diff --git a/.vib/zipkin/cypress/cypress.config.js b/.vib/zipkin/cypress/cypress.config.js new file mode 100644 index 00000000000000..2d02e4533ed32e --- /dev/null +++ b/.vib/zipkin/cypress/cypress.config.js @@ -0,0 +1,7 @@ +module.exports = { + defaultCommandTimeout: 90000, + e2e: { + setupNodeEvents(on, config) {}, + baseUrl: 'http://localhost', + }, +} diff --git a/.vib/zipkin/cypress/cypress/e2e/zipkin.cy.js b/.vib/zipkin/cypress/cypress/e2e/zipkin.cy.js new file mode 100644 index 00000000000000..445e3bc5e82027 --- /dev/null +++ b/.vib/zipkin/cypress/cypress/e2e/zipkin.cy.js @@ -0,0 +1,16 @@ +/* + * Copyright Broadcom, Inc. All Rights Reserved. + * SPDX-License-Identifier: APACHE-2.0 + */ + +/// + +// We check the pushed trace in the Job +it('should find pushed trace', () => { + cy.visit('/') + cy.get('[data-testid="add-button"]').click(); + cy.contains('li', 'serviceName').click(); + cy.fixture('services').then((service) => { + cy.contains(service.name); + }); +}) diff --git a/.vib/zipkin/cypress/cypress/fixtures/services.json b/.vib/zipkin/cypress/cypress/fixtures/services.json new file mode 100644 index 00000000000000..1acca78e4dea74 --- /dev/null +++ b/.vib/zipkin/cypress/cypress/fixtures/services.json @@ -0,0 +1,3 @@ +{ + "name": "yelp-main" +} diff --git a/.vib/zipkin/cypress/cypress/support/e2e.js b/.vib/zipkin/cypress/cypress/support/e2e.js new file mode 100644 index 00000000000000..ff9907666e61ae --- /dev/null +++ b/.vib/zipkin/cypress/cypress/support/e2e.js @@ -0,0 +1,25 @@ +/* + * Copyright Broadcom, Inc. All Rights Reserved. + * SPDX-License-Identifier: APACHE-2.0 + */ + +// *********************************************************** +// This example support/index.js is processed and +// loaded automatically before your test files. +// +// This is a great place to put global configuration and +// behavior that modifies Cypress. +// +// You can change the location of this file or turn off +// automatically serving support files with the +// 'supportFile' configuration option. +// +// You can read more here: +// https://on.cypress.io/configuration +// *********************************************************** + +// Import commands.js using ES2015 syntax: +// import './commands'; + +// Alternatively you can use CommonJS syntax: +// require('./commands') diff --git a/.vib/zipkin/goss/goss.yaml b/.vib/zipkin/goss/goss.yaml new file mode 100644 index 00000000000000..3b105f45ff9664 --- /dev/null +++ b/.vib/zipkin/goss/goss.yaml @@ -0,0 +1,42 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +http: + http://127.0.0.1:{{ .Vars.containerPorts.http }}/api/v2/services: + status: 200 + body: + - /yelp-main/ + http://zipkin:{{ .Vars.service.ports.http }}/api/v2/services: + status: 200 + body: + - /yelp-main/ + http://127.0.0.1:{{ .Vars.containerPorts.http }}/prometheus: + status: 200 + body: + - /armeria_server/ + http://zipkin:{{ .Vars.service.ports.http }}/prometheus: + status: 200 + body: + - /armeria_server/ + +command: + {{- $uid := .Vars.containerSecurityContext.runAsUser }} + {{- $gid := .Vars.podSecurityContext.fsGroup }} + check-user-info: + # The UID and GID should always be either the one specified as vars (always a bigger number that the default) + # or the one randomly defined by openshift (larger values). Otherwise, the chart is still using the default value. + exec: if [ $(id -u) -lt {{ $uid }} ] || [ $(id -G | awk '{print $2}') -lt {{ $gid }} ]; then exit 1; fi + exit-status: 0 + check-configured-env-vars: + exec: env + exit-status: 0 + stdout: + - /AUTOCOMPLETE_TTL.*{{ .Vars.configOverrides.AUTOCOMPLETE_TTL }}/ + +# The secret configuration should be mounted as a file +file: + /bitnami/zipkin/secrets/configuration/QUERY_NAMES_MAX_AGE: + exists: true + filetype: symlink + contents: + - /{{ .Vars.secretConfigOverrides.QUERY_NAMES_MAX_AGE }}/ diff --git a/.vib/zipkin/runtime-parameters.yaml b/.vib/zipkin/runtime-parameters.yaml new file mode 100644 index 00000000000000..30f3ad26f14ed5 --- /dev/null +++ b/.vib/zipkin/runtime-parameters.yaml @@ -0,0 +1,475 @@ +podSecurityContext: + fsGroup: 1002 +containerSecurityContext: + runAsUser: 1002 +containerPorts: + http: 6555 +usePasswordFile: true +configOverrides: + AUTOCOMPLETE_TTL: "1000000" +secretConfigOverrides: + QUERY_NAMES_MAX_AGE: "600" +replicaCount: 1 +service: + type: LoadBalancer + ports: + http: 80 +metrics: + enabled: true +extraDeploy: + # Job to push some data to the Zipkin instance + - | + apiVersion: batch/v1 + kind: Job + metadata: + name: zipkin-add-data + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: zipkin-job + image: docker.io/bitnami/os-shell:latest + command: + - /bin/bash + args: + - -ec + - | + set -o errexit + set -o nounset + set -o pipefail + + # Set the endpoint URL + host=zipkin + port={{ .Values.service.ports.http }} + + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + + zipkin_ready() { + # Test the TCP connection with a timeout + if timeout 5 bash -c " /tmp/ready + curl -k -X POST {{ ternary "https" "http" .Values.tls.enabled }}://zipkin:$port/api/v2/spans -H'Content-Type: application/json' -d @/sampledata/yelp.json + fi + startupProbe: + exec: + command: + - sh + - -c + - | + if [ $(cat /tmp/ready) = "1" ]; then + exit 0 + else + exit 1 + fi + initialDelaySeconds: 40 + periodSeconds: 20 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + volumeMounts: + - name: tmp + mountPath: /tmp + subPath: tmp-dir + - name: sample-data + mountPath: /sampledata + volumes: + - name: tmp + emptyDir: {} + - name: sample-data + configMap: + name: zipkin-test-data + # ConfigMap with the sample data + - | + apiVersion: v1 + kind: ConfigMap + metadata: + name: zipkin-test-data + data: + # Taken from https://github.com/openzipkin/zipkin/blob/master/zipkin-lens/testdata/yelp.json + yelp.json: | + [ + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "f5f268651b2a2b34", + "id": "15fc03927f0f68df", + "kind": "CLIENT", + "name": "post", + "timestamp": 1571896375322000, + "duration": 14000, + "localEndpoint": { + "serviceName": "mobile_api" + }, + "remoteEndpoint": { + "serviceName": "blt", + "port": 31882 + }, + "tags": { + "client_status_code": "200", + "http.uri.client": "/visits", + "request_budget": "9980", + "tracer": "syslog2scribe.haproxy-synapse" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "f5f268651b2a2b34", + "id": "7a778764a0d0b594", + "kind": "CLIENT", + "name": "get", + "timestamp": 1571896375310000, + "duration": 3000, + "localEndpoint": { + "serviceName": "mobile_api" + }, + "remoteEndpoint": { + "serviceName": "spectre", + "port": 31286 + }, + "tags": { + "client_status_code": "200", + "http.uri.client": "/visits", + "request_budget": "9989", + "tracer": "syslog2scribe.haproxy-synapse" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "f5f268651b2a2b34", + "id": "7a778764a0d0b594", + "kind": "SERVER", + "name": "get", + "timestamp": 1571896375310740, + "duration": 1490, + "localEndpoint": { + "serviceName": "spectre" + }, + "tags": { + "ecosystem": "prod", + "habitat": "uswest1aprod", + "http.uri.client": "/token/abcdefgh123456", + "region": "uswest1-prod" + }, + "shared": true + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "f5f268651b2a2b34", + "id": "6a65182ea4f684c3", + "kind": "CLIENT", + "name": "set mobile_api_nonce", + "timestamp": 1571896375302030, + "duration": 1026, + "localEndpoint": { + "serviceName": "mobile_api", + "port": 31049 + }, + "remoteEndpoint": { + "serviceName": "memcache" + }, + "tags": { + "driver": "yelp_memcache", + "method": "set", + "requests": "1", + "system": "mobile_api_nonce", + "ttl": "" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "f5f268651b2a2b34", + "id": "cb4d73f31cd90cae", + "kind": "CLIENT", + "name": "get_multi mobile_api_nonce", + "timestamp": 1571896375300642, + "duration": 1066, + "localEndpoint": { + "serviceName": "mobile_api", + "port": 31049 + }, + "remoteEndpoint": { + "serviceName": "memcache" + }, + "tags": { + "driver": "yelp_memcache", + "hits": "0", + "method": "get_multi", + "requests": "1", + "system": "mobile_api_nonce" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "2e8cfb154b59a41f", + "id": "f5f268651b2a2b34", + "kind": "SERVER", + "name": "post /location/update/v4", + "timestamp": 1571896375297103, + "duration": 41740, + "localEndpoint": { + "serviceName": "mobile_api", + "port": 31049 + }, + "tags": { + "ecosystem": "prod", + "habitat": "uswest1bprod", + "http.route": "/location/update/v4", + "http.uri": "/location/update/v4", + "http.uri.qs": "/location/update/v4", + "region": "uswest1-prod", + "response_status_code": "200", + "version_SHA": "6535284b1699df0a766384a648dc95c462a7313d" + }, + "shared": true + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "2e8cfb154b59a41f", + "id": "f5f268651b2a2b34", + "kind": "CLIENT", + "name": "post", + "timestamp": 1571896375287000, + "duration": 56000, + "localEndpoint": { + "serviceName": "yelp-main" + }, + "remoteEndpoint": { + "serviceName": "mobile_api", + "port": 31049 + }, + "tags": { + "client_status_code": "200", + "http.uri.client": "/location/update/v4", + "request_budget": "10003", + "tracer": "syslog2scribe.haproxy-synapse" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "241cea1aa4cb2884", + "id": "0facde7c9130fd93", + "kind": "CLIENT", + "name": "get_multi my_cache_name_v1", + "timestamp": 1571896375272125, + "duration": 233, + "localEndpoint": { + "serviceName": "yelp-main", + "port": 31523 + }, + "remoteEndpoint": { + "serviceName": "memcache" + }, + "tags": { + "driver": "core_memcache", + "hits": "1", + "method": "get_multi", + "requests": "1" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "241cea1aa4cb2884", + "id": "50b57281525a99d8", + "kind": "CLIENT", + "name": "commit", + "timestamp": 1571896375272604, + "duration": 374, + "localEndpoint": { + "serviceName": "yelp-main", + "port": 31523 + }, + "remoteEndpoint": { + "serviceName": "mysql" + }, + "tags": { + "query": "COMMIT" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "241cea1aa4cb2884", + "id": "2b68987704862c4f", + "kind": "CLIENT", + "name": "get user_details_cache-20150901", + "timestamp": 1571896375270438, + "duration": 1068, + "localEndpoint": { + "serviceName": "yelp-main", + "port": 31523 + }, + "remoteEndpoint": { + "serviceName": "memcache" + }, + "tags": { + "driver": "core_memcache", + "hits": "1", + "method": "get", + "requests": "1" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "668ed78ad94b35a1", + "id": "241cea1aa4cb2884", + "name": "txn: user_get_basic_and_scout_info", + "timestamp": 1571896375269210, + "duration": 3884, + "localEndpoint": { + "serviceName": "yelp-main", + "port": 31523 + }, + "tags": { + "calling_method": "src/logic/db/user.py:1234:get_user" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "241cea1aa4cb2884", + "id": "b593cd7513dc736e", + "kind": "CLIENT", + "name": "begin", + "timestamp": 1571896375269732, + "duration": 445, + "localEndpoint": { + "serviceName": "yelp-main", + "port": 31523 + }, + "remoteEndpoint": { + "serviceName": "mysql" + }, + "tags": { + "query": "************" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "668ed78ad94b35a1", + "id": "e7d1a2d5a788ac81", + "kind": "CLIENT", + "name": "get my_cache_name_v2", + "timestamp": 1571896375268015, + "duration": 993, + "localEndpoint": { + "serviceName": "yelp-main", + "port": 31523 + }, + "remoteEndpoint": { + "serviceName": "memcache" + }, + "tags": { + "driver": "core_memcache", + "hits": "1", + "method": "get", + "requests": "1" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "2e8cfb154b59a41f", + "id": "668ed78ad94b35a1", + "kind": "SERVER", + "name": "post api proxy proxy", + "timestamp": 1571896375264995, + "duration": 88935, + "localEndpoint": { + "serviceName": "yelp_main/api_proxy", + "port": 31523 + }, + "annotations": [ + { + "timestamp": 1571896375355436, + "value": "py_zipkin.logging_end" + } + ], + "tags": { + "cprofile_enabled": "False", + "datacenter": "us-west-1", + "ecosystem": "prod", + "habitat": "uswest1aprod", + "host": "", + "http.route": "/*path", + "http.uri": "/location/update/v4", + "http.uri.qs": "/location/update/v4", + "locale": "en_US", + "logged_in": "False", + "natural": "False", + "owner_email": "", + "paasta": "True", + "region": "uswest1-prod", + "request_budget": "10003", + "request_budget_soft": "5003", + "response_status_code": "200", + "servlet": "proxy", + "servlet_action": "proxy", + "site": "api", + "version_SHA": "5e83958d2c" + }, + "shared": true + }, + { + "traceId": "a03ee8fff1dcd9b9", + "parentId": "2e8cfb154b59a41f", + "id": "668ed78ad94b35a1", + "kind": "CLIENT", + "name": "post", + "timestamp": 1571896375239000, + "duration": 125000, + "localEndpoint": { + "serviceName": "unknown" + }, + "remoteEndpoint": { + "serviceName": "yelp-main.mobile_api", + "port": 31523 + }, + "tags": { + "client_status_code": "200", + "http.uri.client": "/location/update/v4", + "request_budget": "10003", + "tracer": "syslog2scribe.envoy" + } + }, + { + "traceId": "a03ee8fff1dcd9b9", + "id": "2e8cfb154b59a41f", + "kind": "SERVER", + "name": "post /location/update/v4", + "timestamp": 1571896375237354, + "duration": 131848, + "localEndpoint": { + "serviceName": "routing" + }, + "tags": { + "ecosystem": "prod", + "habitat": "uswest1aprod", + "http.uri.client": "/location/update/v4", + "region": "uswest1-prod", + "response_status_code": "200" + }, + "shared": true + } + ] diff --git a/.vib/zipkin/vib-publish.json b/.vib/zipkin/vib-publish.json new file mode 100644 index 00000000000000..34aba8e27d95f9 --- /dev/null +++ b/.vib/zipkin/vib-publish.json @@ -0,0 +1,38 @@ +{ + "phases": { + "package": { + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "/bitnami/zipkin" + } + }, + "actions": [ + { + "action_id": "helm-package" + }, + { + "action_id": "helm-lint" + } + ] + }, + "publish": { + "actions": [ + { + "action_id": "helm-publish", + "params": { + "repository": { + "kind": "S3", + "url": "{VIB_ENV_S3_URL}", + "authn": { + "access_key_id": "{VIB_ENV_S3_ACCESS_KEY_ID}", + "secret_access_key": "{VIB_ENV_S3_SECRET_ACCESS_KEY}", + "role": "{VIB_ENV_S3_ROLE_ARN}" + } + } + } + } + ] + } + } +} diff --git a/.vib/zipkin/vib-verify.json b/.vib/zipkin/vib-verify.json new file mode 100644 index 00000000000000..9f6c8dc64762bc --- /dev/null +++ b/.vib/zipkin/vib-verify.json @@ -0,0 +1,67 @@ +{ + "phases": { + "package": { + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "/bitnami/zipkin" + } + }, + "actions": [ + { + "action_id": "helm-package" + }, + { + "action_id": "helm-lint" + } + ] + }, + "verify": { + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "/bitnami/zipkin" + }, + "target_platform": { + "target_platform_id": "{VIB_ENV_TARGET_PLATFORM}", + "size": { + "name": "L4" + } + } + }, + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "zipkin/goss/goss.yaml", + "vars_file": "zipkin/runtime-parameters.yaml", + "remote": { + "pod": { + "workload": "deploy-zipkin" + } + } + } + }, + { + "action_id": "cypress", + "params": { + "resources": { + "path": "/.vib/zipkin/cypress" + }, + "endpoint": "lb-zipkin-http", + "app_protocol": "HTTP" + } + }, + { + "action_id": "kubescape", + "params": { + "threshold": {VIB_ENV_KUBESCAPE_SCORE_THRESHOLD} + } + } + ] + } + } +} diff --git a/bitnami/zipkin/.helmignore b/bitnami/zipkin/.helmignore new file mode 100644 index 00000000000000..a0a332a53c8243 --- /dev/null +++ b/bitnami/zipkin/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Changelog +CHANGELOG.md diff --git a/bitnami/zipkin/CHANGELOG.md b/bitnami/zipkin/CHANGELOG.md new file mode 100644 index 00000000000000..ead76d12070852 --- /dev/null +++ b/bitnami/zipkin/CHANGELOG.md @@ -0,0 +1,5 @@ +# Changelog + +## 0.1.0 (2024-09-05) + +* [bitnami/zipkin] feat: :tada: Add chart ([#29199](https://github.com/bitnami/charts/pull/29199)) diff --git a/bitnami/zipkin/Chart.lock b/bitnami/zipkin/Chart.lock new file mode 100644 index 00000000000000..b843733b789cfd --- /dev/null +++ b/bitnami/zipkin/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: cassandra + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.4.2 +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.22.0 +digest: sha256:c8d61aa6b63cd51f1c82abdf4f74ca2e4201a3eea8ff457bf00d8e5c4eaca7bd +generated: "2024-09-05T16:57:10.917672664+02:00" diff --git a/bitnami/zipkin/Chart.yaml b/bitnami/zipkin/Chart.yaml new file mode 100644 index 00000000000000..6eda695be729f1 --- /dev/null +++ b/bitnami/zipkin/Chart.yaml @@ -0,0 +1,38 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + category: Database + licenses: Apache-2.0 + images: | + - name: zipkin + image: docker.io/bitnami/zipkin:3.4.1-debian-12-r0 + - name: cassandra + image: docker.io/bitnami/cassandra:4.1.6-debian-12-r3 +apiVersion: v2 +appVersion: 3.4.1 +dependencies: +- condition: cassandra.enabled + name: cassandra + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.x.x +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: Zipkin is a distributed tracing system that helps collect and analyze timing data to troubleshoot latency issues in service architectures, providing visibility into service call performance. +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/zipkin/img/zipkin-stack-220x234.png +keywords: +- zipkin +- tracing +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: zipkin +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/zipkin +- https://github.com/bitnami/containers/tree/main/bitnami/zipkin +- https://github.com/openzipkin/zipkin +version: 0.1.0 diff --git a/bitnami/zipkin/README.md b/bitnami/zipkin/README.md new file mode 100644 index 00000000000000..c702e62e8b0aa6 --- /dev/null +++ b/bitnami/zipkin/README.md @@ -0,0 +1,633 @@ + + +# Bitnami package for Zipkin + + Zipkin is a distributed tracing system that helps collect and analyze timing data to troubleshoot latency issues in service architectures, providing visibility into service call performance. + +[Overview of zipkin](https://zipkin.io/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/zipkin +``` + +Looking to use Zipkin in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart bootstraps a [zipkin](https://github.com/bitnami/containers/tree/main/bitnami/zipkin) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zipkin +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploys zipkin on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Zipkin application properties + +The chart supports setting zipkin [environment variables](https://github.com/openzipkin/zipkin/blob/master/zipkin-server/README.md#configuration) via two parameters: + +- `configOverrides`: Overrides non-sensitive application properties, such as `QUERY_TIMEOUT`. +- `secretConfigOverrides`: Overrides sensitive application properties, such as `MYSQL_PASSWORD`. + +In the following example, we use `configOverrides` to disable the zipkin UI: + +```yaml +configOverrides: + UI_ENABLED: false +``` + +Alternatively, it is possible to use an external configmap and an external secret for this configuration: `existingConfigmap` and `existingSecret`. + +> NOTE: Configuration overrides take precedence over the chart values. For example, setting `QUERY_PORT` via `configOverrides` leaves the `containerPorts.http` without effect. + +### Using collectors + +The Bitnami Zipkin image includes all the [available collectors](https://github.com/openzipkin/zipkin/tree/master/zipkin-collector). These can be configured using the `configOverrides` and `secretConfigOverrides` values. By default, it is using the HTTP collector endpoint. + +In the examples below, we enable other collectors: + +#### Using Bitnami RabbitMQ helm chart as collector + +In the following example we will install the Bitnami RabbitMQ helm chart and [configure zipkin](https://github.com/openzipkin/zipkin/tree/master/zipkin-collector/rabbitmq) to use it as storage. Replace the RABBITMQ_USER and RABBITMQ_PASSWORD placeholders. + +```bash +helm install rabbitmq oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq --set auth.username=RABBITMQ_USER --set auth.password=RABBITMQ_PASSWORD +``` + +Then install the zipkin helm chart with the following values: + +```yaml +# +# Example with RabbitMQ +# +# This section goes to a ConfigMap +configOverrides: + RABBIT_ADDRESSES: rabbitmq + RABBIT_USER: RABBITMQ_USER +# This section goes to a Secret +secretConfigOverrides: + RABBIT_PASSWORD: RABBITMQ_PASSWORD +``` + +#### Using Bitnami Kafka helm chart as collector + +In the following example we will install the Bitnami Kafka helm chart and [configure zipkin](https://github.com/openzipkin/zipkin/tree/master/zipkin-collector/kafka) to use it as storage. + +```bash +helm install kafka oci://REGISTRY_NAME/REPOSITORY_NAME/kafka +``` + +Then install the zipkin helm chart with the following values: + +```yaml +# +# Example with RabbitMQ +# +# This section goes to a ConfigMap +configOverrides: + COLLECTOR_KAFKA_ENABLED: true + KAFKA_BOOTSTRAP_SERVERS: kafka:9092 +``` + +### Supported storage types + +This chart natively supports the following storage methods: + +- Cassandra: Set `storageType=cassandra3`. If using embedded Cassandra subchart set `cassandra.enabled=true`. If using an external Cassandra set the `cassandra.enabled=false` and the `externalDatabase` section (see corresponding section). +- In memory storage: Set `storageType=mem`. + +It is possible to configure the rest of storage backends by setting `storageType=other`, and using the `configOverrides` and `secretConfigOverrides` values. Set the proper [environment variables](https://github.com/openzipkin/zipkin/blob/master/zipkin-server/README.md#configuration). In the following sections we show two examples: + +#### Using Bitnami Elasticsearch helm chart as storage + +In the following example we will install the Bitnami Elasticsearch helm chart and configure zipkin to use it as storage. + +```bash +helm install elasticsearch oci://REGISTRY_NAME/REPOSITORY_NAME/elasticsearch +``` + +Then install the zipkin helm chart with the following values: + +```yaml +# +# Example with Elasticsearch +# +storageType: other +# This section goes to a ConfigMap +configOverrides: + STORAGE_TYPE: elasticsearch + ES_HOSTS: http://elasticsearch:9200 +cassandra: + enabled: false +``` + +#### Using Bitnami MySQL helm chart as storage + +In the following example we will install the Bitnami MySQL helm chart and configure zipkin to use it as storage. Replace the DB_USER, DB_DATABASE and DB_PASSWORD placeholders. + +```bash +helm install mysql oci://REGISTRY_NAME/REPOSITORY_NAME/mysql --set auth.usernames=DB_USER --set auth.password=DB_PASSWORD --set auth.database=DB_DATABASE +``` + +Then install the zipkin helm chart with the following values: + +```yaml +# +# Example with MongoDB +# +storageType: other +# This section goes to a ConfigMap +configOverrides: + STORAGE_TYPE: mysql + MYSQL_DB: DB_DATABASE + MYSQL_HOST: mysql + MYSQL_TCP_PORT: 3306 + MYSQL_USER: DB_USER +# This section goes to a Secret +secretConfigOverrides: + MYSQL_PASSWORD: DB_PASSWORD +cassandra: + enabled: false +``` + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as zipkin (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + server: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +### Deploying extra resources + +There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +### Configure Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### Configure TLS Secrets for use with Ingress + +This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases: + +- Generate certificate secrets based on chart parameters. +- Enable externally generated certificates. +- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)). +- Create self-signed certificates within the chart (if supported). + +In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format. + +Here is an example of a certificate file: + +> NOTE: There may be more than one certificate if there is a certificate chain. + +```text +-----BEGIN CERTIFICATE----- +MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +... +jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 +-----END CERTIFICATE----- +``` + +Here is an example of a certificate key: + +```text +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 +... +wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= +-----END RSA PRIVATE KEY----- +``` + +- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` entry. +- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` parameter). +- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager. +- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` to `true`. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.name | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | +| `configOverrides` | Overwrite or add extra configuration options to the chart default | `{}` | +| `secretConfigOverrides` | Overwrite or add extra configuration options to the chart default (these will be added in a secret) | `{}` | +| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for zipkin | `""` | +| `existingSecret` | The name of an existing Secret with your custom sensitive configuration for zipkin | `""` | +| `javaOpts` | Set extra Java Options when launching zipkin | `""` | +| `image.registry` | zipkin image registry | `REGISTRY_NAME` | +| `image.repository` | zipkin image repository | `REPOSITORY_NAME/zipkin` | +| `image.digest` | zipkin image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `image.pullPolicy` | zipkin image pull policy | `IfNotPresent` | +| `image.pullSecrets` | zipkin image pull secrets | `[]` | +| `image.debug` | Enable zipkin image debug mode | `false` | +| `replicaCount` | Number of zipkin replicas to deploy | `1` | +| `containerPorts.http` | zipkin http server container port | `9411` | +| `extraContainerPorts` | Optionally specify extra list of additional container ports | `[]` | +| `deploymentLabels` | Add extra labels to the Deployment object | `{}` | +| `deploymentAnnotations` | Add extra annotations to the Deployment object | `{}` | +| `logLevel` | Set application log level | `INFO` | +| `usePasswordFile` | Mount all sensitive information as files | `true` | +| `storageType` | Set version store type. The chart natively supports cassandra3, mem or other. Any other type requires you to add the configuration in configOverrides and secretConfigOverrides. | `cassandra3` | +| `tls.enabled` | Enable TLS | `false` | +| `tls.usePemCerts` | Use certificates in .pem format | `true` | +| `tls.existingSecret` | Name of a secret containing the certificate files | `""` | +| `tls.certFilename` | Filename inside the secret of the .crt file (when usePemCerts=true) | `tls.crt` | +| `tls.certKeyFilename` | Filename inside the secret of the .key file (when usePemCerts=true) | `tls.key` | +| `tls.keystoreFilename` | Filename inside the secret of the .jks file (when usePemCerts=false) | `zipkin.jks` | +| `tls.password` | Password of the Java keystore | `""` | +| `tls.passwordSecret` | Name of a secret containing the password of the Java keystore | `""` | +| `tls.autoGenerated.enabled` | Enable automatic generation of certificates for TLS | `true` | +| `tls.autoGenerated.engine` | Mechanism to generate the certificates (allowed values: helm, cert-manager) | `helm` | +| `tls.autoGenerated.certManager.existingIssuer` | The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine) | `""` | +| `tls.autoGenerated.certManager.existingIssuerKind` | Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine) | `""` | +| `tls.autoGenerated.certManager.keyAlgorithm` | Key algorithm for the certificates (only for `cert-manager` engine) | `RSA` | +| `tls.autoGenerated.certManager.keySize` | Key size for the certificates (only for `cert-manager` engine) | `2048` | +| `tls.autoGenerated.certManager.duration` | Duration for the certificates (only for `cert-manager` engine) | `2160h` | +| `tls.autoGenerated.certManager.renewBefore` | Renewal period for the certificates (only for `cert-manager` engine) | `360h` | +| `livenessProbe.enabled` | Enable livenessProbe on zipkin containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on zipkin containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on zipkin containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `90` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (secondary.resources is recommended for production). | `small` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `podSecurityContext.enabled` | Enable security context for zipkin pods | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `containerSecurityContext.enabled` | zipkin container securityContext | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | User ID for the zipkin container | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID for the zipkin container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `hostAliases` | zipkin pods host aliases | `[]` | +| `annotations` | Annotations for zipkin deployment/statefulset | `{}` | +| `podLabels` | Extra labels for zipkin pods | `{}` | +| `podAnnotations` | Annotations for zipkin pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for zipkin pods assignment | `{}` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `nodeSelector` | Node labels for zipkin pods assignment | `{}` | +| `tolerations` | Tolerations for zipkin pods assignment | `[]` | +| `updateStrategy.type` | zipkin strategy type | `RollingUpdate` | +| `priorityClassName` | zipkin pods' priorityClassName | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `schedulerName` | Name of the k8s scheduler (other than default) for zipkin pods | `""` | +| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `lifecycleHooks` | for the zipkin container(s) to automate configuration before or after startup | `{}` | +| `extraEnvVars` | Array with extra environment variables to add to zipkin nodes | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for zipkin nodes | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for zipkin nodes | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the zipkin pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the zipkin container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the zipkin pod(s) | `[]` | +| `initContainers` | Add additional init containers to the zipkin pod(s) | `[]` | + +### Autoscaling + +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------------------------------------------------- | ------- | +| `autoscaling.vpa.enabled` | Enable VPA | `false` | +| `autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | + +### VPA update policy + +| Name | Description | Value | +| ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` | +| `autoscaling.hpa.enabled` | Enable HPA | `false` | +| `autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | zipkin service type | `ClusterIP` | +| `service.ports.http` | zipkin service http port | `9411` | +| `service.nodePorts.http` | Node port for Gremlin | `""` | +| `service.clusterIP` | zipkin service Cluster IP | `""` | +| `service.loadBalancerIP` | zipkin service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | zipkin service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | zipkin service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for zipkin service | `{}` | +| `service.extraPorts` | Extra ports to expose in zipkin service (normally used with the `sidecars` value) | `[]` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress resource | `zipkin.local` | +| `ingress.path` | The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.ingressClassName` | Set the ingerssClassName on the ingress record for k8s 1.18+ | `""` | +| `ingress.tls` | Create TLS Secret | `false` | +| `ingress.tlsWwwPrefix` | Adds www subdomain to default cert | `false` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.extraRules` | The list of additional rules to be added to this ingress record. Evaluated as a template | `[]` | + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | + +### Default Init Container Parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | +| `defaultInitContainers.waitForCassandra.enabled` | Enable init container that waits for backends to be ready | `true` | +| `defaultInitContainers.waitForCassandra.image.registry` | Cassandra image registry | `REGISTRY_NAME` | +| `defaultInitContainers.waitForCassandra.image.repository` | Cassandra image repository | `REPOSITORY_NAME/cassandra` | +| `defaultInitContainers.waitForCassandra.image.pullPolicy` | Cassandra image pull policy | `IfNotPresent` | +| `defaultInitContainers.waitForCassandra.image.pullSecrets` | Cassandra image pull secrets | `[]` | +| `defaultInitContainers.waitForCassandra.image.debug` | Enable debug output | `false` | +| `defaultInitContainers.waitForCassandra.resourcesPreset` | Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | +| `defaultInitContainers.waitForCassandra.resources` | Set init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.enabled` | Enabled Init container' Security Context | `true` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.seLinuxOptions` | Set SELinux options in Init container | `{}` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.runAsUser` | Set runAsUser in Init container' Security Context | `1001` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.runAsGroup` | Set runAsGroup in Init container' Security Context | `1001` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Init container' Security Context | `true` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Init container' Security Context | `true` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.privileged` | Set privileged in Init container' Security Context | `false` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Init container' Security Context | `false` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Init container | `["ALL"]` | +| `defaultInitContainers.waitForCassandra.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Init container | `RuntimeDefault` | +| `defaultInitContainers.initCerts.enabled` | Enable init container that initializes the Java keystore with the TLS certificates (requires tls.enabled=true) | `true` | +| `defaultInitContainers.initCerts.resourcesPreset` | Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | +| `defaultInitContainers.initCerts.resources` | Set init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultInitContainers.initCerts.containerSecurityContext.enabled` | Enabled Init container' Security Context | `true` | +| `defaultInitContainers.initCerts.containerSecurityContext.seLinuxOptions` | Set SELinux options in Init container | `{}` | +| `defaultInitContainers.initCerts.containerSecurityContext.runAsUser` | Set runAsUser in Init container' Security Context | `1001` | +| `defaultInitContainers.initCerts.containerSecurityContext.runAsGroup` | Set runAsGroup in Init container' Security Context | `1001` | +| `defaultInitContainers.initCerts.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Init container' Security Context | `true` | +| `defaultInitContainers.initCerts.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Init container' Security Context | `true` | +| `defaultInitContainers.initCerts.containerSecurityContext.privileged` | Set privileged in Init container' Security Context | `false` | +| `defaultInitContainers.initCerts.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Init container' Security Context | `false` | +| `defaultInitContainers.initCerts.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Init container | `["ALL"]` | +| `defaultInitContainers.initCerts.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Init container | `RuntimeDefault` | + +### NetworkPolicy parameters + +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------- | ------ | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### Metrics parameters + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------- | ------- | +| `metrics.enabled` | Enable metrics | `false` | +| `metrics.annotations` | Annotations for the server service in order to scrape metrics | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.annotations` | Annotations for the ServiceMonitor Resource | `""` | +| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | + +### Database parameters + +| Name | Description | Value | +| -------------------------------------------- | ----------------------------------------------------------------------- | ---------------- | +| `externalDatabase.host` | External database host | `""` | +| `externalDatabase.port` | External database port | `9042` | +| `externalDatabase.user` | Cassandra admin user | `bn_zipkin` | +| `externalDatabase.password` | Password for `dbUser.user`. Randomly generated if empty | `""` | +| `externalDatabase.existingSecret` | Name of existing secret containing the database secret | `""` | +| `externalDatabase.existingSecretPasswordKey` | Name of existing secret key containing the database password secret key | `""` | +| `externalDatabase.cluster.datacenter` | Name for cassandra's zipkin datacenter | `datacenter1` | +| `externalDatabase.keyspace` | Name for cassandra's zipkin keyspace | `bitnami_zipkin` | + +### Cassandra storage sub-chart + +| Name | Description | Value | +| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `cassandra.enabled` | Enables cassandra storage pod | `true` | +| `cassandra.cluster.datacenter` | Name for cassandra's zipkin datacenter | `datacenter1` | +| `cassandra.keyspace` | Name for cassandra's zipkin keyspace | `bitnami_zipkin` | +| `cassandra.dbUser.user` | Cassandra admin user | `bn_zipkin` | +| `cassandra.dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` | +| `cassandra.dbUser.existingSecret` | Name of an existing secret containing the user password. | `""` | +| `cassandra.service.ports.cql` | Cassandra cql port | `9042` | +| `cassandra.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `medium` | +| `cassandra.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `cassandra.initDB` | Init script for initializing the instance | `{}` | +| `cassandra.extraEnvVars` | Add extra env variables to the Cassandra installation | `[]` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + oci://REGISTRY_NAME/REPOSITORY_NAME/zipkin +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/zipkin +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/zipkin/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/bitnami/zipkin/templates/NOTES.txt b/bitnami/zipkin/templates/NOTES.txt new file mode 100644 index 00000000000000..14a81ee12b84fd --- /dev/null +++ b/bitnami/zipkin/templates/NOTES.txt @@ -0,0 +1,55 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + start-zipkin + +{{- else }} + +Access zipkin from within the cluster using the following URL: + + - {{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.http }} + +To access zipkin from outside the cluster follow the steps below: + +1. Get the zipkin server URL by running these commands: + +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "zipkin server available at $NODE_IP:$NODE_PORT" +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo "zipkin server available at $SERVICE_IP:{{ .Values.service.ports.http }}" +{{- else if contains "ClusterIP" .Values.service.type }} + echo "zipkin server available at 127.0.0.1:9411" + kubectl port-forward svc/{{ include "common.names.fullname" . }} 9411:{{ .Values.service.ports.http }} & +{{- end }} + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.defaultInitContainers.waitForCassandra.image }} +{{- include "zipkin.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "" "defaultInitContainers.waitForCassandra" "defaultInitContainers.initCerts") "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.defaultInitContainers.waitForCassandra.image) "context" $) }} \ No newline at end of file diff --git a/bitnami/zipkin/templates/_helpers.tpl b/bitnami/zipkin/templates/_helpers.tpl new file mode 100644 index 00000000000000..ab0cd9534e4a51 --- /dev/null +++ b/bitnami/zipkin/templates/_helpers.tpl @@ -0,0 +1,254 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Return the proper zipkin image name +*/}} +{{- define "zipkin.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the wait init container) +*/}} +{{- define "zipkin.init-containers.wait.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.defaultInitContainers.waitForCassandra.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "zipkin.imagePullSecrets" -}} +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.defaultInitContainers.waitForCassandra.image) "context" $) -}} +{{- end -}} + +{{/* +Create the cassandra host +*/}} +{{- define "zipkin.cassandra.host" -}} + {{- if not .Values.cassandra.enabled -}} + {{- .Values.externalDatabase.host | quote -}} + {{- else -}} + {{- include "common.names.dependency.fullname" (dict "chartName" "cassandra" "chartValues" .Values.cassandra "context" $) -}} + {{- end }} +{{- end }} + +{{/* +Return the cassandra Port +*/}} +{{- define "zipkin.cassandra.port" -}} +{{- if .Values.cassandra.enabled }} + {{- print .Values.cassandra.service.ports.cql -}} +{{- else -}} + {{- printf "%d" (.Values.externalDatabase.port | int ) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the cassandra datacenter +*/}} +{{- define "zipkin.cassandra.datacenter" -}} +{{- if .Values.cassandra.enabled }} + {{- print .Values.cassandra.cluster.datacenter -}} +{{- else -}} + {{- print .Values.externalDatabase.cluster.datacenter -}} +{{- end -}} +{{- end -}} + +{{/* +Return the cassandra Database Name +*/}} +{{- define "zipkin.cassandra.keyspace" -}} +{{- if .Values.keyspace }} + {{- /* Inside cassandra subchart */ -}} + {{- print .Values.keyspace -}} +{{- else if .Values.cassandra.enabled }} + {{- print .Values.cassandra.keyspace -}} +{{- else -}} + {{- print .Values.externalDatabase.keyspace -}} +{{- end -}} +{{- end -}} + +{{/* +Return the cassandra User +*/}} +{{- define "zipkin.cassandra.user" -}} +{{- if .Values.cassandra.enabled }} + {{- print .Values.cassandra.dbUser.user -}} +{{- else -}} + {{- print .Values.externalDatabase.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return the cassandra Secret Name +*/}} +{{- define "zipkin.cassandra.secretName" -}} +{{- if .Values.cassandra.enabled }} + {{- if .Values.cassandra.dbUser.existingSecret -}} + {{- print (tpl .Values.cassandra.dbUser.existingSecret .) -}} + {{- else -}} + {{- print (include "zipkin.cassandra.fullname" .) -}} + {{- end -}} +{{- else if .Values.externalDatabase.existingSecret -}} + {{- print (tpl .Values.externalDatabase.existingSecret .) -}} +{{- else -}} + {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the database password key +*/}} +{{- define "zipkin.cassandra.passwordKey" -}} +{{- if .Values.cassandra.enabled -}} + {{- print "cassandra-password" -}} +{{- else -}} + {{- print .Values.externalDatabase.existingSecretPasswordKey -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "zipkin.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Extra configuration ConfigMap name +*/}} +{{- define "zipkin.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- tpl .Values.existingConfigmap $ -}} +{{- else -}} + {{- include "common.names.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Default configuration Secret name +*/}} +{{- define "zipkin.secretName" -}} +{{- if .Values.existingSecret -}} + {{- tpl .Values.existingSecret $ -}} +{{- else -}} + {{- include "common.names.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "zipkin.tls.createSecret" -}} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated.enabled (not .Values.tls.existingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the TLS credentials secret +*/}} +{{- define "zipkin.tls.secretName" -}} +{{- if .Values.tls.existingSecret -}} + {{- print (tpl .Values.tls.existingSecret $) -}} +{{- else -}} + {{- printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the JKS password secret name +*/}} +{{- define "zipkin.tls.passwordSecretName" -}} +{{- $secretName := .Values.tls.passwordSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-tls-pass" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified cassandra name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "zipkin.cassandra.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "cassandra" "chartValues" .Values.cassandra "context" $) -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "zipkin.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "zipkin.validateValues.cassandra" .) -}} +{{- $messages := append $messages (include "zipkin.validateValues.extraVolumes" .) -}} +{{- $messages := append $messages (include "zipkin.validateValues.tls" .) -}} +{{- $messages := append $messages (include "zipkin.validateValues.storage" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of zipkin - At least one storage backend is enabled +*/}} +{{- define "zipkin.validateValues.cassandra" -}} +{{- if and (eq .Values.storageType "cassandra3") (not .Values.cassandra.enabled) (not .Values.externalDatabase.host) -}} +zipkin: cassandra + Storage type is set to cassandra3 but database is not configured. Please set cassandra.enabled=true or configure the externalDatabase section. +{{- end -}} +{{- end -}} + +{{/* Validate values of zipkin - Incorrect extra volume settings */}} +{{- define "zipkin.validateValues.extraVolumes" -}} +{{- if and .Values.extraVolumes (not .Values.extraVolumeMounts) -}} +zipkin: missing-extra-volume-mounts + You specified extra volumes but not mount points for them. Please set + the extraVolumeMounts value +{{- end -}} +{{- end -}} + +{{/* +Validate values of zipkin - TLS +*/}} +{{- define "zipkin.validateValues.tls" -}} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated.enabled -}} +{{- if or (not (empty .Values.tls.certFilename)) (not (empty .Values.tls.certKeyFilename)) -}} +zipkin: tls.autoGenerated + When enabling auto-generated TLS certificates, all certificate and key fields must be empty. + Please disable auto-generated TLS certificates (--set tls.autoGenerated.enabled=false) or + remove the certificate and key fields. +{{- end -}} +{{- if .Values.tls.existingSecret -}} +zipkin: tls.autoGenerated + When enabling auto-generated TLS certificates, all existing secret fields must be empty. + Please disable auto-generated TLS certificates (--set tls.autoGenerated.enabled=false) or + remove the existing secret fields. +{{- end -}} +{{- if and (ne .Values.tls.autoGenerated.engine "helm") (ne .Values.tls.autoGenerated.engine "cert-manager") -}} +zipkin: tls.autoGenerated.engine + Invalid mechanism to generate the TLS certificates selected. Valid values are "helm" and + "cert-manager". Please set a valid one (--set tls.autoGenerated.engine="xxx") +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of zipkin - storage is properly configured */}} +{{- define "zipkin.validateValues.storage" -}} +{{- $allowedValues := list "cassandra3" "mem" "other" -}} +{{- if not (has .Values.storageType $allowedValues) -}} +dremio: dist-storage + Allowed values for `storageType` are {{ join "," $allowedValues }}. +{{- end -}} +{{- end -}} diff --git a/bitnami/zipkin/templates/_init_containers.tpl b/bitnami/zipkin/templates/_init_containers.tpl new file mode 100644 index 00000000000000..8f9b456a67df24 --- /dev/null +++ b/bitnami/zipkin/templates/_init_containers.tpl @@ -0,0 +1,140 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Init container definition for waiting for the database to be ready +*/}} +{{- define "zipkin.init-containers.wait-for-cassandra" -}} +- name: wait-for-cassandra + image: {{ include "zipkin.init-containers.wait.image" . }} + imagePullPolicy: {{ .Values.defaultInitContainers.waitForCassandra.image.pullPolicy }} + {{- if .Values.defaultInitContainers.waitForCassandra.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defaultInitContainers.waitForCassandra.containerSecurityContext "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.defaultInitContainers.waitForCassandra.resources }} + resources: {{- toYaml .Values.defaultInitContainers.waitForCassandra.resources | nindent 4 }} + {{- else if ne .Values.defaultInitContainers.waitForCassandra.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defaultInitContainers.waitForCassandra.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - bash + args: + - -ec + - | + + set -o errexit + set -o nounset + set -o pipefail + + . /opt/bitnami/scripts/libos.sh + + check_cassandra_keyspace_schema() { + echo "SELECT 1" | cqlsh -u $CASSANDRA_USERNAME -p $CASSANDRA_PASSWORD -e "SELECT keyspace_name FROM system_schema.keyspaces WHERE keyspace_name='${CASSANDRA_KEYSPACE}';" + } + + info "Connecting to the Cassandra instance $CQLSH_HOST:$CQLSH_PORT" + if ! retry_while "check_cassandra_keyspace_schema" 12 30; then + error "Could not connect to the database server" + exit 1 + else + info "Connection check success" + fi + env: + - name: CQLSH_HOST + value: {{ include "zipkin.cassandra.host" . }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.defaultInitContainers.waitForCassandra.image.debug | quote }} + - name: CQLSH_PORT + value: {{ include "zipkin.cassandra.port" . | quote }} + - name: CASSANDRA_USERNAME + value: {{ include "zipkin.cassandra.user" . | quote }} + - name: CASSANDRA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "zipkin.cassandra.secretName" . }} + key: {{ include "zipkin.cassandra.passwordKey" . }} + - name: CASSANDRA_KEYSPACE + value: {{ include "zipkin.cassandra.user" . }} +{{- end -}} + +{{/* +Init container definition for initializing the TLS certificates +*/}} +{{- define "zipkin.init-containers.init-certs" -}} +- name: init-certs + image: {{ include "zipkin.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.defaultInitContainers.initCerts.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defaultInitContainers.initCerts.containerSecurityContext "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.defaultInitContainers.initCerts.resources }} + resources: {{- toYaml .Values.defaultInitContainers.initCerts.resources | nindent 4 }} + {{- else if ne .Values.defaultInitContainers.initCerts.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defaultInitContainers.initCerts.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - bash + args: + - -ec + - | + set -e + {{- if .Values.usePasswordFile }} + # We need to load all the secret env vars to the system + for file in $(find /bitnami/zipkin/secrets -type f); do + env_var_name="$(basename $file)" + echo "Exporting $env_var_name" + export $env_var_name="$(< $file)" + done + {{- end }} + {{- if .Values.tls.usePemCerts }} + if [[ -f "/certs/tls.key" ]] && [[ -f "/certs/tls.crt" ]]; then + openssl pkcs12 -export -in "/certs/tls.crt" \ + -passout pass:"${ARMERIA_SSL_KEY_STORE_PASSWORD}" \ + -inkey "/certs/tls.key" \ + -out "/tmp/keystore.p12" + keytool -importkeystore -srckeystore "/tmp/keystore.p12" \ + -srcstoretype PKCS12 \ + -srcstorepass "${ARMERIA_SSL_KEY_STORE_PASSWORD}" \ + -deststorepass "${ARMERIA_SSL_KEY_STORE_PASSWORD}" \ + -destkeystore "/opt/bitnami/zipkin/certs/zipkin.jks" + rm "/tmp/keystore.p12" + else + echo "Couldn't find the expected PEM certificates! They are mandatory when encryption via TLS is enabled." + exit 1 + fi + {{- else }} + if [[ -f "/certs/zipkin.jks" ]]; then + cp "/certs/zipkin.jks" "/opt/bitnami/zipkin/certs/zipkin.jks" + else + echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled." + exit 1 + fi + {{- end }} + env: + {{- if not .Values.usePasswordFile }} + {{- if or .Values.tls.passwordSecret .Values.tls.password .Values.tls.autoGenerated.enabled .Values.tls.usePemCerts }} + - name: ZIPKIN_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "zipkin.tls.passwordSecretName" . }} + key: keystore-password + {{- end }} + {{- end }} + volumeMounts: + - name: input-tls-certs + mountPath: /certs + - name: empty-dir + mountPath: /opt/bitnami/zipkin/certs + subPath: app-processed-certs-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.usePasswordFile }} + {{- if or .Values.tls.passwordSecret .Values.tls.password .Values.tls.autoGenerated.enabled .Values.tls.usePemCerts }} + - name: keystore-password + mountPath: /bitnami/zipkin/secrets/keystore-password + {{- end }} + {{- end }} +{{- end -}} diff --git a/bitnami/zipkin/templates/ca-cert.yaml b/bitnami/zipkin/templates/ca-cert.yaml new file mode 100644 index 00000000000000..07a6335ff1c6b7 --- /dev/null +++ b/bitnami/zipkin/templates/ca-cert.yaml @@ -0,0 +1,56 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.tls.enabled .Values.tls.autoGenerated.enabled (eq .Values.tls.autoGenerated.engine "cert-manager") }} +{{- if empty .Values.tls.autoGenerated.certManager.existingIssuer }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ printf "%s-clusterissuer" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selfSigned: {} +--- +{{- end }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: zipkin + app.kubernetes.io/component: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }} + commonName: {{ printf "%s-ca" (include "common.names.fullname" .) }} + isCA: true + issuerRef: + name: {{ default (printf "%s-clusterissuer" (include "common.names.fullname" .)) .Values.tls.autoGenerated.certManager.existingIssuer }} + kind: {{ default "Issuer" .Values.tls.autoGenerated.certManager.existingIssuerKind }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + ca: + secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }} +{{- end }} diff --git a/bitnami/zipkin/templates/cert.yaml b/bitnami/zipkin/templates/cert.yaml new file mode 100644 index 00000000000000..56e1d40711cd9e --- /dev/null +++ b/bitnami/zipkin/templates/cert.yaml @@ -0,0 +1,40 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.tls.enabled .Values.tls.autoGenerated.enabled (eq .Values.tls.autoGenerated.engine "cert-manager") }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + secretName: {{ printf "%s-crt" (include "common.names.fullname" .) }} + commonName: {{ printf "%s.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }} + issuerRef: + name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }} + kind: Issuer + subject: + organizations: + - "zipkin" + dnsNames: + - '*.{{ include "common.names.namespace" . }}' + - '*.{{ include "common.names.namespace" . }}.svc' + - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}' + - '*.{{ include "common.names.fullname" . }}' + - '*.{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}' + - '*.{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc' + - '*.{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}' + privateKey: + algorithm: {{ .Values.tls.autoGenerated.certManager.keyAlgorithm }} + size: {{ int .Values.tls.autoGenerated.certManager.keySize }} + duration: {{ .Values.tls.autoGenerated.certManager.duration }} + renewBefore: {{ .Values.tls.autoGenerated.certManager.renewBefore }} +{{- end }} diff --git a/bitnami/zipkin/templates/configmap.yaml b/bitnami/zipkin/templates/configmap.yaml new file mode 100644 index 00000000000000..73e3c9c30a06c3 --- /dev/null +++ b/bitnami/zipkin/templates/configmap.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* Adding the helper in configmap.yaml for better readability */}} +{{- define "zipkin.config.default" -}} +{{/* Common configuration */}} +QUERY_LOG_LEVEL: {{ .Values.logLevel | quote }} +QUERY_PORT: {{ .Values.containerPorts.http | quote }} +{{/* Version store configuration */}} +{{- if eq .Values.storageType "mem" }} +STORAGE_TYPE: "mem" +{{- else if eq .Values.storageType "cassandra3" }} +STORAGE_TYPE: "cassandra3" +CASSANDRA_CONTACT_POINTS: {{ include "zipkin.cassandra.host" . }}:{{ include "zipkin.cassandra.port" . }} +CASSANDRA_USERNAME: {{ include "zipkin.cassandra.user" . | quote }} +CASSANDRA_KEYSPACE: {{ include "zipkin.cassandra.keyspace" . | quote }} +CASSANDRA_LOCAL_DC: {{ include "zipkin.cassandra.datacenter" . | quote }} +{{- end }} +{{/* TLS configuration */}} +{{- if .Values.tls.enabled }} +ARMERIA_SSL_KEY_STORE: "/bitnami/zipkin/certs/zipkin.jks" +ARMERIA_SSL_KEY_STORE_TYPE: "JKS" +ARMERIA_SSL_ENABLED: "true" +ARMERIA_PORTS_0_PORT: {{ .Values.containerPorts.http | quote }} +ARMERIA_PORTS_0_PROTOCOLS_0: "https" +{{- end }} +{{- end }} + +{{- if not .Values.existingConfigmap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- /* Convert the default configuration and extra overrides to environment variables */ -}} +{{- $defaultConfiguration := include "zipkin.config.default" . | fromYaml -}} +{{- $overrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.configOverrides "context" $) | fromYaml -}} + +{{/* Merge both maps and render the list of env vars */}} +{{- mergeOverwrite $defaultConfiguration $overrideConfiguration | toYaml | nindent 2 }} +{{- end }} diff --git a/bitnami/zipkin/templates/deployment.yaml b/bitnami/zipkin/templates/deployment.yaml new file mode 100644 index 00000000000000..c9e82fdb49c4fc --- /dev/null +++ b/bitnami/zipkin/templates/deployment.yaml @@ -0,0 +1,281 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" (list .Values.commonLabels .Values.deploymentLabels) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if or .Values.deploymentAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.deploymentAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.hpa.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + {{- if .Values.updateStrategy}} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + template: + metadata: + annotations: + {{- if not .Values.existingConfigmap }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if and (not .Values.existingSecret) .Values.secretConfigOverrides }} + checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + spec: + serviceAccountName: {{ template "zipkin.serviceAccountName" . }} + {{- include "zipkin.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "zipkin" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "zipkin" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and .Values.defaultInitContainers.waitForCassandra.enabled (eq .Values.storageType "cassandra3") }} + {{- include "zipkin.init-containers.wait-for-cassandra" . | nindent 8 }} + {{- end }} + {{- if and .Values.tls.enabled .Values.defaultInitContainers.initCerts.enabled }} + {{- include "zipkin.init-containers.init-certs" . | nindent 8 }} + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: zipkin + image: {{ include "zipkin.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- else }} + args: + - -ec + - | + {{- if .Values.usePasswordFile }} + # We need to load all the secret env vars to the system + for file in $(find /bitnami/zipkin/secrets -type f); do + env_var_name="$(basename $file)" + echo "Exporting $env_var_name" + export $env_var_name="$(< $file)" + done + {{- end }} + exec start-zipkin + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if .Values.javaOpts }} + - name: JAVA_OPTS + value: {{ .Values.javaOpts | quote }} + {{- end }} + {{- if and (eq .Values.storageType "cassandra3") (not .Values.usePasswordFile) }} + - name: CASSANDRA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "zipkin.cassandra.secretName" . }} + key: {{ include "zipkin.cassandra.passwordKey" . | quote }} + {{- end }} + {{- if not .Values.usePasswordFile }} + {{- if or .Values.tls.passwordSecret .Values.tls.password .Values.tls.autoGenerated.enabled .Values.tls.usePemCerts }} + - name: ARMERIA_SSL_KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "zipkin.tls.passwordSecretName" . }} + key: keystore-password + {{- end }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ include "zipkin.configmapName" . }} + {{- if and (not .Values.usePasswordFile) (or .Values.secretConfigOverrides .Values.existingSecret) }} + - secretRef: + name: {{ include "zipkin.secretName" . }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.resources }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: {{ ternary "https" "http" .Values.tls.enabled }} + containerPort: {{ .Values.containerPorts.http }} + {{- if .Values.extraContainerPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /info + port: {{ ternary "https" "http" .Values.tls.enabled }} + scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: {{ ternary "https" "http" .Values.tls.enabled }} + scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: {{ ternary "https" "http" .Values.tls.enabled }} + scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled }} + {{- end }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.tls.enabled }} + - name: empty-dir + mountPath: /bitnami/zipkin/certs + subPath: app-processed-certs-dir + {{- end }} + {{- if .Values.usePasswordFile }} + {{- if or .Values.tls.passwordSecret .Values.tls.password .Values.tls.autoGenerated.enabled .Values.tls.usePemCerts }} + - name: keystore-password + mountPath: /bitnami/zipkin/secrets/keystore-password + {{- end }} + {{- if (eq .Values.storageType "cassandra3") }} + - name: database-password + mountPath: /bitnami/zipkin/secrets/database + {{- end }} + {{- if (or .Values.secretConfigOverrides .Values.existingSecret) }} + - name: secret-configuration + mountPath: /bitnami/zipkin/secrets/configuration + {{- end }} + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + {{- if .Values.tls.enabled }} + - name: input-tls-certs + secret: + secretName: {{ include "zipkin.tls.secretName" . }} + items: + {{- if .Values.tls.usePemCerts }} + - key: {{ .Values.tls.certFilename }} + path: tls.crt + - key: {{ .Values.tls.certKeyFilename }} + path: tls.key + {{- else }} + - key: {{ .Values.tls.keystoreFilename }} + path: zipkin.jks + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + {{- if (eq .Values.storageType "cassandra3") }} + - name: database-password + secret: + secretName: {{ include "zipkin.cassandra.secretName" . }} + items: + - key: {{ include "zipkin.cassandra.passwordKey" . }} + path: CASSANDRA_PASSWORD + {{- end }} + {{- if (or .Values.secretConfigOverrides .Values.existingSecret) }} + - name: secret-configuration + secret: + secretName: {{ include "zipkin.secretName" . }} + {{- end }} + {{- if or .Values.tls.passwordSecret .Values.tls.password .Values.tls.autoGenerated.enabled .Values.tls.usePemCerts }} + - name: keystore-password + secret: + secretName: {{ include "zipkin.tls.passwordSecretName" . }} + items: + - key: keystore-password + path: ARMERIA_SSL_KEY_STORE_PASSWORD + {{- end }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/bitnami/zipkin/templates/externaldb-secrets.yaml b/bitnami/zipkin/templates/externaldb-secrets.yaml new file mode 100644 index 00000000000000..9a014876320489 --- /dev/null +++ b/bitnami/zipkin/templates/externaldb-secrets.yaml @@ -0,0 +1,21 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if not .Values.cassandra.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} +{{- end }} diff --git a/bitnami/zipkin/templates/extra-list.yaml b/bitnami/zipkin/templates/extra-list.yaml new file mode 100644 index 00000000000000..329f5c653a440f --- /dev/null +++ b/bitnami/zipkin/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/bitnami/zipkin/templates/hpa.yaml b/bitnami/zipkin/templates/hpa.yaml new file mode 100644 index 00000000000000..8313b02ea2abd0 --- /dev/null +++ b/bitnami/zipkin/templates/hpa.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" (dict "context" $) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "common.names.fullname" . }} + minReplicas: {{ .Values.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.hpa.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.hpa.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.hpa.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.hpa.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/zipkin/templates/ingress-tls-secret.yaml b/bitnami/zipkin/templates/ingress-tls-secret.yaml new file mode 100644 index 00000000000000..4623523f91a3e5 --- /dev/null +++ b/bitnami/zipkin/templates/ingress-tls-secret.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- else if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} +{{- $ca := genCA "zipkin-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +--- +{{- end }} +{{- end }} diff --git a/bitnami/zipkin/templates/ingress.yaml b/bitnami/zipkin/templates/ingress.yaml new file mode 100644 index 00000000000000..aae1364e0a4a88 --- /dev/null +++ b/bitnami/zipkin/templates/ingress.yaml @@ -0,0 +1,75 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" (ternary "https" "http" .Values.tls.enabled) "context" $) | nindent 14 }} + {{- else if .Values.ingress.path }} + - http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" (ternary "https" "http" .Values.tls.enabled) "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" (ternary "https" "http" .Values.tls.enabled) "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned (not (empty .Values.ingress.secrets)))) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned (not (empty .Values.ingress.secrets))) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + {{- if or (.Values.ingress.tlsWwwPrefix) (eq (index .Values.ingress.annotations "nginx.ingress.kubernetes.io/from-to-www-redirect") "true" ) }} + - {{ printf "www.%s" (tpl .Values.ingress.hostname $) | quote }} + {{- end }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/zipkin/templates/networkpolicy.yaml b/bitnami/zipkin/templates/networkpolicy.yaml new file mode 100644 index 00000000000000..18eae33b897be0 --- /dev/null +++ b/bitnami/zipkin/templates/networkpolicy.yaml @@ -0,0 +1,89 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" (list .Values.commonLabels) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if or .Values.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to Cassandra + {{- if eq .Values.storageType "cassandra3" }} + - ports: + - port: {{ include "zipkin.cassandra.port" . }} + {{- if .Values.cassandra.enabled }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: cassandra + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.http }} + {{- range .Values.extraContainerPorts }} + - port: {{ .containerPort }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/zipkin/templates/pdb.yaml b/bitnami/zipkin/templates/pdb.yaml new file mode 100644 index 00000000000000..2f6a7c51f84e7d --- /dev/null +++ b/bitnami/zipkin/templates/pdb.yaml @@ -0,0 +1,30 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if or .Values.pdb.maxUnavailable (not .Values.pdb.minAvailable) }} + maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin +{{- end }} diff --git a/bitnami/zipkin/templates/secrets.yaml b/bitnami/zipkin/templates/secrets.yaml new file mode 100644 index 00000000000000..afb4622ffcc431 --- /dev/null +++ b/bitnami/zipkin/templates/secrets.yaml @@ -0,0 +1,41 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (not .Values.existingSecret) .Values.secretConfigOverrides }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +stringData: + {{- include "common.tplvalues.render" (dict "value" .Values.secretConfigOverrides "context" $) | nindent 2 }} +{{- end }} + +{{- if and (or .Values.tls.autoGenerated.enabled .Values.tls.existingSecret) (not .Values.tls.passwordSecret) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls-pass" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.tls.existingSecret }} + {{- $pass := required "If 'tls.existingSecret' is provided, providing a JKS password is mandatory" .Values.tls.password }} + {{- end }} + keystore-password: {{ include "common.secrets.passwords.manage" (dict "secret" ( printf "%s-tls-pass" (include "common.names.fullname" .)) "key" "keystore-password" "providedValues" (list "tls.password") "context" $) }} +{{- end }} diff --git a/bitnami/zipkin/templates/service-account.yaml b/bitnami/zipkin/templates/service-account.yaml new file mode 100644 index 00000000000000..2805edaf01dbdb --- /dev/null +++ b/bitnami/zipkin/templates/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "zipkin.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/bitnami/zipkin/templates/service.yaml b/bitnami/zipkin/templates/service.yaml new file mode 100644 index 00000000000000..1493a46fce1139 --- /dev/null +++ b/bitnami/zipkin/templates/service.yaml @@ -0,0 +1,58 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if or .Values.service.annotations .Values.commonAnnotations .Values.metrics.enabled .Values.metrics.annotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.annotations .Values.commonAnnotations .Values.metrics.annotations) "context" .) }} + {{- if .Values.metrics.enabled }} + {{- $defaultMetricsAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" (.Values.service.ports.http | quote) "prometheus.io/path" "/prometheus" }} + {{- $annotations = include "common.tplvalues.merge" (dict "values" (list $annotations $defaultMetricsAnnotations) "context" .) }} + {{- end }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: {{ ternary "https" "http" .Values.tls.enabled }} + port: {{ .Values.service.ports.http }} + targetPort: {{ ternary "https" "http" .Values.tls.enabled }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.podLabels .Values.commonLabels) "context" .) | fromYaml }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin diff --git a/bitnami/zipkin/templates/servicemonitor.yaml b/bitnami/zipkin/templates/servicemonitor.yaml new file mode 100644 index 00000000000000..654774c8ff3ba8 --- /dev/null +++ b/bitnami/zipkin/templates/servicemonitor.yaml @@ -0,0 +1,56 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default ( include "common.names.namespace" . ) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: zipkin + app.kubernetes.io/part-of: zipkin + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: zipkin + app.kubernetes.io/component: zipkin + prometheus.io/scrape: true + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: {{ ternary "https" "http" .Values.tls.enabled }} + path: /prometheus + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . }} +{{- end }} diff --git a/bitnami/zipkin/templates/tls-secret.yaml b/bitnami/zipkin/templates/tls-secret.yaml new file mode 100644 index 00000000000000..2ad57fc4317a4a --- /dev/null +++ b/bitnami/zipkin/templates/tls-secret.yaml @@ -0,0 +1,47 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "zipkin.tls.createSecret" . ) (eq .Values.tls.autoGenerated.engine "helm") }} +{{- $ca := genCA "zipkin-ca" 365 }} +{{- $caSecretName := printf "%s-ca-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $caSecretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $caSecretName "key" "tls.crt" "defaultValue" $ca.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $caSecretName "key" "tls.key" "defaultValue" $ca.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $caSecretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} + +--- +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := include "common.names.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $serviceName := include "common.names.fullname" . }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $releaseNamespace $clusterDomain) "localhost" "127.0.0.1" $fullname }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: zipkin + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} +{{- end }} diff --git a/bitnami/zipkin/templates/vpa.yaml b/bitnami/zipkin/templates/vpa.yaml new file mode 100644 index 00000000000000..ef62c66985f5aa --- /dev/null +++ b/bitnami/zipkin/templates/vpa.yaml @@ -0,0 +1,43 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1/VerticalPodAutoscaler") .Values.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" . }} +kind: VerticalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: zipkin + {{- with .Values.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: apps/v1 + kind: "Deployment" + name: {{ include "common.names.fullname" . }} + {{- if .Values.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/zipkin/values.yaml b/bitnami/zipkin/values.yaml new file mode 100644 index 00000000000000..bd56a238f69272 --- /dev/null +++ b/bitnami/zipkin/values.yaml @@ -0,0 +1,984 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @param configOverrides Overwrite or add extra configuration options to the chart default +## Example: +## configOverrides: +## MEM_MAX_SPANS: 500000 +## +configOverrides: {} + +## @param secretConfigOverrides Overwrite or add extra configuration options to the chart default (these will be added in a secret) +## Example: +## secretConfigOverrides: +## CASSANDRA_PASSWORD: test123 +## +secretConfigOverrides: {} + +## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for zipkin +## NOTE: By providing a ConfigMap, other settings provided using values may be ignored. +## +existingConfigmap: "" + +## @param existingSecret The name of an existing Secret with your custom sensitive configuration for zipkin +## +existingSecret: "" + +## @param javaOpts Set extra Java Options when launching zipkin +## +javaOpts: "" + +## Bitnami zipkin image +## ref: https://hub.docker.com/r/bitnami/zipkin/tags/ +## @param image.registry [default: REGISTRY_NAME] zipkin image registry +## @param image.repository [default: REPOSITORY_NAME/zipkin] zipkin image repository +## @skip image.tag zipkin image tag (immutable tags are recommended) +## @param image.digest zipkin image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) +## @param image.pullPolicy zipkin image pull policy +## @param image.pullSecrets zipkin image pull secrets +## @param image.debug Enable zipkin image debug mode +## +image: + registry: docker.io + repository: bitnami/zipkin + tag: 3.4.1-debian-12-r0 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + +## @param replicaCount Number of zipkin replicas to deploy +## +replicaCount: 1 +## @param containerPorts.http zipkin http server container port +## +containerPorts: + http: 9411 +## @param extraContainerPorts Optionally specify extra list of additional container ports +## e.g: +## extraContainerPorts: +## - name: myservice +## containerPort: 9090 +## +extraContainerPorts: [] +## @param deploymentLabels Add extra labels to the Deployment object +## +deploymentLabels: {} +## @param deploymentAnnotations Add extra annotations to the Deployment object +## +deploymentAnnotations: {} +## @param logLevel Set application log level +## +logLevel: INFO +## @param usePasswordFile Mount all sensitive information as files +## +usePasswordFile: true +## @param storageType Set version store type. The chart natively supports cassandra3, mem or other. Any other type requires you to add the configuration in configOverrides and secretConfigOverrides. +## +storageType: cassandra3 +## TLS/SSL parameters +## @param tls.enabled Enable TLS +## @param tls.usePemCerts Use certificates in .pem format +## @param tls.existingSecret Name of a secret containing the certificate files +## @param tls.certFilename Filename inside the secret of the .crt file (when usePemCerts=true) +## @param tls.certKeyFilename Filename inside the secret of the .key file (when usePemCerts=true) +## @param tls.keystoreFilename Filename inside the secret of the .jks file (when usePemCerts=false) +## @param tls.password Password of the Java keystore +## @param tls.passwordSecret Name of a secret containing the password of the Java keystore +## +tls: + enabled: false + usePemCerts: true + existingSecret: "" + certFilename: tls.crt + certKeyFilename: tls.key + keystoreFilename: zipkin.jks + password: "" + passwordSecret: "" + ## @param tls.autoGenerated.enabled Enable automatic generation of certificates for TLS + ## @param tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager) + autoGenerated: + enabled: true + engine: helm + ## @param tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine) + ## @param tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine) + certManager: + existingIssuer: "" + existingIssuerKind: "" + keySize: 2048 + keyAlgorithm: RSA + duration: 2160h + renewBefore: 360h + +## Configure extra options for zipkin containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on zipkin containers +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## @param readinessProbe.enabled Enable readinessProbe on zipkin containers +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## @param startupProbe.enabled Enable startupProbe on zipkin containers +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 90 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe Custom startupProbe that overrides the default one +## +customStartupProbe: {} +## zipkin resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (secondary.resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "small" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable security context for zipkin pods +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem +## +podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 +## Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled zipkin container securityContext +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser User ID for the zipkin container +## @param containerSecurityContext.runAsGroup Group ID for the zipkin container +## @param containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set secondary container's Security Context privileged +## @param containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param hostAliases zipkin pods host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param annotations Annotations for zipkin deployment/statefulset +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +annotations: {} +## @param podLabels Extra labels for zipkin pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for zipkin pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb +## @param pdb.create Enable/disable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable +## +pdb: + create: true + minAvailable: "" + maxUnavailable: "" +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for zipkin pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set +## +affinity: {} +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param nodeSelector Node labels for zipkin pods assignment +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations Tolerations for zipkin pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param updateStrategy.type zipkin strategy type +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or Recreate + ## + type: RollingUpdate + +## @param priorityClassName zipkin pods' priorityClassName +## +priorityClassName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param schedulerName Name of the k8s scheduler (other than default) for zipkin pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param lifecycleHooks for the zipkin container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraEnvVars Array with extra environment variables to add to zipkin nodes +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for zipkin nodes +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for zipkin nodes +## +extraEnvVarsSecret: "" +## @param extraVolumes Optionally specify extra list of additional volumes for the zipkin pod(s) +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the zipkin container(s) +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the zipkin pod(s) +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param initContainers Add additional init containers to the zipkin pod(s) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'echo "hello world"'] +## +initContainers: [] + +## @section Autoscaling +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## +autoscaling: + vpa: + ## @param autoscaling.vpa.enabled Enable VPA + ## + enabled: false + ## @param autoscaling.vpa.annotations Annotations for VPA resource + ## + annotations: {} + ## @param autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## + controlledResources: [] + ## @param autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + maxAllowed: {} + ## @param autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + minAllowed: {} + ## @section VPA update policy + ## + updatePolicy: + ## @param autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updateMode: Auto + hpa: + ## @param autoscaling.hpa.enabled Enable HPA + ## + enabled: false + ## @param autoscaling.hpa.minReplicas Minimum number of replicas + ## + minReplicas: "" + ## @param autoscaling.hpa.maxReplicas Maximum number of replicas + ## + maxReplicas: "" + ## @param autoscaling.hpa.targetCPU Target CPU utilization percentage + ## + targetCPU: "" + ## @param autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + targetMemory: "" +## @section Traffic Exposure Parameters +## + +## zipkin service parameters +## +service: + ## @param service.type zipkin service type + ## + type: ClusterIP + ## @param service.ports.http zipkin service http port + ## + ports: + http: 9411 + ## Node ports to expose + ## @param service.nodePorts.http Node port for Gremlin + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param service.clusterIP zipkin service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP zipkin service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges zipkin service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy zipkin service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for zipkin service + ## + annotations: {} + ## @param service.extraPorts Extra ports to expose in zipkin service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## Configure the ingress resource that allows you to access the +## zipkin installation. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Set to true to enable ingress record generation + ## + enabled: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: zipkin.local + ## @param ingress.path The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.ingressClassName Set the ingerssClassName on the ingress record for k8s 1.18+ + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.tls Create TLS Secret + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it + ## + tls: false + ## @param ingress.tlsWwwPrefix Adds www subdomain to default cert + ## Creates tls host with ingress.hostname: {{ print "www.%s" .Values.ingress.hostname }} + ## Is enabled if "nginx.ingress.kubernetes.io/from-to-www-redirect" is "true" + tlsWwwPrefix: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: zipkin.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - zipkin.local + ## secretName: zipkin.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: zipkin.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template + ## Useful when looking for additional customization, such as using different backend + ## + extraRules: [] + +## @section Other Parameters +## + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: false + +## @section Default Init Container Parameters +## +defaultInitContainers: + ## Init container that waits for backends to be ready + ## + waitForCassandra: + ## @param defaultInitContainers.waitForCassandra.enabled Enable init container that waits for backends to be ready + ## + enabled: true + ## Cassandra image + ## ref: https://hub.docker.com/r/bitnami/cassandra/tags/ + ## @param defaultInitContainers.waitForCassandra.image.registry [default: REGISTRY_NAME] Cassandra image registry + ## @param defaultInitContainers.waitForCassandra.image.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository + ## @skip defaultInitContainers.waitForCassandra.image.tag Cassandra image tag (immutable tags are recommended) + ## @param defaultInitContainers.waitForCassandra.image.pullPolicy Cassandra image pull policy + ## @param defaultInitContainers.waitForCassandra.image.pullSecrets Cassandra image pull secrets + ## @param defaultInitContainers.waitForCassandra.image.debug Enable debug output + ## + image: + registry: docker.io + repository: bitnami/cassandra + tag: 4.1.6-debian-12-r3 + pullPolicy: IfNotPresent + pullSecrets: [] + debug: false + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.waitForCassandra.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultInitContainers.waitForCassandra.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.enabled Enabled Init container' Security Context + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Init container + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.runAsUser Set runAsUser in Init container' Security Context + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.runAsGroup Set runAsGroup in Init container' Security Context + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Init container' Security Context + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Init container' Security Context + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.privileged Set privileged in Init container' Security Context + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Init container' Security Context + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Init container + ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.seccompProfile.type Set seccomp profile in Init container + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Init container that initializes the Java keystore with the TLS certificates (requires tls.enabled=true) + ## + initCerts: + ## @param defaultInitContainers.initCerts.enabled Enable init container that initializes the Java keystore with the TLS certificates (requires tls.enabled=true) + ## + enabled: true + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.initCerts.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultInitContainers.initCerts.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultInitContainers.initCerts.containerSecurityContext.enabled Enabled Init container' Security Context + ## @param defaultInitContainers.initCerts.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Init container + ## @param defaultInitContainers.initCerts.containerSecurityContext.runAsUser Set runAsUser in Init container' Security Context + ## @param defaultInitContainers.initCerts.containerSecurityContext.runAsGroup Set runAsGroup in Init container' Security Context + ## @param defaultInitContainers.initCerts.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Init container' Security Context + ## @param defaultInitContainers.initCerts.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Init container' Security Context + ## @param defaultInitContainers.initCerts.containerSecurityContext.privileged Set privileged in Init container' Security Context + ## @param defaultInitContainers.initCerts.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Init container' Security Context + ## @param defaultInitContainers.initCerts.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Init container + ## @param defaultInitContainers.initCerts.containerSecurityContext.seccompProfile.type Set seccomp profile in Init container + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + + + +## @section NetworkPolicy parameters +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports zipkin is + ## listening on. When true, zipkin will accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + +## @section Metrics parameters +## +metrics: + ## @param metrics.enabled Enable metrics + ## + enabled: false + ## @param metrics.annotations [object] Annotations for the server service in order to scrape metrics + annotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.annotations Annotations for the ServiceMonitor Resource + ## + annotations: "" + ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + +## @section Database parameters +## +externalDatabase: + ## @param externalDatabase.host External database host + host: "" + ## @param externalDatabase.port External database port + port: 9042 + ## Database credentials + ## @param externalDatabase.user Cassandra admin user + ## @param externalDatabase.password Password for `dbUser.user`. Randomly generated if empty + ## + user: bn_zipkin + password: "" + ## @param externalDatabase.existingSecret Name of existing secret containing the database secret + ## + existingSecret: "" + ## @param externalDatabase.existingSecretPasswordKey Name of existing secret key containing the database password secret key + ## + existingSecretPasswordKey: "" + ## Cluster parameters + ## @param externalDatabase.cluster.datacenter Name for cassandra's zipkin datacenter + ## + cluster: + datacenter: "datacenter1" + ## @param externalDatabase.keyspace Name for cassandra's zipkin keyspace + ## + keyspace: "bitnami_zipkin" +## @section Cassandra storage sub-chart +## +cassandra: + ## @param cassandra.enabled Enables cassandra storage pod + ## + enabled: true + ## Cluster parameters + ## @param cassandra.cluster.datacenter Name for cassandra's zipkin datacenter + ## + cluster: + datacenter: "datacenter1" + ## @param cassandra.keyspace Name for cassandra's zipkin keyspace + ## + keyspace: "bitnami_zipkin" + ## Database credentials + ## @param cassandra.dbUser.user Cassandra admin user + ## @param cassandra.dbUser.password Password for `dbUser.user`. Randomly generated if empty + ## @param cassandra.dbUser.existingSecret Name of an existing secret containing the user password. + ## + dbUser: + user: bn_zipkin + password: "" + existingSecret: "" + ## Cassandra service port + ## @param cassandra.service.ports.cql Cassandra cql port + service: + ports: + cql: 9042 + ## Cassandra pods' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## Minimum memory for development is 4GB and 2 CPU cores + ## Minimum memory for production is 8GB and 4 CPU cores + ## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html + ## + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param cassandra.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "medium" + ## @param cassandra.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param cassandra.initDB [object] Init script for initializing the instance + ## + initDB: + create_keyspace.cql: | + CREATE KEYSPACE {{ include "zipkin.cassandra.keyspace" . }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; + ## @param cassandra.extraEnvVars [array] Add extra env variables to the Cassandra installation + ## Note: Zipkin requires SASI indexes + extraEnvVars: + - name: CASSANDRA_CFG_YAML_SASI_INDEXES_ENABLED + value: "true" \ No newline at end of file