|
|
@@ -63,612 +63,1256 @@ clusterDomain: cluster.local
|
|
|
## @param extraDeploy Array of extra objects to deploy with the release
|
|
|
##
|
|
|
extraDeploy: []
|
|
|
-## Bitnami cloudnative-pg Operator image
|
|
|
-## ref: https://hub.docker.com/r/bitnami/cloudnative-pg/tags/
|
|
|
-## @param image.registry [default: REGISTRY_NAME] cloudnative-pg Operator image registry
|
|
|
-## @param image.repository [default: REPOSITORY_NAME/cloudnative-pg] cloudnative-pg Operator image repository
|
|
|
-## @skip image.tag cloudnative-pg Operator image tag (immutable tags are recommended)
|
|
|
-## @param image.digest cloudnative-pg Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
|
|
|
-## @param image.pullPolicy cloudnative-pg Operator image pull policy
|
|
|
-## @param image.pullSecrets cloudnative-pg Operator image pull secrets
|
|
|
-## @param image.debug Enable cloudnative-pg Operator image debug mode
|
|
|
-##
|
|
|
-image:
|
|
|
- registry: docker.io
|
|
|
- repository: bitnami/cloudnative-pg
|
|
|
- tag: 1.26.0-debian-12-r4
|
|
|
- digest: ""
|
|
|
- ## Specify a imagePullPolicy
|
|
|
- ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
|
|
- ##
|
|
|
- pullPolicy: IfNotPresent
|
|
|
- ## Optionally specify an array of imagePullSecrets.
|
|
|
- ## Secrets must be manually created in the namespace.
|
|
|
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
|
+## @section cloudnative-pg operator parameters
|
|
|
+##
|
|
|
+operator:
|
|
|
+ ## Bitnami cloudnative-pg Operator image
|
|
|
+ ## ref: https://hub.docker.com/r/bitnami/cloudnative-pg/tags/
|
|
|
+ ## @param operator.image.registry [default: REGISTRY_NAME] cloudnative-pg Operator image registry
|
|
|
+ ## @param operator.image.repository [default: REPOSITORY_NAME/cloudnative-pg] cloudnative-pg Operator image repository
|
|
|
+ ## @skip operator.image.tag cloudnative-pg Operator image tag (immutable tags are recommended)
|
|
|
+ ## @param operator.image.digest cloudnative-pg Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
|
|
|
+ ## @param operator.image.pullPolicy cloudnative-pg Operator image pull policy
|
|
|
+ ## @param operator.image.pullSecrets cloudnative-pg Operator image pull secrets
|
|
|
+ ## @param operator.image.debug Enable cloudnative-pg Operator image debug mode
|
|
|
+ ##
|
|
|
+ image:
|
|
|
+ registry: docker.io
|
|
|
+ repository: bitnami/cloudnative-pg
|
|
|
+ tag: 1.26.0-debian-12-r4
|
|
|
+ digest: ""
|
|
|
+ ## Specify a imagePullPolicy
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
|
|
+ ##
|
|
|
+ pullPolicy: IfNotPresent
|
|
|
+ ## Optionally specify an array of imagePullSecrets.
|
|
|
+ ## Secrets must be manually created in the namespace.
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
|
+ ## e.g:
|
|
|
+ ## pullSecrets:
|
|
|
+ ## - myRegistryKeySecretName
|
|
|
+ ##
|
|
|
+ pullSecrets: []
|
|
|
+ ## Enable debug mode
|
|
|
+ ##
|
|
|
+ debug: false
|
|
|
+ ## Bitnami PostgreSQL image version
|
|
|
+ ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
|
|
|
+ ## @param operator.postgresqlImage.registry [default: REGISTRY_NAME] PostgreSQL image registry
|
|
|
+ ## @param operator.postgresqlImage.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
|
|
|
+ ## @skip operator.postgresqlImage.tag PostgreSQL image tag (immutable tags are recommended)
|
|
|
+ ## @param operator.postgresqlImage.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
|
+ ##
|
|
|
+ postgresqlImage:
|
|
|
+ registry: docker.io
|
|
|
+ repository: bitnami/postgresql
|
|
|
+ tag: 17.5.0-debian-12-r12
|
|
|
+ digest: ""
|
|
|
+ ## @param operator.replicaCount Number of cloudnative-pg Operator replicas to deploy
|
|
|
+ ##
|
|
|
+ replicaCount: 1
|
|
|
+ ## @param operator.containerPorts.metrics cloudnative-pg Operator metrics container port
|
|
|
+ ## @param operator.containerPorts.webhook cloudnative-pg Operator webhook container port
|
|
|
+ ##
|
|
|
+ containerPorts:
|
|
|
+ metrics: 8080
|
|
|
+ webhook: 9443
|
|
|
+ ## Configure extra options for cloudnative-pg Operator containers' liveness and readiness probes
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
|
+ ## @param operator.livenessProbe.enabled Enable livenessProbe on cloudnative-pg Operator containers
|
|
|
+ ## @param operator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
|
+ ## @param operator.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
|
+ ## @param operator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
|
+ ## @param operator.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
|
+ ## @param operator.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
|
+ ##
|
|
|
+ livenessProbe:
|
|
|
+ enabled: true
|
|
|
+ initialDelaySeconds: 5
|
|
|
+ periodSeconds: 10
|
|
|
+ timeoutSeconds: 5
|
|
|
+ failureThreshold: 5
|
|
|
+ successThreshold: 1
|
|
|
+ ## @param operator.readinessProbe.enabled Enable readinessProbe on cloudnative-pg Operator containers
|
|
|
+ ## @param operator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
|
+ ## @param operator.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
|
+ ## @param operator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
|
+ ## @param operator.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
|
+ ## @param operator.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
|
+ ##
|
|
|
+ readinessProbe:
|
|
|
+ enabled: true
|
|
|
+ initialDelaySeconds: 5
|
|
|
+ periodSeconds: 10
|
|
|
+ timeoutSeconds: 5
|
|
|
+ failureThreshold: 5
|
|
|
+ successThreshold: 1
|
|
|
+ ## @param operator.startupProbe.enabled Enable startupProbe on cloudnative-pg Operator containers
|
|
|
+ ## @param operator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
|
+ ## @param operator.startupProbe.periodSeconds Period seconds for startupProbe
|
|
|
+ ## @param operator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
|
+ ## @param operator.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
|
+ ## @param operator.startupProbe.successThreshold Success threshold for startupProbe
|
|
|
+ ##
|
|
|
+ startupProbe:
|
|
|
+ enabled: false
|
|
|
+ initialDelaySeconds: 5
|
|
|
+ periodSeconds: 10
|
|
|
+ timeoutSeconds: 5
|
|
|
+ failureThreshold: 5
|
|
|
+ successThreshold: 1
|
|
|
+ ## @param operator.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
|
+ ##
|
|
|
+ customLivenessProbe: {}
|
|
|
+ ## @param operator.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
|
+ ##
|
|
|
+ customReadinessProbe: {}
|
|
|
+ ## @param operator.customStartupProbe Custom startupProbe that overrides the default one
|
|
|
+ ##
|
|
|
+ customStartupProbe: {}
|
|
|
+ ## @param operator.watchAllNamespaces Watch for cloudnative-pg resources in all namespaces
|
|
|
+ ##
|
|
|
+ watchAllNamespaces: true
|
|
|
+ ## @param operator.watchNamespaces [array] Watch for cloudnative-pg resources in the given namespaces
|
|
|
+ ##
|
|
|
+ watchNamespaces: []
|
|
|
+ ## @param operator.maxConcurrentReconciles Maximum concurrent reconciles in the operator
|
|
|
+ ##
|
|
|
+ maxConcurrentReconciles: 10
|
|
|
+ ## @param operator.configuration Add configuration settings to a configmap
|
|
|
+ ## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
+ ##
|
|
|
+ configuration: {}
|
|
|
+ ## @param operator.secretConfiguration Add configuration settings to a secret
|
|
|
+ ## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
+ ##
|
|
|
+ secretConfiguration: {}
|
|
|
+ ## @param operator.existingConfigMap Name of a ConfigMap containing the operator configuration
|
|
|
+ ## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
+ ##
|
|
|
+ existingConfigMap: ""
|
|
|
+ ## @param operator.existingSecret Name of a Secret containing the operator secret configuration
|
|
|
+ ## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
+ ##
|
|
|
+ existingSecret: ""
|
|
|
+ ## cloudnative-pg Operator resource requests and limits
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
|
+ ## @param operator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production).
|
|
|
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
|
|
+ ##
|
|
|
+ resourcesPreset: "nano"
|
|
|
+ ## @param operator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
|
|
+ ## Example:
|
|
|
+ ## resources:
|
|
|
+ ## requests:
|
|
|
+ ## cpu: 2
|
|
|
+ ## memory: 512Mi
|
|
|
+ ## limits:
|
|
|
+ ## cpu: 3
|
|
|
+ ## memory: 1024Mi
|
|
|
+ ##
|
|
|
+ resources: {}
|
|
|
+ ## Configure Pods Security Context
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
|
+ ## @param operator.podSecurityContext.enabled Enabled cloudnative-pg Operator pods' Security Context
|
|
|
+ ## @param operator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
|
|
+ ## @param operator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
|
|
+ ## @param operator.podSecurityContext.supplementalGroups Set filesystem extra groups
|
|
|
+ ## @param operator.podSecurityContext.fsGroup Set cloudnative-pg Operator pod's Security Context fsGroup
|
|
|
+ ##
|
|
|
+ podSecurityContext:
|
|
|
+ enabled: true
|
|
|
+ fsGroupChangePolicy: Always
|
|
|
+ sysctls: []
|
|
|
+ supplementalGroups: []
|
|
|
+ fsGroup: 1001
|
|
|
+ ## Configure Container Security Context
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
|
+ ## @param operator.containerSecurityContext.enabled Enabled containers' Security Context
|
|
|
+ ## @param operator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
|
|
+ ## @param operator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
|
|
+ ## @param operator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
|
|
+ ## @param operator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
|
|
+ ## @param operator.containerSecurityContext.privileged Set container's Security Context privileged
|
|
|
+ ## @param operator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
|
|
+ ## @param operator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
|
|
+ ## @param operator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
|
|
+ ## @param operator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
|
|
+ ##
|
|
|
+ containerSecurityContext:
|
|
|
+ enabled: true
|
|
|
+ seLinuxOptions: {}
|
|
|
+ runAsUser: 1001
|
|
|
+ runAsGroup: 1001
|
|
|
+ runAsNonRoot: true
|
|
|
+ privileged: false
|
|
|
+ readOnlyRootFilesystem: true
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop: ["ALL"]
|
|
|
+ seccompProfile:
|
|
|
+ type: "RuntimeDefault"
|
|
|
+ ## @param operator.command Override default container command (useful when using custom images)
|
|
|
+ ##
|
|
|
+ command: []
|
|
|
+ ## @param operator.args Override default container args (useful when using custom images)
|
|
|
+ ##
|
|
|
+ args: []
|
|
|
+ ## @param operator.extraArgs Additional command line arguments to pass to default command
|
|
|
+ ##
|
|
|
+ extraArgs: []
|
|
|
+ ## @param operator.automountServiceAccountToken Mount Service Account token in pod
|
|
|
+ ##
|
|
|
+ automountServiceAccountToken: true
|
|
|
+ ## @param operator.hostAliases cloudnative-pg Operator pods host aliases
|
|
|
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
|
+ ##
|
|
|
+ hostAliases: []
|
|
|
+ ## @param operator.podLabels Extra labels for cloudnative-pg Operator pods
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
|
+ ##
|
|
|
+ podLabels: {}
|
|
|
+ ## @param operator.podAnnotations Annotations for cloudnative-pg Operator pods
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
|
+ ##
|
|
|
+ podAnnotations: {}
|
|
|
+ ## @param operator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
|
+ ##
|
|
|
+ podAffinityPreset: ""
|
|
|
+ ## @param operator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
|
+ ##
|
|
|
+ podAntiAffinityPreset: soft
|
|
|
+ ## Pod Disruption Budget configuration
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
|
+ ## @param operator.pdb.create Enable/disable a Pod Disruption Budget creation
|
|
|
+ ## @param operator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
|
+ ## @param operator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
|
+ ##
|
|
|
+ pdb:
|
|
|
+ create: true
|
|
|
+ minAvailable: ""
|
|
|
+ maxUnavailable: ""
|
|
|
+ ## Node affinity preset
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
|
+ ##
|
|
|
+ nodeAffinityPreset:
|
|
|
+ ## @param operator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
+ ##
|
|
|
+ type: ""
|
|
|
+ ## @param operator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
|
|
|
+ ##
|
|
|
+ key: ""
|
|
|
+ ## @param operator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
|
|
|
+ ## E.g.
|
|
|
+ ## values:
|
|
|
+ ## - e2e-az1
|
|
|
+ ## - e2e-az2
|
|
|
+ ##
|
|
|
+ values: []
|
|
|
+ ## @param operator.affinity Affinity for cloudnative-pg Operator pods assignment
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
+ ## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
|
|
|
+ ##
|
|
|
+ affinity: {}
|
|
|
+ ## @param operator.nodeSelector Node labels for cloudnative-pg Operator pods assignment
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
|
|
|
+ ##
|
|
|
+ nodeSelector: {}
|
|
|
+ ## @param operator.tolerations Tolerations for cloudnative-pg Operator pods assignment
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
|
+ ##
|
|
|
+ tolerations: []
|
|
|
+ ## @param operator.updateStrategy.type cloudnative-pg Operator statefulset strategy type
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
|
|
+ ##
|
|
|
+ updateStrategy:
|
|
|
+ ## StrategyType
|
|
|
+ ## Can be set to RollingUpdate or OnDelete
|
|
|
+ ##
|
|
|
+ type: RollingUpdate
|
|
|
+ ## @param operator.priorityClassName cloudnative-pg Operator pods' priorityClassName
|
|
|
+ ##
|
|
|
+ priorityClassName: ""
|
|
|
+ ## @param operator.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
|
|
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
|
+ ##
|
|
|
+ topologySpreadConstraints: []
|
|
|
+ ## @param operator.schedulerName Name of the k8s scheduler (other than default) for cloudnative-pg Operator pods
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
|
+ ##
|
|
|
+ schedulerName: ""
|
|
|
+ ## @param operator.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
|
|
|
+ ##
|
|
|
+ terminationGracePeriodSeconds: ""
|
|
|
+ ## @param operator.lifecycleHooks for the cloudnative-pg Operator container(s) to automate configuration before or after startup
|
|
|
+ ##
|
|
|
+ lifecycleHooks: {}
|
|
|
+ ## @param operator.extraEnvVars Array with extra environment variables to add to cloudnative-pg Operator nodes
|
|
|
## e.g:
|
|
|
- ## pullSecrets:
|
|
|
- ## - myRegistryKeySecretName
|
|
|
+ ## extraEnvVars:
|
|
|
+ ## - name: FOO
|
|
|
+ ## value: "bar"
|
|
|
##
|
|
|
- pullSecrets: []
|
|
|
- ## Enable debug mode
|
|
|
+ extraEnvVars: []
|
|
|
+ ## @param operator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for cloudnative-pg Operator nodes
|
|
|
##
|
|
|
- debug: false
|
|
|
-## Bitnami PostgreSQL image version
|
|
|
-## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
|
|
|
-## @param postgresqlImage.registry [default: REGISTRY_NAME] PostgreSQL image registry
|
|
|
-## @param postgresqlImage.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
|
|
|
-## @skip postgresqlImage.tag PostgreSQL image tag (immutable tags are recommended)
|
|
|
-## @param postgresqlImage.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
|
-##
|
|
|
-postgresqlImage:
|
|
|
- registry: docker.io
|
|
|
- repository: bitnami/postgresql
|
|
|
- tag: 17.5.0-debian-12-r12
|
|
|
- digest: ""
|
|
|
-## @param replicaCount Number of cloudnative-pg Operator replicas to deploy
|
|
|
-##
|
|
|
-replicaCount: 1
|
|
|
-## @param containerPorts.metrics cloudnative-pg Operator metrics container port
|
|
|
-## @param containerPorts.webhook cloudnative-pg Operator webhook container port
|
|
|
-##
|
|
|
-containerPorts:
|
|
|
- metrics: 8080
|
|
|
- webhook: 9443
|
|
|
-## Configure extra options for cloudnative-pg Operator containers' liveness and readiness probes
|
|
|
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
|
-## @param livenessProbe.enabled Enable livenessProbe on cloudnative-pg Operator containers
|
|
|
-## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
|
-## @param livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
|
-## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
|
-## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
|
-## @param livenessProbe.successThreshold Success threshold for livenessProbe
|
|
|
-##
|
|
|
-livenessProbe:
|
|
|
- enabled: true
|
|
|
- initialDelaySeconds: 5
|
|
|
- periodSeconds: 10
|
|
|
- timeoutSeconds: 5
|
|
|
- failureThreshold: 5
|
|
|
- successThreshold: 1
|
|
|
-## @param readinessProbe.enabled Enable readinessProbe on cloudnative-pg Operator containers
|
|
|
-## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
|
-## @param readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
|
-## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
|
-## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
|
-## @param readinessProbe.successThreshold Success threshold for readinessProbe
|
|
|
-##
|
|
|
-readinessProbe:
|
|
|
- enabled: true
|
|
|
- initialDelaySeconds: 5
|
|
|
- periodSeconds: 10
|
|
|
- timeoutSeconds: 5
|
|
|
- failureThreshold: 5
|
|
|
- successThreshold: 1
|
|
|
-## @param startupProbe.enabled Enable startupProbe on cloudnative-pg Operator containers
|
|
|
-## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
|
-## @param startupProbe.periodSeconds Period seconds for startupProbe
|
|
|
-## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
|
-## @param startupProbe.failureThreshold Failure threshold for startupProbe
|
|
|
-## @param startupProbe.successThreshold Success threshold for startupProbe
|
|
|
-##
|
|
|
-startupProbe:
|
|
|
- enabled: false
|
|
|
- initialDelaySeconds: 5
|
|
|
- periodSeconds: 10
|
|
|
- timeoutSeconds: 5
|
|
|
- failureThreshold: 5
|
|
|
- successThreshold: 1
|
|
|
-## @param customLivenessProbe Custom livenessProbe that overrides the default one
|
|
|
-##
|
|
|
-customLivenessProbe: {}
|
|
|
-## @param customReadinessProbe Custom readinessProbe that overrides the default one
|
|
|
-##
|
|
|
-customReadinessProbe: {}
|
|
|
-## @param customStartupProbe Custom startupProbe that overrides the default one
|
|
|
-##
|
|
|
-customStartupProbe: {}
|
|
|
-## @param watchAllNamespaces Watch for cloudnative-pg resources in all namespaces
|
|
|
-##
|
|
|
-watchAllNamespaces: true
|
|
|
-## @param watchNamespaces [array] Watch for cloudnative-pg resources in the given namespaces
|
|
|
-##
|
|
|
-watchNamespaces: []
|
|
|
-## @param maxConcurrentReconciles Maximum concurrent reconciles in the operator
|
|
|
-##
|
|
|
-maxConcurrentReconciles: 10
|
|
|
-## @param configuration Add configuration settings to a configmap
|
|
|
-## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
-##
|
|
|
-configuration: {}
|
|
|
-## @param secretConfiguration Add configuration settings to a secret
|
|
|
-## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
-##
|
|
|
-secretConfiguration: {}
|
|
|
-## @param existingConfigMap Name of a ConfigMap containing the operator configuration
|
|
|
-## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
-##
|
|
|
-existingConfigMap: ""
|
|
|
-## @param existingSecret Name of a Secret containing the operator secret configuration
|
|
|
-## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
|
|
|
-##
|
|
|
-existingSecret: ""
|
|
|
-## cloudnative-pg Operator resource requests and limits
|
|
|
-## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
|
-## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production).
|
|
|
-## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
|
|
-##
|
|
|
-resourcesPreset: "nano"
|
|
|
-## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
|
|
-## Example:
|
|
|
-## resources:
|
|
|
-## requests:
|
|
|
-## cpu: 2
|
|
|
-## memory: 512Mi
|
|
|
-## limits:
|
|
|
-## cpu: 3
|
|
|
-## memory: 1024Mi
|
|
|
-##
|
|
|
-resources: {}
|
|
|
-## Configure Pods Security Context
|
|
|
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
|
-## @param podSecurityContext.enabled Enabled cloudnative-pg Operator pods' Security Context
|
|
|
-## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
|
|
-## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
|
|
-## @param podSecurityContext.supplementalGroups Set filesystem extra groups
|
|
|
-## @param podSecurityContext.fsGroup Set cloudnative-pg Operator pod's Security Context fsGroup
|
|
|
-##
|
|
|
-podSecurityContext:
|
|
|
- enabled: true
|
|
|
- fsGroupChangePolicy: Always
|
|
|
- sysctls: []
|
|
|
- supplementalGroups: []
|
|
|
- fsGroup: 1001
|
|
|
-## Configure Container Security Context
|
|
|
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
|
-## @param containerSecurityContext.enabled Enabled containers' Security Context
|
|
|
-## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
|
|
-## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
|
|
-## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
|
|
-## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
|
|
-## @param containerSecurityContext.privileged Set container's Security Context privileged
|
|
|
-## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
|
|
-## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
|
|
-## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
|
|
-## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
|
|
-##
|
|
|
-containerSecurityContext:
|
|
|
- enabled: true
|
|
|
- seLinuxOptions: {}
|
|
|
- runAsUser: 1001
|
|
|
- runAsGroup: 1001
|
|
|
- runAsNonRoot: true
|
|
|
- privileged: false
|
|
|
- readOnlyRootFilesystem: true
|
|
|
- allowPrivilegeEscalation: false
|
|
|
- capabilities:
|
|
|
- drop: ["ALL"]
|
|
|
- seccompProfile:
|
|
|
- type: "RuntimeDefault"
|
|
|
-## @param command Override default container command (useful when using custom images)
|
|
|
-##
|
|
|
-command: []
|
|
|
-## @param args Override default container args (useful when using custom images)
|
|
|
-##
|
|
|
-args: []
|
|
|
-## @param automountServiceAccountToken Mount Service Account token in pod
|
|
|
-##
|
|
|
-automountServiceAccountToken: true
|
|
|
-## @param hostAliases cloudnative-pg Operator pods host aliases
|
|
|
-## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
|
-##
|
|
|
-hostAliases: []
|
|
|
-## @param podLabels Extra labels for cloudnative-pg Operator pods
|
|
|
-## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
|
-##
|
|
|
-podLabels: {}
|
|
|
-## @param podAnnotations Annotations for cloudnative-pg Operator pods
|
|
|
-## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
|
-##
|
|
|
-podAnnotations: {}
|
|
|
-## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
-## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
|
-##
|
|
|
-podAffinityPreset: ""
|
|
|
-## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
-## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
|
-##
|
|
|
-podAntiAffinityPreset: soft
|
|
|
-## Pod Disruption Budget configuration
|
|
|
-## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
|
-## @param pdb.create Enable/disable a Pod Disruption Budget creation
|
|
|
-## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
|
-## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
|
-##
|
|
|
-pdb:
|
|
|
- create: true
|
|
|
- minAvailable: ""
|
|
|
- maxUnavailable: ""
|
|
|
-## Node affinity preset
|
|
|
-## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
|
-##
|
|
|
-nodeAffinityPreset:
|
|
|
- ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
+ extraEnvVarsCM: ""
|
|
|
+ ## @param operator.extraEnvVarsSecret Name of existing Secret containing extra env vars for cloudnative-pg Operator nodes
|
|
|
##
|
|
|
- type: ""
|
|
|
- ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
|
|
|
+ extraEnvVarsSecret: ""
|
|
|
+ ## @param operator.extraVolumes Optionally specify extra list of additional volumes for the cloudnative-pg Operator pod(s)
|
|
|
##
|
|
|
- key: ""
|
|
|
- ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
|
|
|
- ## E.g.
|
|
|
- ## values:
|
|
|
- ## - e2e-az1
|
|
|
- ## - e2e-az2
|
|
|
- ##
|
|
|
- values: []
|
|
|
-## @param affinity Affinity for cloudnative-pg Operator pods assignment
|
|
|
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
-## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
|
|
|
-##
|
|
|
-affinity: {}
|
|
|
-## @param nodeSelector Node labels for cloudnative-pg Operator pods assignment
|
|
|
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
|
|
|
-##
|
|
|
-nodeSelector: {}
|
|
|
-## @param tolerations Tolerations for cloudnative-pg Operator pods assignment
|
|
|
-## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
|
-##
|
|
|
-tolerations: []
|
|
|
-## @param updateStrategy.type cloudnative-pg Operator statefulset strategy type
|
|
|
-## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
|
|
-##
|
|
|
-updateStrategy:
|
|
|
- ## StrategyType
|
|
|
- ## Can be set to RollingUpdate or OnDelete
|
|
|
+ extraVolumes: []
|
|
|
+ ## @param operator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the cloudnative-pg Operator container(s)
|
|
|
##
|
|
|
- type: RollingUpdate
|
|
|
-## @param priorityClassName cloudnative-pg Operator pods' priorityClassName
|
|
|
-##
|
|
|
-priorityClassName: ""
|
|
|
-## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
|
|
-## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
|
-##
|
|
|
-topologySpreadConstraints: []
|
|
|
-## @param schedulerName Name of the k8s scheduler (other than default) for cloudnative-pg Operator pods
|
|
|
-## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
|
-##
|
|
|
-schedulerName: ""
|
|
|
-## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
|
|
|
-## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
|
|
|
-##
|
|
|
-terminationGracePeriodSeconds: ""
|
|
|
-## @param lifecycleHooks for the cloudnative-pg Operator container(s) to automate configuration before or after startup
|
|
|
-##
|
|
|
-lifecycleHooks: {}
|
|
|
-## @param extraEnvVars Array with extra environment variables to add to cloudnative-pg Operator nodes
|
|
|
-## e.g:
|
|
|
-## extraEnvVars:
|
|
|
-## - name: FOO
|
|
|
-## value: "bar"
|
|
|
-##
|
|
|
-extraEnvVars: []
|
|
|
-## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for cloudnative-pg Operator nodes
|
|
|
-##
|
|
|
-extraEnvVarsCM: ""
|
|
|
-## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for cloudnative-pg Operator nodes
|
|
|
-##
|
|
|
-extraEnvVarsSecret: ""
|
|
|
-## @param extraVolumes Optionally specify extra list of additional volumes for the cloudnative-pg Operator pod(s)
|
|
|
-##
|
|
|
-extraVolumes: []
|
|
|
-## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the cloudnative-pg Operator container(s)
|
|
|
-##
|
|
|
-extraVolumeMounts: []
|
|
|
-## @param sidecars Add additional sidecar containers to the cloudnative-pg Operator pod(s)
|
|
|
-## e.g:
|
|
|
-## sidecars:
|
|
|
-## - name: your-image-name
|
|
|
-## image: your-image
|
|
|
-## imagePullPolicy: Always
|
|
|
-## ports:
|
|
|
-## - name: portname
|
|
|
-## containerPort: 1234
|
|
|
-##
|
|
|
-sidecars: []
|
|
|
-## @param initContainers Add additional init containers to the cloudnative-pg Operator pod(s)
|
|
|
-## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
|
-## e.g:
|
|
|
-## initContainers:
|
|
|
-## - name: your-image-name
|
|
|
-## image: your-image
|
|
|
-## imagePullPolicy: Always
|
|
|
-## command: ['sh', '-c', 'echo "hello world"']
|
|
|
-##
|
|
|
-initContainers: []
|
|
|
+ extraVolumeMounts: []
|
|
|
+ ## @param operator.sidecars Add additional sidecar containers to the cloudnative-pg Operator pod(s)
|
|
|
+ ## e.g:
|
|
|
+ ## sidecars:
|
|
|
+ ## - name: your-image-name
|
|
|
+ ## image: your-image
|
|
|
+ ## imagePullPolicy: Always
|
|
|
+ ## ports:
|
|
|
+ ## - name: portname
|
|
|
+ ## containerPort: 1234
|
|
|
+ ##
|
|
|
+ sidecars: []
|
|
|
+ ## @param operator.initContainers Add additional init containers to the cloudnative-pg Operator pod(s)
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
|
+ ## e.g:
|
|
|
+ ## initContainers:
|
|
|
+ ## - name: your-image-name
|
|
|
+ ## image: your-image
|
|
|
+ ## imagePullPolicy: Always
|
|
|
+ ## command: ['sh', '-c', 'echo "hello world"']
|
|
|
+ ##
|
|
|
+ initContainers: []
|
|
|
|
|
|
-## Webhooks configuration
|
|
|
-##
|
|
|
-webhook:
|
|
|
- ## @param webhook.validating.create Create ValidatingWebhookConfiguration
|
|
|
- ## @param webhook.validating.failurePolicy Set failure policy of the validating webhook
|
|
|
+ ## Webhooks configuration
|
|
|
+ ##
|
|
|
+ webhook:
|
|
|
+ ## @param operator.webhook.validating.create Create ValidatingWebhookConfiguration
|
|
|
+ ## @param operator.webhook.validating.failurePolicy Set failure policy of the validating webhook
|
|
|
+ ##
|
|
|
+ validating:
|
|
|
+ create: true
|
|
|
+ failurePolicy: Fail
|
|
|
+ ## @param operator.webhook.mutating.create Create MutatingWebhookConfiguration
|
|
|
+ ## @param operator.webhook.mutating.failurePolicy Set failure policy of the mutating webhook
|
|
|
+ ##
|
|
|
+ mutating:
|
|
|
+ create: true
|
|
|
+ failurePolicy: Fail
|
|
|
+
|
|
|
+ ## Autoscaling configuration
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
|
+ ##
|
|
|
+ autoscaling:
|
|
|
+ vpa:
|
|
|
+ ## @param operator.autoscaling.vpa.enabled Enable VPA
|
|
|
+ ##
|
|
|
+ enabled: false
|
|
|
+ ## @param operator.autoscaling.vpa.annotations Annotations for VPA resource
|
|
|
+ ##
|
|
|
+ annotations: {}
|
|
|
+ ## @param operator.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
|
|
|
+ ##
|
|
|
+ controlledResources: []
|
|
|
+ ## @param operator.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
|
|
|
+ ## cpu: 200m
|
|
|
+ ## memory: 100Mi
|
|
|
+ maxAllowed: {}
|
|
|
+ ## @param operator.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
|
|
|
+ ## cpu: 200m
|
|
|
+ ## memory: 100Mi
|
|
|
+ minAllowed: {}
|
|
|
+ updatePolicy:
|
|
|
+ ## @param operator.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
|
|
|
+ ## Possible values are "Off", "Initial", "Recreate", and "Auto".
|
|
|
+ ##
|
|
|
+ updateMode: Auto
|
|
|
+ hpa:
|
|
|
+ ## @param operator.autoscaling.hpa.enabled Enable autoscaling for operator
|
|
|
+ ##
|
|
|
+ enabled: false
|
|
|
+ ## @param operator.autoscaling.hpa.minReplicas Minimum number of operator replicas
|
|
|
+ ##
|
|
|
+ minReplicas: ""
|
|
|
+ ## @param operator.autoscaling.hpa.maxReplicas Maximum number of operator replicas
|
|
|
+ ##
|
|
|
+ maxReplicas: ""
|
|
|
+ ## @param operator.autoscaling.hpa.targetCPU Target CPU utilization percentage
|
|
|
+ ##
|
|
|
+ targetCPU: ""
|
|
|
+ ## @param operator.autoscaling.hpa.targetMemory Target Memory utilization percentage
|
|
|
+ ##
|
|
|
+ targetMemory: ""
|
|
|
+ ## @section cloudnative-pg Operator Traffic Exposure Parameters
|
|
|
+ ##
|
|
|
+ service:
|
|
|
+ ## @param operator.service.type cloudnative-pg Operator service type
|
|
|
+ ##
|
|
|
+ type: ClusterIP
|
|
|
+ ## @param operator.service.ports.webhook cloudnative-pg Operator service webhook port
|
|
|
+ ##
|
|
|
+ ports:
|
|
|
+ webhook: 443
|
|
|
+ ## Node ports to expose
|
|
|
+ ## @param operator.service.nodePorts.webhook Node port for webhook
|
|
|
+ ## NOTE: choose port between <30000-32767>
|
|
|
+ ##
|
|
|
+ nodePorts:
|
|
|
+ webhook: ""
|
|
|
+ ## @param operator.service.clusterIP cloudnative-pg Operator service Cluster IP
|
|
|
+ ## e.g.:
|
|
|
+ ## clusterIP: None
|
|
|
+ ##
|
|
|
+ clusterIP: ""
|
|
|
+ ## @param operator.service.loadBalancerIP cloudnative-pg Operator service Load Balancer IP
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
|
|
+ ##
|
|
|
+ loadBalancerIP: ""
|
|
|
+ ## @param operator.service.loadBalancerSourceRanges cloudnative-pg Operator service Load Balancer sources
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
|
+ ## e.g:
|
|
|
+ ## loadBalancerSourceRanges:
|
|
|
+ ## - 10.10.10.0/24
|
|
|
+ ##
|
|
|
+ loadBalancerSourceRanges: []
|
|
|
+ ## @param operator.service.externalTrafficPolicy cloudnative-pg Operator service external traffic policy
|
|
|
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-web-source-ip
|
|
|
+ ##
|
|
|
+ externalTrafficPolicy: Cluster
|
|
|
+ ## @param operator.service.labels [object] Labels for the service
|
|
|
+ ##
|
|
|
+ labels: {}
|
|
|
+ ## @param operator.service.annotations Additional custom annotations for cloudnative-pg Operator service
|
|
|
+ ##
|
|
|
+ annotations: {}
|
|
|
+ ## @param operator.service.extraPorts Extra ports to expose in cloudnative-pg Operator service (normally used with the `sidecars` value)
|
|
|
+ ##
|
|
|
+ extraPorts: []
|
|
|
+ ## @param operator.service.sessionAffinity Control where web requests go, to the same pod or round-robin
|
|
|
+ ## Values: WebIP or None
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
|
+ ##
|
|
|
+ sessionAffinity: None
|
|
|
+ ## @param operator.service.sessionAffinityConfig Additional settings for the sessionAffinity
|
|
|
+ ## sessionAffinityConfig:
|
|
|
+ ## webIP:
|
|
|
+ ## timeoutSeconds: 300
|
|
|
+ ##
|
|
|
+ sessionAffinityConfig: {}
|
|
|
+ ## Network Policies
|
|
|
+ ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
|
|
+ ##
|
|
|
+ networkPolicy:
|
|
|
+ ## @param operator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
|
|
+ ##
|
|
|
+ enabled: true
|
|
|
+ ## @param operator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
|
|
|
+ ##
|
|
|
+ kubeAPIServerPorts: [443, 6443, 8443]
|
|
|
+ ## @param operator.networkPolicy.allowExternal Don't require server label for connections
|
|
|
+ ## The Policy model to apply. When set to false, only pods with the correct
|
|
|
+ ## server label will have network access to the ports server is listening
|
|
|
+ ## on. When true, server will accept connections from any source
|
|
|
+ ## (with the correct destination port).
|
|
|
+ ##
|
|
|
+ allowExternal: true
|
|
|
+ ## @param operator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
|
|
+ ##
|
|
|
+ allowExternalEgress: true
|
|
|
+ ## @param operator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
|
|
+ ## e.g:
|
|
|
+ ## extraIngress:
|
|
|
+ ## - ports:
|
|
|
+ ## - port: 1234
|
|
|
+ ## from:
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchLabels:
|
|
|
+ ## - role: frontend
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchExpressions:
|
|
|
+ ## - key: role
|
|
|
+ ## operator: In
|
|
|
+ ## values:
|
|
|
+ ## - frontend
|
|
|
+ extraIngress: []
|
|
|
+ ## @param operator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
|
|
+ ## e.g:
|
|
|
+ ## extraEgress:
|
|
|
+ ## - ports:
|
|
|
+ ## - port: 1234
|
|
|
+ ## to:
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchLabels:
|
|
|
+ ## - role: frontend
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchExpressions:
|
|
|
+ ## - key: role
|
|
|
+ ## operator: In
|
|
|
+ ## values:
|
|
|
+ ## - frontend
|
|
|
+ ##
|
|
|
+ extraEgress: []
|
|
|
+ ## @param operator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
|
|
+ ## @param operator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
|
|
+ ##
|
|
|
+ ingressNSMatchLabels: {}
|
|
|
+ ingressNSPodMatchLabels: {}
|
|
|
+
|
|
|
+ ## @section cloudnative-pg Operator RBAC Parameters
|
|
|
+ ##
|
|
|
+
|
|
|
+ ## RBAC configuration
|
|
|
##
|
|
|
- validating:
|
|
|
+ rbac:
|
|
|
+ ## @param operator.rbac.create Specifies whether RBAC resources should be created
|
|
|
+ ##
|
|
|
create: true
|
|
|
- failurePolicy: Fail
|
|
|
- ## @param webhook.mutating.create Create MutatingWebhookConfiguration
|
|
|
- ## @param webhook.mutating.failurePolicy Set failure policy of the mutating webhook
|
|
|
+ ## @param operator.rbac.rules Custom RBAC rules to set
|
|
|
+ ## e.g:
|
|
|
+ ## rules:
|
|
|
+ ## - apiGroups:
|
|
|
+ ## - ""
|
|
|
+ ## resources:
|
|
|
+ ## - pods
|
|
|
+ ## verbs:
|
|
|
+ ## - get
|
|
|
+ ## - list
|
|
|
+ ##
|
|
|
+ rules: []
|
|
|
+ ## ServiceAccount configuration
|
|
|
##
|
|
|
- mutating:
|
|
|
+ serviceAccount:
|
|
|
+ ## @param operator.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
|
+ ##
|
|
|
create: true
|
|
|
- failurePolicy: Fail
|
|
|
-
|
|
|
-## Autoscaling configuration
|
|
|
-## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
|
-##
|
|
|
-autoscaling:
|
|
|
- vpa:
|
|
|
- ## @param autoscaling.vpa.enabled Enable VPA
|
|
|
+ ## @param operator.serviceAccount.name The name of the ServiceAccount to use.
|
|
|
+ ## If not set and create is true, a name is generated using the common.names.fullname template
|
|
|
##
|
|
|
- enabled: false
|
|
|
- ## @param autoscaling.vpa.annotations Annotations for VPA resource
|
|
|
+ name: ""
|
|
|
+ ## @param operator.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
|
|
|
##
|
|
|
annotations: {}
|
|
|
- ## @param autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
|
|
|
- ##
|
|
|
- controlledResources: []
|
|
|
- ## @param autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
|
|
|
- ## cpu: 200m
|
|
|
- ## memory: 100Mi
|
|
|
- maxAllowed: {}
|
|
|
- ## @param autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
|
|
|
- ## cpu: 200m
|
|
|
- ## memory: 100Mi
|
|
|
- minAllowed: {}
|
|
|
- updatePolicy:
|
|
|
- ## @param autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
|
|
|
- ## Possible values are "Off", "Initial", "Recreate", and "Auto".
|
|
|
- ##
|
|
|
- updateMode: Auto
|
|
|
- hpa:
|
|
|
- ## @param autoscaling.hpa.enabled Enable autoscaling for operator
|
|
|
+ ## @param operator.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
|
|
|
##
|
|
|
- enabled: false
|
|
|
- ## @param autoscaling.hpa.minReplicas Minimum number of operator replicas
|
|
|
+ automountServiceAccountToken: false
|
|
|
+ ## @section cloudnative-pg Operator Metrics Parameters
|
|
|
+ ##
|
|
|
+
|
|
|
+ ## Prometheus metrics
|
|
|
+ ##
|
|
|
+ metrics:
|
|
|
+ ## @param operator.metrics.enabled Enable the export of Prometheus metrics
|
|
|
##
|
|
|
- minReplicas: ""
|
|
|
- ## @param autoscaling.hpa.maxReplicas Maximum number of operator replicas
|
|
|
+ enabled: false
|
|
|
+ ## Monitoring Queries
|
|
|
##
|
|
|
- maxReplicas: ""
|
|
|
- ## @param autoscaling.hpa.targetCPU Target CPU utilization percentage
|
|
|
+ monitoringQueries:
|
|
|
+ ## @param operator.metrics.monitoringQueries.useSecret Use secret for the monitoring queries. Will use a ConfigMap if false
|
|
|
+ ##
|
|
|
+ useSecret: false
|
|
|
+ ## @param operator.metrics.monitoringQueries.overrideConfiguration Override sections of the default monitoring queries configuration
|
|
|
+ ##
|
|
|
+ overrideConfiguration: {}
|
|
|
+ ## @param operator.metrics.monitoringQueries.existingQueries Name of a ConfigMap or Secret with existing monitoring queries
|
|
|
+ ##
|
|
|
+ existingQueries: ""
|
|
|
+ ## Metrics service configuration
|
|
|
##
|
|
|
- targetCPU: ""
|
|
|
- ## @param autoscaling.hpa.targetMemory Target Memory utilization percentage
|
|
|
+ service:
|
|
|
+ ## @param operator.metrics.service.ports.metrics Meetrics service port
|
|
|
+ ##
|
|
|
+ ports:
|
|
|
+ metrics: 80
|
|
|
+ ## @param operator.metrics.service.clusterIP Static clusterIP or None for headless services
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
|
|
|
+ ##
|
|
|
+ clusterIP: ""
|
|
|
+ ## @param operator.metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
|
|
|
+ ## Values: ClientIP or None
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
|
+ ##
|
|
|
+ sessionAffinity: None
|
|
|
+ ## @param operator.metrics.service.labels [object] Labels for the metrics service
|
|
|
+ ##
|
|
|
+ labels: {}
|
|
|
+ ## @param operator.metrics.service.annotations [object] Annotations for the metrics service
|
|
|
+ ##
|
|
|
+ annotations: {}
|
|
|
+ ## Prometheus Operator ServiceMonitor configuration
|
|
|
##
|
|
|
- targetMemory: ""
|
|
|
-## @section cloudnative-pg Operator Traffic Exposure Parameters
|
|
|
+ serviceMonitor:
|
|
|
+ ## @param operator.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
|
|
|
+ ##
|
|
|
+ enabled: false
|
|
|
+ ## @param operator.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
|
|
+ ##
|
|
|
+ namespace: ""
|
|
|
+ ## @param operator.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
|
|
|
+ ##
|
|
|
+ annotations: {}
|
|
|
+ ## @param operator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
|
|
|
+ ##
|
|
|
+ labels: {}
|
|
|
+ ## @param operator.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
|
|
|
+ ##
|
|
|
+ jobLabel: ""
|
|
|
+ ## @param operator.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
|
|
|
+ ##
|
|
|
+ honorLabels: false
|
|
|
+ ## @param operator.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
|
|
|
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
+ ## e.g:
|
|
|
+ ## interval: 10s
|
|
|
+ ##
|
|
|
+ interval: ""
|
|
|
+ ## @param operator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
|
|
|
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
+ ## e.g:
|
|
|
+ ## scrapeTimeout: 10s
|
|
|
+ ##
|
|
|
+ scrapeTimeout: ""
|
|
|
+ ## @param operator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
|
|
|
+ ##
|
|
|
+ metricRelabelings: []
|
|
|
+ ## @param operator.metrics.serviceMonitor.relabelings Specify general relabeling
|
|
|
+ ##
|
|
|
+ relabelings: []
|
|
|
+ ## @param operator.metrics.serviceMonitor.selector Prometheus instance selector labels
|
|
|
+ ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
|
|
|
+ ## selector:
|
|
|
+ ## prometheus: my-prometheus
|
|
|
+ ##
|
|
|
+ selector: {}
|
|
|
+
|
|
|
+## @section plugin-barman-cloud parameters
|
|
|
##
|
|
|
-service:
|
|
|
- ## @param service.type cloudnative-pg Operator service type
|
|
|
- ##
|
|
|
- type: ClusterIP
|
|
|
- ## @param service.ports.webhook cloudnative-pg Operator service webhook port
|
|
|
- ##
|
|
|
- ports:
|
|
|
- webhook: 443
|
|
|
- ## Node ports to expose
|
|
|
- ## @param service.nodePorts.webhook Node port for webhook
|
|
|
- ## NOTE: choose port between <30000-32767>
|
|
|
- ##
|
|
|
- nodePorts:
|
|
|
- webhook: ""
|
|
|
- ## @param service.clusterIP cloudnative-pg Operator service Cluster IP
|
|
|
- ## e.g.:
|
|
|
- ## clusterIP: None
|
|
|
- ##
|
|
|
- clusterIP: ""
|
|
|
- ## @param service.loadBalancerIP cloudnative-pg Operator service Load Balancer IP
|
|
|
- ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
|
|
- ##
|
|
|
- loadBalancerIP: ""
|
|
|
- ## @param service.loadBalancerSourceRanges cloudnative-pg Operator service Load Balancer sources
|
|
|
- ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
|
- ## e.g:
|
|
|
- ## loadBalancerSourceRanges:
|
|
|
- ## - 10.10.10.0/24
|
|
|
+pluginBarmanCloud:
|
|
|
+ ## @param pluginBarmanCloud.enabled Enable the plugin for Barman Cloud
|
|
|
##
|
|
|
- loadBalancerSourceRanges: []
|
|
|
- ## @param service.externalTrafficPolicy cloudnative-pg Operator service external traffic policy
|
|
|
- ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-web-source-ip
|
|
|
+ enabled: true
|
|
|
+ ## Bitnami plugin-barman-cloud image
|
|
|
+ ## ref: https://hub.docker.com/r/bitnami/plugin-barman-cloud/tags/
|
|
|
+ ## @param pluginBarmanCloud.image.registry [default: REGISTRY_NAME] plugin-barman-cloud image registry
|
|
|
+ ## @param pluginBarmanCloud.image.repository [default: REPOSITORY_NAME/plugin-barman-cloud] plugin-barman-cloud image repository
|
|
|
+ ## @skip pluginBarmanCloud.image.tag plugin-barman-cloud image tag (immutable tags are recommended)
|
|
|
+ ## @param pluginBarmanCloud.image.digest plugin-barman-cloud image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
|
|
|
+ ## @param pluginBarmanCloud.image.pullPolicy plugin-barman-cloud image pull policy
|
|
|
+ ## @param pluginBarmanCloud.image.pullSecrets plugin-barman-cloud image pull secrets
|
|
|
+ ## @param pluginBarmanCloud.image.debug Enable plugin-barman-cloud image debug mode
|
|
|
##
|
|
|
- externalTrafficPolicy: Cluster
|
|
|
- ## @param service.labels [object] Labels for the service
|
|
|
+ image:
|
|
|
+ registry: docker.io
|
|
|
+ repository: bitnami/plugin-barman-cloud
|
|
|
+ tag: 0.5.0-debian-12-r0
|
|
|
+ digest: ""
|
|
|
+ ## Specify a imagePullPolicy
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
|
|
+ ##
|
|
|
+ pullPolicy: IfNotPresent
|
|
|
+ ## Optionally specify an array of imagePullSecrets.
|
|
|
+ ## Secrets must be manually created in the namespace.
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
|
+ ## e.g:
|
|
|
+ ## pullSecrets:
|
|
|
+ ## - myRegistryKeySecretName
|
|
|
+ ##
|
|
|
+ pullSecrets: []
|
|
|
+ ## Enable debug mode
|
|
|
+ ##
|
|
|
+ debug: false
|
|
|
+ ## Bitnami plugin-barman-cloud-sidecar image version
|
|
|
+ ## ref: https://hub.docker.com/r/bitnami/plugin-barman-cloud/tags/
|
|
|
+ ## @param pluginBarmanCloud.sidecarImage.registry [default: REGISTRY_NAME] plugin-barman-cloud-sidecar image registry
|
|
|
+ ## @param pluginBarmanCloud.sidecarImage.repository [default: REPOSITORY_NAME/plugin-barman-cloud-sidecar] plugin-barman-cloud-sidecar image repository
|
|
|
+ ## @skip pluginBarmanCloud.sidecarImage.tag plugin-barman-cloud-sidecar image tag (immutable tags are recommended)
|
|
|
+ ## @param pluginBarmanCloud.sidecarImage.digest plugin-barman-cloud-sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
|
##
|
|
|
- labels: {}
|
|
|
- ## @param service.annotations Additional custom annotations for cloudnative-pg Operator service
|
|
|
+ sidecarImage:
|
|
|
+ registry: docker.io
|
|
|
+ repository: bitnami/plugin-barman-cloud-sidecar
|
|
|
+ tag: 0.5.0-debian-12-r1
|
|
|
+ digest: ""
|
|
|
+ ## @param pluginBarmanCloud.replicaCount Number of plugin-barman-cloud replicas to deploy
|
|
|
##
|
|
|
- annotations: {}
|
|
|
- ## @param service.extraPorts Extra ports to expose in cloudnative-pg Operator service (normally used with the `sidecars` value)
|
|
|
+ replicaCount: 1
|
|
|
+ ## @param pluginBarmanCloud.containerPorts.metrics plugin-barman-cloud metrics container port
|
|
|
+ ## @param pluginBarmanCloud.containerPorts.grpc plugin-barman-cloud grpc container port
|
|
|
+ ## @param pluginBarmanCloud.containerPorts.health plugin-barman-cloud health container port
|
|
|
##
|
|
|
- extraPorts: []
|
|
|
- ## @param service.sessionAffinity Control where web requests go, to the same pod or round-robin
|
|
|
- ## Values: WebIP or None
|
|
|
- ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
|
+ containerPorts:
|
|
|
+ metrics: 8080
|
|
|
+ grpc: 9443
|
|
|
+ health: 8921
|
|
|
+ ## Configure extra options for plugin-barman-cloud containers' liveness and readiness probes
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
|
+ ## @param pluginBarmanCloud.livenessProbe.enabled Enable livenessProbe on plugin-barman-cloud containers
|
|
|
+ ## @param pluginBarmanCloud.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
|
+ ## @param pluginBarmanCloud.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
|
+ ## @param pluginBarmanCloud.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
|
+ ## @param pluginBarmanCloud.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
|
+ ## @param pluginBarmanCloud.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
|
##
|
|
|
- sessionAffinity: None
|
|
|
- ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
|
|
|
- ## sessionAffinityConfig:
|
|
|
- ## webIP:
|
|
|
- ## timeoutSeconds: 300
|
|
|
+ livenessProbe:
|
|
|
+ enabled: true
|
|
|
+ initialDelaySeconds: 5
|
|
|
+ periodSeconds: 10
|
|
|
+ timeoutSeconds: 5
|
|
|
+ failureThreshold: 5
|
|
|
+ successThreshold: 1
|
|
|
+ ## @param pluginBarmanCloud.readinessProbe.enabled Enable readinessProbe on plugin-barman-cloud containers
|
|
|
+ ## @param pluginBarmanCloud.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
|
+ ## @param pluginBarmanCloud.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
|
+ ## @param pluginBarmanCloud.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
|
+ ## @param pluginBarmanCloud.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
|
+ ## @param pluginBarmanCloud.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
|
##
|
|
|
- sessionAffinityConfig: {}
|
|
|
-## Network Policies
|
|
|
-## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
|
|
-##
|
|
|
-networkPolicy:
|
|
|
- ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
|
|
+ readinessProbe:
|
|
|
+ enabled: true
|
|
|
+ initialDelaySeconds: 5
|
|
|
+ periodSeconds: 10
|
|
|
+ timeoutSeconds: 5
|
|
|
+ failureThreshold: 5
|
|
|
+ successThreshold: 1
|
|
|
+ ## @param pluginBarmanCloud.startupProbe.enabled Enable startupProbe on plugin-barman-cloud containers
|
|
|
+ ## @param pluginBarmanCloud.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
|
+ ## @param pluginBarmanCloud.startupProbe.periodSeconds Period seconds for startupProbe
|
|
|
+ ## @param pluginBarmanCloud.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
|
+ ## @param pluginBarmanCloud.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
|
+ ## @param pluginBarmanCloud.startupProbe.successThreshold Success threshold for startupProbe
|
|
|
##
|
|
|
- enabled: true
|
|
|
- ## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
|
|
|
+ startupProbe:
|
|
|
+ enabled: false
|
|
|
+ initialDelaySeconds: 5
|
|
|
+ periodSeconds: 10
|
|
|
+ timeoutSeconds: 5
|
|
|
+ failureThreshold: 5
|
|
|
+ successThreshold: 1
|
|
|
+ ## @param pluginBarmanCloud.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
|
##
|
|
|
- kubeAPIServerPorts: [443, 6443, 8443]
|
|
|
- ## @param networkPolicy.allowExternal Don't require server label for connections
|
|
|
- ## The Policy model to apply. When set to false, only pods with the correct
|
|
|
- ## server label will have network access to the ports server is listening
|
|
|
- ## on. When true, server will accept connections from any source
|
|
|
- ## (with the correct destination port).
|
|
|
+ customLivenessProbe: {}
|
|
|
+ ## @param pluginBarmanCloud.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
|
##
|
|
|
- allowExternal: true
|
|
|
- ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
|
|
+ customReadinessProbe: {}
|
|
|
+ ## @param pluginBarmanCloud.customStartupProbe Custom startupProbe that overrides the default one
|
|
|
##
|
|
|
- allowExternalEgress: true
|
|
|
- ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
|
|
- ## e.g:
|
|
|
- ## extraIngress:
|
|
|
- ## - ports:
|
|
|
- ## - port: 1234
|
|
|
- ## from:
|
|
|
- ## - podSelector:
|
|
|
- ## - matchLabels:
|
|
|
- ## - role: frontend
|
|
|
- ## - podSelector:
|
|
|
- ## - matchExpressions:
|
|
|
- ## - key: role
|
|
|
- ## operator: In
|
|
|
- ## values:
|
|
|
- ## - frontend
|
|
|
- extraIngress: []
|
|
|
- ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
|
|
- ## e.g:
|
|
|
- ## extraEgress:
|
|
|
- ## - ports:
|
|
|
- ## - port: 1234
|
|
|
- ## to:
|
|
|
- ## - podSelector:
|
|
|
- ## - matchLabels:
|
|
|
- ## - role: frontend
|
|
|
- ## - podSelector:
|
|
|
- ## - matchExpressions:
|
|
|
- ## - key: role
|
|
|
- ## operator: In
|
|
|
- ## values:
|
|
|
- ## - frontend
|
|
|
- ##
|
|
|
- extraEgress: []
|
|
|
- ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
|
|
- ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
|
|
- ##
|
|
|
- ingressNSMatchLabels: {}
|
|
|
- ingressNSPodMatchLabels: {}
|
|
|
-
|
|
|
-## @section cloudnative-pg Operator RBAC Parameters
|
|
|
-##
|
|
|
-
|
|
|
-## RBAC configuration
|
|
|
-##
|
|
|
-rbac:
|
|
|
- ## @param rbac.create Specifies whether RBAC resources should be created
|
|
|
+ customStartupProbe: {}
|
|
|
+ ## plugin-barman-cloud resource requests and limits
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
|
+ ## @param pluginBarmanCloud.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if.resources is set (operator.resources is recommended for production).
|
|
|
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
|
|
+ ##
|
|
|
+ resourcesPreset: "nano"
|
|
|
+ ## @param pluginBarmanCloud.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
|
|
+ ## Example:
|
|
|
+ ## resources:
|
|
|
+ ## requests:
|
|
|
+ ## cpu: 2
|
|
|
+ ## memory: 512Mi
|
|
|
+ ## limits:
|
|
|
+ ## cpu: 3
|
|
|
+ ## memory: 1024Mi
|
|
|
+ ##
|
|
|
+ resources: {}
|
|
|
+ ## Configure Pods Security Context
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
|
+ ## @param pluginBarmanCloud.podSecurityContext.enabled Enabled plugin-barman-cloud pods' Security Context
|
|
|
+ ## @param pluginBarmanCloud.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
|
|
+ ## @param pluginBarmanCloud.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
|
|
+ ## @param pluginBarmanCloud.podSecurityContext.supplementalGroups Set filesystem extra groups
|
|
|
+ ## @param pluginBarmanCloud.podSecurityContext.fsGroup Set plugin-barman-cloud pod's Security Context fsGroup
|
|
|
+ ##
|
|
|
+ podSecurityContext:
|
|
|
+ enabled: true
|
|
|
+ fsGroupChangePolicy: Always
|
|
|
+ sysctls: []
|
|
|
+ supplementalGroups: []
|
|
|
+ fsGroup: 1001
|
|
|
+ ## Configure Container Security Context
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.enabled Enabled containers' Security Context
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.privileged Set container's Security Context privileged
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
|
|
+ ## @param pluginBarmanCloud.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
|
|
+ ##
|
|
|
+ containerSecurityContext:
|
|
|
+ enabled: true
|
|
|
+ seLinuxOptions: {}
|
|
|
+ runAsUser: 1001
|
|
|
+ runAsGroup: 1001
|
|
|
+ runAsNonRoot: true
|
|
|
+ privileged: false
|
|
|
+ readOnlyRootFilesystem: true
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop: ["ALL"]
|
|
|
+ seccompProfile:
|
|
|
+ type: "RuntimeDefault"
|
|
|
+ ## @param pluginBarmanCloud.command Override default container command (useful when using custom images)
|
|
|
+ ##
|
|
|
+ command: []
|
|
|
+ ## @param pluginBarmanCloud.args Override default container args (useful when using custom images)
|
|
|
+ ##
|
|
|
+ args: []
|
|
|
+ ## @param pluginBarmanCloud.extraArgs Additional command line arguments to pass to default command
|
|
|
+ ##
|
|
|
+ extraArgs: []
|
|
|
+ ## @param pluginBarmanCloud.automountServiceAccountToken Mount Service Account token in pod
|
|
|
+ ##
|
|
|
+ automountServiceAccountToken: true
|
|
|
+ ## @param pluginBarmanCloud.hostAliases plugin-barman-cloud pods host aliases
|
|
|
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
|
+ ##
|
|
|
+ hostAliases: []
|
|
|
+ ## @param pluginBarmanCloud.podLabels Extra labels for plugin-barman-cloud pods
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
|
+ ##
|
|
|
+ podLabels: {}
|
|
|
+ ## @param pluginBarmanCloud.podAnnotations Annotations for plugin-barman-cloud pods
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
|
+ ##
|
|
|
+ podAnnotations: {}
|
|
|
+ ## @param pluginBarmanCloud.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
|
+ ##
|
|
|
+ podAffinityPreset: ""
|
|
|
+ ## @param pluginBarmanCloud.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
|
+ ##
|
|
|
+ podAntiAffinityPreset: soft
|
|
|
+ ## Pod Disruption Budget configuration
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
|
+ ## @param pluginBarmanCloud.pdb.create Enable/disable a Pod Disruption Budget creation
|
|
|
+ ## @param pluginBarmanCloud.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
|
+ ## @param pluginBarmanCloud.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
|
+ ##
|
|
|
+ pdb:
|
|
|
+ create: true
|
|
|
+ minAvailable: ""
|
|
|
+ maxUnavailable: ""
|
|
|
+ ## Node affinity preset
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
|
+ ##
|
|
|
+ nodeAffinityPreset:
|
|
|
+ ## @param pluginBarmanCloud.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
|
+ ##
|
|
|
+ type: ""
|
|
|
+ ## @param pluginBarmanCloud.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
|
|
|
+ ##
|
|
|
+ key: ""
|
|
|
+ ## @param pluginBarmanCloud.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
|
|
|
+ ## E.g.
|
|
|
+ ## values:
|
|
|
+ ## - e2e-az1
|
|
|
+ ## - e2e-az2
|
|
|
+ ##
|
|
|
+ values: []
|
|
|
+ ## @param pluginBarmanCloud.affinity Affinity for plugin-barman-cloud pods assignment
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
+ ## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
|
|
|
+ ##
|
|
|
+ affinity: {}
|
|
|
+ ## @param pluginBarmanCloud.nodeSelector Node labels for plugin-barman-cloud pods assignment
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
|
|
|
+ ##
|
|
|
+ nodeSelector: {}
|
|
|
+ ## @param pluginBarmanCloud.tolerations Tolerations for plugin-barman-cloud pods assignment
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
|
+ ##
|
|
|
+ tolerations: []
|
|
|
+ ## @param pluginBarmanCloud.updateStrategy.type plugin-barman-cloud statefulset strategy type
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
|
|
+ ##
|
|
|
+ updateStrategy:
|
|
|
+ ## StrategyType
|
|
|
+ ## Can be set to RollingUpdate or OnDelete
|
|
|
+ ##
|
|
|
+ type: RollingUpdate
|
|
|
+ ## @param pluginBarmanCloud.priorityClassName plugin-barman-cloud pods' priorityClassName
|
|
|
+ ##
|
|
|
+ priorityClassName: ""
|
|
|
+ ## @param pluginBarmanCloud.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
|
|
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
|
+ ##
|
|
|
+ topologySpreadConstraints: []
|
|
|
+ ## @param pluginBarmanCloud.schedulerName Name of the k8s scheduler (other than default) for plugin-barman-cloud pods
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
|
+ ##
|
|
|
+ schedulerName: ""
|
|
|
+ ## @param pluginBarmanCloud.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
|
|
|
+ ##
|
|
|
+ terminationGracePeriodSeconds: ""
|
|
|
+ ## @param pluginBarmanCloud.lifecycleHooks for the plugin-barman-cloud container(s) to automate configuration before or after startup
|
|
|
##
|
|
|
- create: true
|
|
|
- ## @param rbac.rules Custom RBAC rules to set
|
|
|
+ lifecycleHooks: {}
|
|
|
+ ## @param pluginBarmanCloud.extraEnvVars Array with extra environment variables to add to plugin-barman-cloud nodes
|
|
|
## e.g:
|
|
|
- ## rules:
|
|
|
- ## - apiGroups:
|
|
|
- ## - ""
|
|
|
- ## resources:
|
|
|
- ## - pods
|
|
|
- ## verbs:
|
|
|
- ## - get
|
|
|
- ## - list
|
|
|
- ##
|
|
|
- rules: []
|
|
|
-## ServiceAccount configuration
|
|
|
-##
|
|
|
-serviceAccount:
|
|
|
- ## @param serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
|
+ ## extraEnvVars:
|
|
|
+ ## - name: FOO
|
|
|
+ ## value: "bar"
|
|
|
##
|
|
|
- create: true
|
|
|
- ## @param serviceAccount.name The name of the ServiceAccount to use.
|
|
|
- ## If not set and create is true, a name is generated using the common.names.fullname template
|
|
|
+ extraEnvVars: []
|
|
|
+ ## @param pluginBarmanCloud.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for plugin-barman-cloud nodes
|
|
|
##
|
|
|
- name: ""
|
|
|
- ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
|
|
|
+ extraEnvVarsCM: ""
|
|
|
+ ## @param pluginBarmanCloud.extraEnvVarsSecret Name of existing Secret containing extra env vars for plugin-barman-cloud nodes
|
|
|
##
|
|
|
- annotations: {}
|
|
|
- ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
|
|
|
+ extraEnvVarsSecret: ""
|
|
|
+ ## @param pluginBarmanCloud.extraVolumes Optionally specify extra list of additional volumes for the plugin-barman-cloud pod(s)
|
|
|
##
|
|
|
- automountServiceAccountToken: false
|
|
|
-## @section cloudnative-pg Operator Metrics Parameters
|
|
|
-##
|
|
|
+ extraVolumes: []
|
|
|
+ ## @param pluginBarmanCloud.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the plugin-barman-cloud container(s)
|
|
|
+ ##
|
|
|
+ extraVolumeMounts: []
|
|
|
+ ## @param pluginBarmanCloud.sidecars Add additional sidecar containers to the plugin-barman-cloud pod(s)
|
|
|
+ ## e.g:
|
|
|
+ ## sidecars:
|
|
|
+ ## - name: your-image-name
|
|
|
+ ## image: your-image
|
|
|
+ ## imagePullPolicy: Always
|
|
|
+ ## ports:
|
|
|
+ ## - name: portname
|
|
|
+ ## containerPort: 1234
|
|
|
+ ##
|
|
|
+ sidecars: []
|
|
|
+ ## @param pluginBarmanCloud.initContainers Add additional init containers to the plugin-barman-cloud pod(s)
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
|
+ ## e.g:
|
|
|
+ ## initContainers:
|
|
|
+ ## - name: your-image-name
|
|
|
+ ## image: your-image
|
|
|
+ ## imagePullPolicy: Always
|
|
|
+ ## command: ['sh', '-c', 'echo "hello world"']
|
|
|
+ ##
|
|
|
+ initContainers: []
|
|
|
+ ## @section TLS/SSL parameters
|
|
|
+ ## NOTE: CloudNativePG plugins must have TLS certificates
|
|
|
+ ## https://github.com/cloudnative-pg/cloudnative-pg/blob/v1.26.0/internal/controller/plugin_predicates.go#L28
|
|
|
+ ##
|
|
|
+ tls:
|
|
|
+ ## @param pluginBarmanCloud.tls.server.existingSecret Existing secret that contains TLS certificates for the server
|
|
|
+ ## @param pluginBarmanCloud.tls.server.cert TLS certificate. Ignored if `pluginBarmanCloud.tls.server.existingSecret` is set
|
|
|
+ ## @param pluginBarmanCloud.tls.server.key TLS key. Ignored if `pluginBarmanCloud.tls.server.existingSecret` is set
|
|
|
+ ##
|
|
|
+ server:
|
|
|
+ existingSecret: ""
|
|
|
+ cert: ""
|
|
|
+ key: ""
|
|
|
+ ## @param pluginBarmanCloud.tls.client.existingSecret Existing secret that contains TLS certificates for the client
|
|
|
+ ## @param pluginBarmanCloud.tls.client.cert TLS certificate. Ignored if `pluginBarmanCloud.tls.client.existingSecret` is set
|
|
|
+ ## @param pluginBarmanCloud.tls.client.key TLS key. Ignored if `pluginBarmanCloud.tls.client.existingSecret` is set
|
|
|
+ ##
|
|
|
+ client:
|
|
|
+ existingSecret: ""
|
|
|
+ cert: ""
|
|
|
+ key: ""
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.enabled Enable automatic generation of certificates for TLS
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager)
|
|
|
+ autoGenerated:
|
|
|
+ enabled: true
|
|
|
+ engine: helm
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine)
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine)
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine)
|
|
|
+ ## @param pluginBarmanCloud.tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine)
|
|
|
+ certManager:
|
|
|
+ existingIssuer: ""
|
|
|
+ existingIssuerKind: ""
|
|
|
+ keySize: 2048
|
|
|
+ keyAlgorithm: RSA
|
|
|
+ duration: 2160h
|
|
|
+ renewBefore: 360h
|
|
|
|
|
|
-## Prometheus metrics
|
|
|
-##
|
|
|
-metrics:
|
|
|
- ## @param metrics.enabled Enable the export of Prometheus metrics
|
|
|
+ ## Autoscaling configuration
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
|
##
|
|
|
- enabled: false
|
|
|
- ## Metrics service configuration
|
|
|
+ autoscaling:
|
|
|
+ vpa:
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.vpa.enabled Enable VPA
|
|
|
+ ##
|
|
|
+ enabled: false
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.vpa.annotations Annotations for VPA resource
|
|
|
+ ##
|
|
|
+ annotations: {}
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
|
|
|
+ ##
|
|
|
+ controlledResources: []
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
|
|
|
+ ## cpu: 200m
|
|
|
+ ## memory: 100Mi
|
|
|
+ maxAllowed: {}
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
|
|
|
+ ## cpu: 200m
|
|
|
+ ## memory: 100Mi
|
|
|
+ minAllowed: {}
|
|
|
+ updatePolicy:
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
|
|
|
+ ## Possible values are "Off", "Initial", "Recreate", and "Auto".
|
|
|
+ ##
|
|
|
+ updateMode: Auto
|
|
|
+ hpa:
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.hpa.enabled Enable autoscaling for
|
|
|
+ ##
|
|
|
+ enabled: false
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.hpa.minReplicas Minimum number of replicas
|
|
|
+ ##
|
|
|
+ minReplicas: ""
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.hpa.maxReplicas Maximum number of replicas
|
|
|
+ ##
|
|
|
+ maxReplicas: ""
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.hpa.targetCPU Target CPU utilization percentage
|
|
|
+ ##
|
|
|
+ targetCPU: ""
|
|
|
+ ## @param pluginBarmanCloud.autoscaling.hpa.targetMemory Target Memory utilization percentage
|
|
|
+ ##
|
|
|
+ targetMemory: ""
|
|
|
+ ## @section plugin-barman-cloud Traffic Exposure Parameters
|
|
|
##
|
|
|
service:
|
|
|
- ## @param metrics.service.ports.metrics Meetrics service port
|
|
|
+ ## @param pluginBarmanCloud.service.type plugin-barman-cloud service type
|
|
|
+ ##
|
|
|
+ type: ClusterIP
|
|
|
+ ## @param pluginBarmanCloud.service.ports.grpc plugin-barman-cloud service webhook port
|
|
|
##
|
|
|
ports:
|
|
|
- metrics: 80
|
|
|
- ## @param metrics.service.clusterIP Static clusterIP or None for headless services
|
|
|
- ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
|
|
|
+ grpc: 9090
|
|
|
+ ## Node ports to expose
|
|
|
+ ## @param pluginBarmanCloud.service.nodePorts.grpc Node port for webhook
|
|
|
+ ## NOTE: choose port between <30000-32767>
|
|
|
+ ##
|
|
|
+ nodePorts:
|
|
|
+ grpc: ""
|
|
|
+ ## @param pluginBarmanCloud.service.clusterIP plugin-barman-cloud service Cluster IP
|
|
|
+ ## e.g.:
|
|
|
+ ## clusterIP: None
|
|
|
##
|
|
|
clusterIP: ""
|
|
|
- ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
|
|
|
- ## Values: ClientIP or None
|
|
|
- ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
|
+ ## @param pluginBarmanCloud.service.loadBalancerIP plugin-barman-cloud service Load Balancer IP
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
|
|
##
|
|
|
- sessionAffinity: None
|
|
|
- ## @param metrics.service.labels [object] Labels for the metrics service
|
|
|
+ loadBalancerIP: ""
|
|
|
+ ## @param pluginBarmanCloud.service.loadBalancerSourceRanges plugin-barman-cloud service Load Balancer sources
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
|
+ ## e.g:
|
|
|
+ ## loadBalancerSourceRanges:
|
|
|
+ ## - 10.10.10.0/24
|
|
|
+ ##
|
|
|
+ loadBalancerSourceRanges: []
|
|
|
+ ## @param pluginBarmanCloud.service.externalTrafficPolicy plugin-barman-cloud service external traffic policy
|
|
|
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-web-source-ip
|
|
|
+ ##
|
|
|
+ externalTrafficPolicy: Cluster
|
|
|
+ ## @param pluginBarmanCloud.service.labels [object] Labels for the service
|
|
|
##
|
|
|
labels: {}
|
|
|
- ## @param metrics.service.annotations [object] Annotations for the metrics service
|
|
|
+ ## @param pluginBarmanCloud.service.annotations Additional custom annotations for plugin-barman-cloud service
|
|
|
##
|
|
|
annotations: {}
|
|
|
- ## Prometheus Operator ServiceMonitor configuration
|
|
|
- ##
|
|
|
- serviceMonitor:
|
|
|
- ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
|
|
|
+ ## @param pluginBarmanCloud.service.extraPorts Extra ports to expose in plugin-barman-cloud service (normally used with the `sidecars` value)
|
|
|
##
|
|
|
- enabled: false
|
|
|
- ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
|
|
+ extraPorts: []
|
|
|
+ ## @param pluginBarmanCloud.service.sessionAffinity Control where web requests go, to the same pod or round-robin
|
|
|
+ ## Values: WebIP or None
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
|
##
|
|
|
- namespace: ""
|
|
|
- ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
|
|
|
+ sessionAffinity: None
|
|
|
+ ## @param pluginBarmanCloud.service.sessionAffinityConfig Additional settings for the sessionAffinity
|
|
|
+ ## sessionAffinityConfig:
|
|
|
+ ## webIP:
|
|
|
+ ## timeoutSeconds: 300
|
|
|
##
|
|
|
- annotations: {}
|
|
|
- ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
|
|
|
+ sessionAffinityConfig: {}
|
|
|
+ ## Network Policies
|
|
|
+ ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
|
|
+ ##
|
|
|
+ networkPolicy:
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
|
|
##
|
|
|
- labels: {}
|
|
|
- ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
|
|
|
+ enabled: true
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
|
|
|
##
|
|
|
- jobLabel: ""
|
|
|
- ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
|
|
|
+ kubeAPIServerPorts: [443, 6443, 8443]
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.allowExternal Don't require server label for connections
|
|
|
+ ## The Policy model to apply. When set to false, only pods with the correct
|
|
|
+ ## server label will have network access to the ports server is listening
|
|
|
+ ## on. When true, server will accept connections from any source
|
|
|
+ ## (with the correct destination port).
|
|
|
##
|
|
|
- honorLabels: false
|
|
|
- ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
|
|
|
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
+ allowExternal: true
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
|
|
+ ##
|
|
|
+ allowExternalEgress: true
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
|
|
+ ## e.g:
|
|
|
+ ## extraIngress:
|
|
|
+ ## - ports:
|
|
|
+ ## - port: 1234
|
|
|
+ ## from:
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchLabels:
|
|
|
+ ## - role: frontend
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchExpressions:
|
|
|
+ ## - key: role
|
|
|
+ ## : In
|
|
|
+ ## values:
|
|
|
+ ## - frontend
|
|
|
+ extraIngress: []
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
|
|
## e.g:
|
|
|
- ## interval: 10s
|
|
|
+ ## extraEgress:
|
|
|
+ ## - ports:
|
|
|
+ ## - port: 1234
|
|
|
+ ## to:
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchLabels:
|
|
|
+ ## - role: frontend
|
|
|
+ ## - podSelector:
|
|
|
+ ## - matchExpressions:
|
|
|
+ ## - key: role
|
|
|
+ ## : In
|
|
|
+ ## values:
|
|
|
+ ## - frontend
|
|
|
+ ##
|
|
|
+ extraEgress: []
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
|
|
+ ## @param pluginBarmanCloud.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
|
|
+ ##
|
|
|
+ ingressNSMatchLabels: {}
|
|
|
+ ingressNSPodMatchLabels: {}
|
|
|
+
|
|
|
+ ## @section plugin-barman-cloud RBAC Parameters
|
|
|
+ ##
|
|
|
+
|
|
|
+ ## RBAC configuration
|
|
|
+ ##
|
|
|
+ rbac:
|
|
|
+ ## @param pluginBarmanCloud.rbac.create Specifies whether RBAC resources should be created
|
|
|
##
|
|
|
- interval: ""
|
|
|
- ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
|
|
|
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
+ create: true
|
|
|
+ ## @param pluginBarmanCloud.rbac.rules Custom RBAC rules to set
|
|
|
## e.g:
|
|
|
- ## scrapeTimeout: 10s
|
|
|
+ ## rules:
|
|
|
+ ## - apiGroups:
|
|
|
+ ## - ""
|
|
|
+ ## resources:
|
|
|
+ ## - pods
|
|
|
+ ## verbs:
|
|
|
+ ## - get
|
|
|
+ ## - list
|
|
|
##
|
|
|
- scrapeTimeout: ""
|
|
|
- ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
|
|
|
+ rules: []
|
|
|
+ ## ServiceAccount configuration
|
|
|
+ ##
|
|
|
+ serviceAccount:
|
|
|
+ ## @param pluginBarmanCloud.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
|
##
|
|
|
- metricRelabelings: []
|
|
|
- ## @param metrics.serviceMonitor.relabelings Specify general relabeling
|
|
|
+ create: true
|
|
|
+ ## @param pluginBarmanCloud.serviceAccount.name The name of the ServiceAccount to use.
|
|
|
+ ## If not set and create is true, a name is generated using the common.names.fullname template
|
|
|
+ ##
|
|
|
+ name: ""
|
|
|
+ ## @param pluginBarmanCloud.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
|
|
|
##
|
|
|
- relabelings: []
|
|
|
- ## @param metrics.serviceMonitor.selector Prometheus instance selector labels
|
|
|
- ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
|
|
|
- ## selector:
|
|
|
- ## prometheus: my-prometheus
|
|
|
+ annotations: {}
|
|
|
+ ## @param pluginBarmanCloud.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
|
|
|
+ ##
|
|
|
+ automountServiceAccountToken: false
|
|
|
+ ## @section plugin-barman-cloud Metrics Parameters
|
|
|
+ ##
|
|
|
+
|
|
|
+ ## Prometheus metrics
|
|
|
+ ##
|
|
|
+ metrics:
|
|
|
+ ## @param pluginBarmanCloud.metrics.enabled Enable the export of Prometheus metrics
|
|
|
+ ##
|
|
|
+ enabled: false
|
|
|
+ ## @param pluginBarmanCloud.metrics.allowedServiceAccounts [array] Configure the allowed ServiceAccounts (with their namespace) to access the metrics endpoint
|
|
|
+ ## Example:
|
|
|
+ ## allowedServiceAccounts:
|
|
|
+ ## - name: default
|
|
|
+ ## namespace: test
|
|
|
##
|
|
|
- selector: {}
|
|
|
+ allowedServiceAccounts: []
|
|
|
+ ## Metrics service configuration
|
|
|
+ ##
|
|
|
+ service:
|
|
|
+ ## @param pluginBarmanCloud.metrics.service.ports.metrics Meetrics service port
|
|
|
+ ##
|
|
|
+ ports:
|
|
|
+ metrics: 80
|
|
|
+ ## @param pluginBarmanCloud.metrics.service.clusterIP Static clusterIP or None for headless services
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
|
|
|
+ ##
|
|
|
+ clusterIP: ""
|
|
|
+ ## @param pluginBarmanCloud.metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
|
|
|
+ ## Values: ClientIP or None
|
|
|
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
|
+ ##
|
|
|
+ sessionAffinity: None
|
|
|
+ ## @param pluginBarmanCloud.metrics.service.labels [object] Labels for the metrics service
|
|
|
+ ##
|
|
|
+ labels: {}
|
|
|
+ ## @param pluginBarmanCloud.metrics.service.annotations [object] Annotations for the metrics service
|
|
|
+ ##
|
|
|
+ annotations: {}
|
|
|
+ ## Prometheus ServiceMonitor configuration
|
|
|
+ ##
|
|
|
+ serviceMonitor:
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.enabled if `true`, creates a Prometheus ServiceMonitor (also requires `metrics.enabled` to be `true`)
|
|
|
+ ##
|
|
|
+ enabled: false
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
|
|
+ ##
|
|
|
+ namespace: ""
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
|
|
|
+ ##
|
|
|
+ annotations: {}
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
|
|
|
+ ##
|
|
|
+ labels: {}
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
|
|
|
+ ##
|
|
|
+ jobLabel: ""
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
|
|
|
+ ##
|
|
|
+ honorLabels: false
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
|
|
|
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
+ ## e.g:
|
|
|
+ ## interval: 10s
|
|
|
+ ##
|
|
|
+ interval: ""
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
|
|
|
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
+ ## e.g:
|
|
|
+ ## scrapeTimeout: 10s
|
|
|
+ ##
|
|
|
+ scrapeTimeout: ""
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
|
|
|
+ ##
|
|
|
+ metricRelabelings: []
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.relabelings Specify general relabeling
|
|
|
+ ##
|
|
|
+ relabelings: []
|
|
|
+ ## @param pluginBarmanCloud.metrics.serviceMonitor.selector Prometheus instance selector labels
|
|
|
+ ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
|
|
|
+ ## selector:
|
|
|
+ ## prometheus: my-prometheus
|
|
|
+ ##
|
|
|
+ selector: {}
|
Javier J. Salmerón García