "sets upper limits for resources", + "type":"object", + "properties": { + "cpu":{ + "description":"cpu resource limit,deafult is 1000m", + "type":"string" + }, + "memory":{ + "description": "memory limit for dragonfly,default 512Mi", + "type":"string" + } + } + } + } + } + }, + "order":[ + "replicaCount", + "storage", + "resources", + "serviceMonitor" + ], + "required": [ + "replicaCount", + "storage", + "resources", + "serviceMonitor" + ] +} \ No newline at end of file diff --git a/dragonfly/values.yaml b/dragonfly/values.yaml new file mode 100644 index 0000000..e7fe31f --- /dev/null +++ b/dragonfly/values.yaml @@ -0,0 +1,148 @@ +# default configuration for dragonfly + +# no of dragonfly replicas to deploy +replicaCount: 1 + +image: + repository: docker.dragonflydb.io/dragonflydb/dragonfly + tag: "" + + +# default resource requirements, you can change it according to your needs. +resources: + requests: + # min cpu millisecs + cpu: 100m + # min memory for dragonfly deployment + memory: 128Mi + + limits: + #max cpu millisecs for dragonfly deployment + cpu: 1000m + # max memory limit for dragonfly deployment + memory: 512Mi + + + +service: + + type: ClusterIP + # Load balancer static ip to use when service type is set to LoadBalancer + loadBalancerIP: "" + # Dragonfly default service port + port: 6379 + + metrics: + # name for the metrics port + portName: metrics + # serviceType for the metrics service + serviceType: ClusterIP + + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + + +storage: + # you can set this to true for production use cases,if you want dragonfly to persist data. + enabled: false + + storageClassName: "" + # Volume size to request for the PVC,default set to 128Mb + requests: 128Mi + + + +# extra arguments to pass to dragonfly binary +extraArgs: [] + + +podSecurityContext: + fsGroup: 2000 + + +securityContexts: + capabilities: + drop: + - ALL + # sets file system permission as read-only for dragonfly container + readOnlyRootFilesystem: true + # sets the dragon container to run as non-root + runAsNonRoot: true + # run dragonfly container with user-Id as 1000 + runAsUser: 1000 + + + +# the below fields serviceMonitor and promtheiumsRule requires you have prometheus operator running in your cluster. + +serviceMonitor: + # If true, a ServiceMonitor CRD is created for a prometheus operator + enabled: false + # namespace in which to deploy the ServiceMonitor CR. defaults to the application namespace + namespace: "" + # additional labels to apply to the metrics + labels: {} + # additional annotations to apply to the metrics + annotations: {} + # scrape interval + interval: 10s + # scrape timeout + scrapeTimeout: 10s + +prometheusRule: + # Deploy a PrometheusRule + enabled: false + # PrometheusRule.Spec + # https://awesome-prometheus-alerts.grep.to/rules + spec: [] + + +tls: + # -enable TLS + enabled: false + # use cert-manager to automatically create the certificate + createCerts: false + # duration or ttl of the validity of the created certificate + duration: 87600h0m0s + issuer: + # - cert-manager issuer kind. Usually Issuer or ClusterIssuer + kind: ClusterIssuer + # -name of the referenced issuer + name: selfsigned + # - group of the referenced issuer + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io + # - use TLS certificates from existing secret + existing_secret: "" + # - TLS certificate + cert: "" + # cert: | + # -----BEGIN CERTIFICATE----- + # MIIDazCCAlOgAwIBAgIUfV3ygaaVW3+yzK5Dq6Aw6TsZ494wDQYJKoZIhvcNAQEL + # ... + # BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM + # zJAL4hNw4Tr6E52fqdmX + # -----END CERTIFICATE----- + # -- TLS private key + key: "" + + + + +passwordFromSecret: + enable: false + existingSecret: + name: "" + key: "" + + + +# for more fields check dragon fly helm chart \ No newline at end of file