diff --git a/.vib/scylladb/ginkgo/go.mod b/.vib/scylladb/ginkgo/go.mod new file mode 100644 index 00000000000000..c3468dc79eee91 --- /dev/null +++ b/.vib/scylladb/ginkgo/go.mod @@ -0,0 +1,57 @@ +module test-scylladb-chart + +go 1.20 + +replace github.com/bitnami/charts/.vib/common-tests/ginkgo-utils => ../../common-tests/ginkgo-utils + +require ( + github.com/bitnami/charts/.vib/common-tests/ginkgo-utils v0.0.0-00010101000000-000000000000 + github.com/onsi/ginkgo/v2 v2.11.0 + github.com/onsi/gomega v1.27.8 + k8s.io/api v0.28.0 + k8s.io/apimachinery v0.28.0 + k8s.io/client-go v0.28.0 +) + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/go-logr/logr v1.2.4 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.5.9 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/imdario/mergo v0.3.6 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/spf13/pflag v1.0.5 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.9.3 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect +) diff --git a/.vib/scylladb/ginkgo/go.sum b/.vib/scylladb/ginkgo/go.sum new file mode 100644 index 00000000000000..5d481c1be1d259 --- /dev/null +++ b/.vib/scylladb/ginkgo/go.sum @@ -0,0 +1,160 @@ +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= +github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= +github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.28.0 h1:3j3VPWmN9tTDI68NETBWlDiA9qOiGJ7sdKeufehBYsM= +k8s.io/api v0.28.0/go.mod h1:0l8NZJzB0i/etuWnIXcwfIv+xnDOhL3lLW919AWYDuY= +k8s.io/apimachinery v0.28.0 h1:ScHS2AG16UlYWk63r46oU3D5y54T53cVI5mMJwwqFNA= +k8s.io/apimachinery v0.28.0/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw= +k8s.io/client-go v0.28.0 h1:ebcPRDZsCjpj62+cMk1eGNX1QkMdRmQ6lmz5BLoFWeM= +k8s.io/client-go v0.28.0/go.mod h1:0Asy9Xt3U98RypWJmU1ZrRAGKhP6NqDPmptlAzK2kMc= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/.vib/scylladb/ginkgo/scylladb_suite_test.go b/.vib/scylladb/ginkgo/scylladb_suite_test.go new file mode 100644 index 00000000000000..b95240201760e2 --- /dev/null +++ b/.vib/scylladb/ginkgo/scylladb_suite_test.go @@ -0,0 +1,92 @@ +package scylladb_test + +import ( + "context" + "flag" + "testing" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + batchv1 "k8s.io/api/batch/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v1 "k8s.io/api/core/v1" + "k8s.io/client-go/kubernetes" +) + +var ( + kubeconfig string + stsName string + namespace string + username string + password string + timeoutSeconds int + timeout time.Duration +) + +func init() { + flag.StringVar(&kubeconfig, "kubeconfig", "", "absolute path to the kubeconfig file") + flag.StringVar(&stsName, "name", "", "name of the primary statefulset") + flag.StringVar(&namespace, "namespace", "", "namespace where the application is running") + flag.StringVar(&username, "username", "", "database user") + flag.StringVar(&password, "password", "", "database password for username") + flag.IntVar(&timeoutSeconds, "timeout", 600, "timeout in seconds") + timeout = time.Duration(timeoutSeconds) * time.Second +} + +func TestScylladb(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Scylladb Persistence Test Suite") +} + +func createJob(ctx context.Context, c kubernetes.Interface, name, port, image, stmt string) error { + securityContext := &v1.SecurityContext{ + Privileged: &[]bool{false}[0], + AllowPrivilegeEscalation: &[]bool{false}[0], + RunAsNonRoot: &[]bool{true}[0], + Capabilities: &v1.Capabilities{ + Drop: []v1.Capability{"ALL"}, + }, + SeccompProfile: &v1.SeccompProfile{ + Type: "RuntimeDefault", + }, + } + job := &batchv1.Job{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + TypeMeta: metav1.TypeMeta{ + Kind: "Job", + }, + Spec: batchv1.JobSpec{ + Template: v1.PodTemplateSpec{ + Spec: v1.PodSpec{ + RestartPolicy: "Never", + Containers: []v1.Container{ + { + Name: "scylladb", + Image: image, + Command: []string{"cqlsh", "-u", username, "-p", password, "-e", stmt}, + Env: []v1.EnvVar{ + { + Name: "CQLSH_HOST", + Value: stsName, + }, + { + Name: "CQLSH_PORT", + Value: port, + }, + }, + SecurityContext: securityContext, + }, + }, + }, + }, + }, + } + + _, err := c.BatchV1().Jobs(namespace).Create(ctx, job, metav1.CreateOptions{}) + + return err +} diff --git a/.vib/scylladb/ginkgo/scylladb_test.go b/.vib/scylladb/ginkgo/scylladb_test.go new file mode 100644 index 00000000000000..02d03ffb06dc9b --- /dev/null +++ b/.vib/scylladb/ginkgo/scylladb_test.go @@ -0,0 +1,106 @@ +package scylladb_test + +import ( + "context" + "fmt" + "time" + + utils "github.com/bitnami/charts/.vib/common-tests/ginkgo-utils" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" + batchv1 "k8s.io/api/batch/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" +) + +const ( + PollingInterval = 1 * time.Second +) + +var _ = Describe("Scylladb", Ordered, func() { + var c *kubernetes.Clientset + var ctx context.Context + var cancel context.CancelFunc + + BeforeEach(func() { + ctx, cancel = context.WithCancel(context.Background()) + + conf := utils.MustBuildClusterConfig(kubeconfig) + c = kubernetes.NewForConfigOrDie(conf) + }) + + When("a database is created and Scylladb is scaled down to 0 replicas and back up", func() { + It("should have access to the created database", func() { + By("checking all the replicas are available") + getAvailableReplicas := func(ss *appsv1.StatefulSet) int32 { return ss.Status.AvailableReplicas } + getSucceededJobs := func(j *batchv1.Job) int32 { return j.Status.Succeeded } + getOpts := metav1.GetOptions{} + + ss, err := c.AppsV1().StatefulSets(namespace).Get(ctx, stsName, getOpts) + Expect(err).NotTo(HaveOccurred()) + Expect(ss.Status.Replicas).NotTo(BeZero()) + origReplicas := *ss.Spec.Replicas + + Eventually(func() (*appsv1.StatefulSet, error) { + return c.AppsV1().StatefulSets(namespace).Get(ctx, stsName, getOpts) + }, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(origReplicas))) + + svc, err := c.CoreV1().Services(namespace).Get(ctx, stsName, getOpts) + Expect(err).NotTo(HaveOccurred()) + + port, err := utils.SvcGetPortByName(svc, "cql") + Expect(err).NotTo(HaveOccurred()) + + image, err := utils.StsGetContainerImageByName(ss, "scylladb") + Expect(err).NotTo(HaveOccurred()) + + // Use current time for allowing the test suite to repeat + + jobSuffix := time.Now().Format("20060102150405") + + By("creating a job to create a new test database") + createDBJobName := fmt.Sprintf("%s-createdb-%s", + stsName, jobSuffix) + dbName := fmt.Sprintf("test%s", jobSuffix) + + err = createJob(ctx, c, createDBJobName, port, image, fmt.Sprintf("CREATE KEYSPACE %s WITH REPLICATION = { 'class': 'SimpleStrategy', 'replication_factor' : %d };", dbName, origReplicas)) + Expect(err).NotTo(HaveOccurred()) + + Eventually(func() (*batchv1.Job, error) { + return c.BatchV1().Jobs(namespace).Get(ctx, createDBJobName, getOpts) + }, timeout, PollingInterval).Should(WithTransform(getSucceededJobs, Equal(int32(1)))) + + By("scaling down to 0 replicas") + + ss, err = utils.StsScale(ctx, c, ss, 0) + Expect(err).NotTo(HaveOccurred()) + + Eventually(func() (*appsv1.StatefulSet, error) { + return c.AppsV1().StatefulSets(namespace).Get(ctx, stsName, getOpts) + }, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, BeZero())) + + By("scaling up to the original replicas") + ss, err = utils.StsScale(ctx, c, ss, origReplicas) + Expect(err).NotTo(HaveOccurred()) + + Eventually(func() (*appsv1.StatefulSet, error) { + return c.AppsV1().StatefulSets(namespace).Get(ctx, stsName, getOpts) + }, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(origReplicas))) + + By("creating a job to drop the test database") + deleteDBJobName := fmt.Sprintf("%s-deletedb-%s", + stsName, jobSuffix) + err = createJob(ctx, c, deleteDBJobName, port, image, fmt.Sprintf("DROP KEYSPACE %s;", dbName)) + Expect(err).NotTo(HaveOccurred()) + + Eventually(func() (*batchv1.Job, error) { + return c.BatchV1().Jobs(namespace).Get(ctx, deleteDBJobName, getOpts) + }, timeout, PollingInterval).Should(WithTransform(getSucceededJobs, Equal(int32(1)))) + }) + }) + + AfterEach(func() { + cancel() + }) +}) diff --git a/.vib/scylladb/goss/goss.yaml b/.vib/scylladb/goss/goss.yaml new file mode 100644 index 00000000000000..107414481ba55e --- /dev/null +++ b/.vib/scylladb/goss/goss.yaml @@ -0,0 +1,43 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +file: + {{ .Vars.persistence.mountPath }}: + exists: true + filetype: directory + mode: "2775" + owner: root + /opt/bitnami/scylladb/etc/scylla/scylla.yaml: + exists: true + filetype: file + mode: "0644" + contents: + - /num_tokens.*{{ .Vars.cluster.numTokens }}/ +command: + {{- $dbUser := .Vars.dbUser.user }} + {{- $dbPassword := .Vars.dbUser.password }} + {{- $port := .Vars.containerPorts.cql }} + {{- $nodes := .Vars.replicaCount }} + {{- $keyspace := printf "test_%s" (randAlpha 5) }} + manage-keyspace: + exec: "cqlsh -u {{ $dbUser }} -p {{ $dbPassword }} -e 'CREATE KEYSPACE {{ $keyspace }} WITH REPLICATION = { $$class$$: $$SimpleStrategy$$, $$replication_factor$$ : {{ $nodes }} };' scylladb-0.scylladb-headless {{ $port }}{{ range $e, $i := until $nodes }} && cqlsh -u {{ $dbUser }} -p {{ $dbPassword }} -e 'USE {{ $keyspace }};' scylladb-{{ $i }}.scylladb-headless {{ $port }}{{ end }}" + exit-status: 0 + timeout: 20000 + cluster-size: + exec: if [ "$(nodetool status | grep {{ .Vars.cluster.numTokens }} | wc -l)" -ne {{ $nodes }} ]; then exit 1; fi + exit-status: 0 + timeout: 20000 + {{- $uid := .Vars.containerSecurityContext.runAsUser }} + {{- $gid := .Vars.podSecurityContext.fsGroup }} + check-user-info: + # The UID and GID should always be either the one specified as vars (always a bigger number that the default) + # or the one randomly defined by openshift (larger values). Otherwise, the chart is still using the default value. + exec: if [ $(id -u) -lt {{ $uid }} ] || [ $(id -G | awk '{print $2}') -lt {{ $gid }} ]; then exit 1; fi + exit-status: 0 + {{ if .Vars.automountServiceAccountToken }} + check-sa: + exec: cat /var/run/secrets/kubernetes.io/serviceaccount/token | cut -d '.' -f 2 | xargs -I '{}' echo '{}====' | fold -w 4 | sed '$ d' | tr -d '\n' | base64 -d + exit-status: 0 + stdout: + - /serviceaccount.*name.*{{.Env.BITNAMI_APP_NAME }}/ + {{ end }} diff --git a/.vib/scylladb/runtime-parameters.yaml b/.vib/scylladb/runtime-parameters.yaml new file mode 100644 index 00000000000000..d849ed6ed533ee --- /dev/null +++ b/.vib/scylladb/runtime-parameters.yaml @@ -0,0 +1,28 @@ +dbUser: + user: test_scylladb + password: ComplicatedPassword123!4 +replicaCount: 2 +cluster: + numTokens: 256 +containerPorts: + intra: 7001 + tls: 7002 + jmx: 7198 + cql: 9043 + cqlShard: 9099 + api: 12394 +persistence: + mountPath: /bitnami/scylladb +service: + ports: + cql: 80 + type: LoadBalancer +serviceAccount: + create: true +automountServiceAccountToken: true +podSecurityContext: + enabled: true + fsGroup: 1002 +containerSecurityContext: + enabled: true + runAsUser: 1002 diff --git a/.vib/scylladb/vib-action.config b/.vib/scylladb/vib-action.config new file mode 100644 index 00000000000000..98dc98a97ebe2a --- /dev/null +++ b/.vib/scylladb/vib-action.config @@ -0,0 +1 @@ +verification-mode=SERIAL \ No newline at end of file diff --git a/.vib/scylladb/vib-publish.json b/.vib/scylladb/vib-publish.json new file mode 100644 index 00000000000000..3fd0c2329f3dc2 --- /dev/null +++ b/.vib/scylladb/vib-publish.json @@ -0,0 +1,38 @@ +{ + "phases": { + "package": { + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "/bitnami/scylladb" + } + }, + "actions": [ + { + "action_id": "helm-package" + }, + { + "action_id": "helm-lint" + } + ] + }, + "publish": { + "actions": [ + { + "action_id": "helm-publish", + "params": { + "repository": { + "kind": "S3", + "url": "{VIB_ENV_S3_URL}", + "authn": { + "access_key_id": "{VIB_ENV_S3_ACCESS_KEY_ID}", + "secret_access_key": "{VIB_ENV_S3_SECRET_ACCESS_KEY}", + "role": "{VIB_ENV_S3_ROLE_ARN}" + } + } + } + } + ] + } + } +} diff --git a/.vib/scylladb/vib-verify.json b/.vib/scylladb/vib-verify.json new file mode 100644 index 00000000000000..fefed9a2ec76f0 --- /dev/null +++ b/.vib/scylladb/vib-verify.json @@ -0,0 +1,66 @@ +{ + "phases": { + "package": { + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "/bitnami/scylladb" + } + }, + "actions": [ + { + "action_id": "helm-package" + }, + { + "action_id": "helm-lint" + } + ] + }, + "verify": { + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "/bitnami/scylladb" + }, + "target_platform": { + "target_platform_id": "{VIB_ENV_TARGET_PLATFORM}", + "size": { + "name": "S4" + } + } + }, + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "scylladb/goss/goss.yaml", + "vars_file": "scylladb/runtime-parameters.yaml", + "remote": { + "pod": { + "workload": "sts-scylladb" + } + } + } + }, + { + "action_id": "ginkgo", + "params": { + "resources": { + "path": "/.vib/scylladb/ginkgo" + }, + "params": { + "kubeconfig": "{{kubeconfig}}", + "namespace": "{{namespace}}", + "name": "scylladb", + "username": "test_scylladb", + "password": "ComplicatedPassword123!4" + } + } + } + ] + } + } +} diff --git a/bitnami/scylladb/.helmignore b/bitnami/scylladb/.helmignore new file mode 100644 index 00000000000000..fb56657ab4a7df --- /dev/null +++ b/bitnami/scylladb/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ diff --git a/bitnami/scylladb/Chart.lock b/bitnami/scylladb/Chart.lock new file mode 100644 index 00000000000000..bddaa97e25f104 --- /dev/null +++ b/bitnami/scylladb/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.19.2 +digest: sha256:e670e1075bfafffe040fae1158f1fa1f592585f394b48704ba137d2d083b1571 +generated: "2024-05-07T22:35:13.438762903Z" diff --git a/bitnami/scylladb/Chart.yaml b/bitnami/scylladb/Chart.yaml new file mode 100644 index 00000000000000..353585453e043b --- /dev/null +++ b/bitnami/scylladb/Chart.yaml @@ -0,0 +1,35 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + category: Database + licenses: Apache-2.0 + images: | + - name: scylladb + image: docker.io/bitnami/scylladb:4.1.4-debian-12-r12 + - name: scylladb-exporter + image: docker.io/bitnami/scylladb-exporter:2.3.8-debian-12-r21 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r20 +apiVersion: v2 +appVersion: 5.4.6 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: Apache Scylladb is an open source distributed database management system designed to handle large amounts of data across many servers, providing high availability with no single point of failure. +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/scylladb/img/scylladb-stack-220x234.png +keywords: +- scylladb +- database +- nosql +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: scylladb +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/scylladb +version: 0.1.0 diff --git a/bitnami/scylladb/README.md b/bitnami/scylladb/README.md new file mode 100644 index 00000000000000..c5772f9a869f72 --- /dev/null +++ b/bitnami/scylladb/README.md @@ -0,0 +1,510 @@ + + +# Bitnami package for ScyllaDB + +ScyllaDB is an open-source, distributed NoSQL wide-column data store. Written in C++, it is designed for high throughput and low latency, compatible with Apache Cassandra. + +[Overview of ScyllaDB](http://scylladb.com/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/scylladb +``` + +Looking to use ScyllaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +This chart bootstraps an [ScyllaDB](https://github.com/bitnami/containers/tree/main/bitnami/scylladb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/scylladb +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +These commands deploy one node with ScyllaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling vs Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Enable TLS + +This chart supports TLS between client and server and between nodes, as explained below: + +- For internode cluster encryption, set the `tls.internodeEncryption` chart parameter to a value different from `none`. Available values are `all`, `dc` or `rack`. +- For client-server encryption, set the `tls.clientEncryption` chart parameter to `true`. + +In both cases, it is also necessary to create a secret containing the certificate. This secret is to be passed to the chart via the `tls.existingSecret` parameter at deployment-time, as shown below: + +```text +tls.internodeEncryption=all +tls.clientEncryption=true +tls.existingSecret=my-exisiting-stores +``` + +To dinamically create auto-generated TLS certificates. `tls.autoGenerated` must be set and the new secret should be set in `tls.certificateSecret`: + +```text +tls.internodeEncryption=all +tls.clientEncryption=true +tls.autoGenerated=true +``` + +### Initialize the database + +The [ScyllaDB](https://github.com/bitnami/containers/tree/main/bitnami/scylladb) image supports the use of custom scripts to initialize a fresh instance. This may be done by creating a Kubernetes ConfigMap that includes the necessary `.sh` or `.cql` scripts and passing this ConfigMap to the chart via the `initDBConfigMap` parameter. + +### Use a custom configuration file + +This chart also supports mounting custom configuration file(s) for ScyllaDB. This is achieved by setting the `existingConfiguration` parameter with the name of a ConfigMap that includes the custom configuration file(s). Here is an example of deploying the chart with a custom configuration file stored in a ConfigMap named `scylladb-configuration`: + +```text +existingConfiguration=scylladb-configuration +``` + +> NOTE: This ConfigMap will override other ScyllaDB configuration variables set in the chart. + +### Backup and restore + +Refer to our detailed tutorial on [backing up and restoring Bitnami ScyllaDB deployments on Kubernetes](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-backup-restore-data-scylladb-kubernetes-index.html). + +### Set pod affinity + +This chart allows you to set custom pod affinity using the `XXX.affinity` parameter(s). Find more information about pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Persistence + +The [Bitnami ScyllaDB](https://github.com/bitnami/containers/tree/main/bitnami/scylladb) image stores the ScyllaDB data at the `/bitnami/scylladb` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. There are two approaches to achieve this: + +- Use Kubernetes SecurityContexts by setting the `podSecurityContext.enabled` and `containerSecurityContext.enabled` to `true`. This option is enabled by default in the chart. However, this feature does not work in all Kubernetes distributions. +- Use an init container to change the ownership of the volume before mounting it in the final destination. Enable this container by setting the `volumePermissions.enabled` parameter to `true`. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `commonLabels` | Labels to add to all deployed objects (sub-charts are not considered) | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + +### Scylladb parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | Scylladb image registry | `REGISTRY_NAME` | +| `image.repository` | Scylladb image repository | `REPOSITORY_NAME/scylladb` | +| `image.digest` | Scylladb image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Scylladb image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `dbUser.user` | Scylladb admin user | `cassandra` | +| `dbUser.forcePassword` | Force the user to provide a non | `false` | +| `dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` | +| `dbUser.existingSecret` | Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) | `""` | +| `initDBConfigMap` | ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data | `""` | +| `initDBSecret` | Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data | `""` | +| `existingConfiguration` | ConfigMap with custom scylladb configuration files. This overrides any other Scylladb configuration set in the chart | `""` | +| `cluster.name` | Scylladb cluster name | `scylladb` | +| `cluster.seedCount` | Number of seed nodes | `1` | +| `cluster.numTokens` | Number of tokens for each node | `256` | +| `cluster.datacenter` | Datacenter name | `dc1` | +| `cluster.rack` | Rack name | `rack1` | +| `cluster.endpointSnitch` | Endpoint Snitch | `SimpleSnitch` | +| `cluster.extraSeeds` | For an external/second scylladb ring. | `[]` | +| `cluster.enableUDF` | Enable User defined functions | `false` | +| `jvm.extraOpts` | Set the value for Java Virtual Machine extra options | `""` | +| `jvm.maxHeapSize` | Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` | `""` | +| `jvm.newHeapSize` | Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` | `""` | +| `command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `extraEnvVars` | Extra environment variables to be set on scylladb container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | + +### Statefulset parameters + +| Name | Description | Value | +| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of Scylladb replicas | `1` | +| `updateStrategy.type` | updateStrategy for Scylladb statefulset | `RollingUpdate` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | +| `priorityClassName` | Scylladb pods' priority. | `""` | +| `podAnnotations` | Additional pod annotations | `{}` | +| `statefulsetLabels` | Labels for statefulset | `{}` | +| `statefulsetAnnotations` | Annotations for statefulset | `{}` | +| `podLabels` | Additional pod labels | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `podSecurityContext.enabled` | Enabled Scylladb pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Scylladb pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled Scylladb containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.runAsUser` | Set Scylladb containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set Scylladb containers' Security Context runAsGroup | `1001` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set Scylladb containers' Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | Set Scylladb containers' Security Context capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set Scylladb containers' Security Context readOnlyRootFilesystem | `true` | +| `containerSecurityContext.runAsNonRoot` | Set Scylladb containers' Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `large` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `lifecycleHooks` | Override default container hooks | `{}` | +| `schedulerName` | Alternative scheduler | `""` | +| `terminationGracePeriodSeconds` | In seconds, time the given to the Scylladb pod needs to terminate gracefully | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for scylladb container | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for scylladb container | `[]` | +| `initContainers` | Add additional init containers to the scylladb pods | `[]` | +| `sidecars` | Add additional sidecar containers to the scylladb pods | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | +| `hostNetwork` | Enable HOST Network | `false` | +| `containerPorts.intra` | Intra Port on the Host and Container | `7000` | +| `containerPorts.tls` | TLS Port on the Host and Container | `7001` | +| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` | +| `containerPorts.cql` | CQL Port on the Host and Container | `9042` | +| `containerPorts.cqlShard` | CQL Port (Shard) on the Host and Container | `19042` | +| `containerPorts.api` | REST API port on the Host and Container | `10000` | +| `extraContainerPorts` | Optionally specify extra list of additional ports for the container | `[]` | +| `hostPorts.intra` | Intra Port on the Host | `""` | +| `hostPorts.tls` | TLS Port on the Host | `""` | +| `hostPorts.jmx` | JMX Port on the Host | `""` | +| `hostPorts.cql` | CQL Port on the Host | `""` | +| `hostPorts.cqlShard` | CQL (Sharded) Port on the Host | `""` | +| `hostPorts.api` | REST API Port on the Host | `""` | + +### JMX Proxy Deployment Parameters + +| Name | Description | Value | +| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `jmxProxy.enabled` | Enable JMX Proxy sidecar | `true` | +| `jmxProxy.extraEnvVars` | Array with extra environment variables to add to JMX Proxy sidecar | `[]` | +| `jmxProxy.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for JMX Proxy sidecar | `""` | +| `jmxProxy.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for JMX Proxy sidecar | `""` | +| `jmxProxy.command` | Override default container command (useful when using custom images) | `[]` | +| `jmxProxy.args` | Override default container args (useful when using custom images) | `[]` | +| `jmxProxy.livenessProbe.enabled` | Enable livenessProbe on JMX Proxy sidecar | `true` | +| `jmxProxy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `jmxProxy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `jmxProxy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `jmxProxy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `jmxProxy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `jmxProxy.readinessProbe.enabled` | Enable readinessProbe on JMX Proxy sidecar | `true` | +| `jmxProxy.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `jmxProxy.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `jmxProxy.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `jmxProxy.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `jmxProxy.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `jmxProxy.startupProbe.enabled` | Enable startupProbe on JMX Proxy containers | `false` | +| `jmxProxy.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `jmxProxy.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `jmxProxy.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `jmxProxy.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `jmxProxy.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `jmxProxy.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `jmxProxy.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `jmxProxy.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `jmxProxy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if jmxProxy.resources is set (jmxProxy.resources is recommended for production). | `micro` | +| `jmxProxy.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `jmxProxy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `jmxProxy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `jmxProxy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `jmxProxy.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `jmxProxy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `jmxProxy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `jmxProxy.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `jmxProxy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `jmxProxy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `jmxProxy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `jmxProxy.lifecycleHooks` | for the JMX Proxy container(s) to automate configuration before or after startup | `{}` | +| `jmxProxy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the JMX Proxy container(s) | `[]` | +| `jmxProxy.extraContainerPorts` | Optionally specify extra list of additional ports for the container | `[]` | + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable the creation of a ServiceAccount for Scylladb pods | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.annotations` | Annotations for Scylladb Service Account | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | + +### Traffic Exposure Parameters + +| Name | Description | Value | +| --------------------------------------- | ---------------------------------------------------------------------------------- | ----------- | +| `service.type` | Scylladb service type | `ClusterIP` | +| `service.ports.cql` | Scylladb service CQL Port | `9042` | +| `service.ports.cqlShard` | Scylladb service CQL Port (sharded) | `19042` | +| `service.ports.metrics` | Scylladb service metrics port | `8080` | +| `service.nodePorts.cql` | Node port for CQL | `""` | +| `service.nodePorts.cqlShard` | Node port for CQL (sharded) | `""` | +| `service.nodePorts.metrics` | Node port for metrics | `""` | +| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `service.clusterIP` | Service Cluster IP | `""` | +| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### Persistence parameters + +| Name | Description | Value | +| -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable Scylladb data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir | `true` | +| `persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `persistence.storageClass` | PVC Storage Class for Scylladb data volume | `""` | +| `persistence.commitStorageClass` | PVC Storage Class for Scylladb Commit Log volume | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for Scylladb data volume | `8Gi` | +| `persistence.commitLogsize` | PVC Storage Request for Scylladb commit log volume. Unset by default | `2Gi` | +| `persistence.mountPath` | The path the data volume will be mounted at | `/bitnami/scylladb` | +| `persistence.commitLogMountPath` | The path the commit log volume will be mounted at. Unset by default. Set it to '/bitnami/scylladb/commitlog' to enable a separate commit log volume | `""` | + +### Volume Permissions parameters + +| Name | Description | Value | +| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Scylladb exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Scylladb exporter image name | `REPOSITORY_NAME/scylladb-exporter` | +| `metrics.image.digest` | Scylladb exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `metrics.args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.livenessProbe.enabled` | Enable liveness probe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `45` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readiness probe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `45` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startup probe | `true` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `45` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.customStartupProbe` | Override default startup probe | `{}` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for scylladb-exporter container | `[]` | +| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | +| `metrics.lifecycleHooks` | Override default container hooks | `{}` | +| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.labels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | +| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` | +| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` | +| `metrics.extraContainerPorts` | Optionally specify extra list of additional ports for the container | `[]` | +| `metrics.hostPorts.http` | HTTP Port on the Host | `""` | +| `metrics.hostPorts.jmx` | JMX Port on the Host | `""` | +| `metrics.configuration` | Configure Scylladb-exporter with a custom config.yml file | `""` | + +### TLS/SSL parameters + +| Name | Description | Value | +| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `tls.internodeEncryption` | Set internode encryption | `none` | +| `tls.clientEncryption` | Set client-server encryption | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `true` | +| `tls.existingSecret` | Existing secret that contains TLS certificates | `""` | +| `tls.certFilename` | The secret key from the existingSecret if 'cert' key different from the default (tls.crt) | `tls.crt` | +| `tls.certKeyFilename` | The secret key from the existingSecret if 'key' key different from the default (tls.key) | `tls.key` | +| `tls.certCAFilename` | The secret key from the existingSecret if 'ca' key different from the default (ca.crt) | `""` | +| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | +| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `sysctl.sysctls` | Map with sysctl settings to change. These are translated to sysctl -w = | `{}` | +| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | +| `sysctl.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). | `nano` | +| `sysctl.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | + +The above parameters map to the env variables defined in [bitnami/scylladb](https://github.com/bitnami/containers/tree/main/bitnami/scylladb). For more information please refer to the [bitnami/scylladb](https://github.com/bitnami/containers/tree/main/bitnami/scylladb) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set dbUser.user=admin,dbUser.password=password \ + oci://REGISTRY_NAME/REPOSITORY_NAME/scylladb +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/scylladb +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/scylladb/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart: + +```console +helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/scylladb --set dbUser.password=[PASSWORD] +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +| Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes. + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/bitnami/scylladb/templates/NOTES.txt b/bitnami/scylladb/templates/NOTES.txt new file mode 100644 index 00000000000000..08265214491e22 --- /dev/null +++ b/bitnami/scylladb/templates/NOTES.txt @@ -0,0 +1,93 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- $scylladbPasswordKey := ( include "common.secrets.key" (dict "existingSecret" .Values.dbUser.existingSecret "key" "scylladb-password") ) -}} +{{- $scylladbSecretName := ( include "common.secrets.name" (dict "existingSecret" .Values.dbUser.existingSecret "context" $) ) -}} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/scylladb/entrypoint.sh /opt/bitnami/scripts/scylladb/run.sh + +{{- else }} + +Scylladb can be accessed through the following URLs from within the cluster: + + - CQL: {{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.cql }} + +To get your password run: + + {{ include "common.utils.secret.getvalue" (dict "secret" $scylladbSecretName "field" $scylladbPasswordKey "context" $) }} + +Check the cluster status by running: + + kubectl exec -it --namespace {{ include "common.names.namespace" . }} $(kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status + +To connect to your Scylladb cluster using CQL: + +1. Run a Scylladb pod that you can use as a client: + + kubectl run --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \ + --env SCYLLADB_PASSWORD=$SCYLLADB_PASSWORD \ + {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ include "common.names.name" . }}-client=true"{{ end }} \ + --image {{ include "scylladb.image" . }} -- bash + +2. Connect using the cqlsh client: + + cqlsh -u {{ .Values.dbUser.user }} -p $SCYLLADB_PASSWORD {{ include "common.names.fullname" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with the label below will be able to connect to Scylladb: + + "{{ include "common.names.fullname" . }}-client=true" + +{{- else -}} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + + cqlsh -u {{ .Values.dbUser.user }} -p $SCYLLADB_PASSWORD $NODE_IP $NODE_PORT + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + cqlsh -u {{ .Values.dbUser.user }} -p $SCYLLADB_PASSWORD $SERVICE_IP + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.cql }}:{{ .Values.service.ports.cql }} & + cqlsh -u {{ .Values.dbUser.user }} -p $SCYLLADB_PASSWORD 127.0.0.1 {{ .Values.service.ports.cql }} + +{{- end }} +{{- end }} +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "scylladb.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "tls" "jmxProxy" "volumePermissions") "context" $) }} +{{- include "scylladb.warnings.jvm" . }} \ No newline at end of file diff --git a/bitnami/scylladb/templates/_helpers.tpl b/bitnami/scylladb/templates/_helpers.tpl new file mode 100644 index 00000000000000..ec8fbce0ed1215 --- /dev/null +++ b/bitnami/scylladb/templates/_helpers.tpl @@ -0,0 +1,303 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Scylladb image name +*/}} +{{- define "scylladb.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Scylladb image name +*/}} +{{- define "scylladb.sysctl.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper metrics image name +*/}} +{{- define "scylladb.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "scylladb.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "scylladb.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "scylladb.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the list of Scylladb seed nodes +*/}} +{{- define "scylladb.seeds" -}} +{{- $seeds := list }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := include "common.names.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $seedCount := .Values.cluster.seedCount | int }} +{{- range $e, $i := until $seedCount }} +{{- $seeds = append $seeds (printf "%s-%d.%s-headless.%s.svc.%s" $fullname $i $fullname $releaseNamespace $clusterDomain) }} +{{- end }} +{{- range .Values.cluster.extraSeeds }} +{{- $seeds = append $seeds . }} +{{- end }} +{{- join "," $seeds }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "scylladb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "scylladb.validateValues.seedCount" .) -}} +{{- $messages := append $messages (include "scylladb.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Scylladb - Number of seed nodes */}} +{{- define "scylladb.validateValues.seedCount" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $seedCount := int .Values.cluster.seedCount }} +{{- if or (lt $seedCount 1) (gt $seedCount $replicaCount) }} +scylladb: cluster.seedCount + + Number of seed nodes must be greater or equal than 1 and less or + equal to `replicaCount`. +{{- end -}} +{{- end -}} + +{{/* Validate values of Scylladb - Tls enabled */}} +{{- define "scylladb.validateValues.tls" -}} +{{- if and (include "scylladb.tlsEncryption" .) (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) }} +scylladb: tls.enabled + In order to enable TLS, you also need to provide + an existing secret containing the certificate/keyfile or + enable auto-generated certificates. +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Commit Storage Class +{{ include "scylladb.commitstorage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "scylladb.commitstorage.class" -}} +{{- $storageClass := .persistence.commitStorageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.commitStorageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if encryption via TLS for client connections should be configured +*/}} +{{- define "scylladb.client.tlsEncryption" -}} +{{- if .Values.tls.clientEncryption -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if encryption via TLS for internode communication connections should be configured +*/}} +{{- define "scylladb.internode.tlsEncryption" -}} +{{- if (ne .Values.tls.internodeEncryption "none") -}} + {{- printf "%s" .Values.tls.internodeEncryption -}} +{{- else -}} + {{- printf "none" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if encryption via TLS should be configured +*/}} +{{- define "scylladb.tlsEncryption" -}} +{{- if or (include "scylladb.client.tlsEncryption" . ) ( ne "none" (include "scylladb.internode.tlsEncryption" . )) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Scylladb TLS credentials secret +*/}} +{{- define "scylladb.tlsSecretName" -}} +{{- if .Values.tls.existingSecret -}} + {{- printf "%s" (tpl .Values.tls.existingSecret $) -}} +{{- else -}} + {{- printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "scylladb.createTlsSecret" -}} +{{- if and (include "scylladb.tlsEncryption" .) .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "scylladb.tlsCert" -}} +{{- if (include "scylladb.createTlsSecret" . ) -}} + {{- printf "/bitnami/scylladb/certs/%s" "tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/bitnami/scylladb/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "scylladb.tlsCertKey" -}} +{{- if (include "scylladb.createTlsSecret" . ) -}} + {{- printf "/bitnami/scylladb/certs/%s" "tls.key" -}} +{{- else -}} + {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/bitnami/scylladb/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "scylladb.tlsCACert" -}} +{{- if (include "scylladb.createTlsSecret" . ) -}} + {{- printf "/bitnami/scylladb/certs/%s" "ca.crt" -}} +{{- else if .Values.tls.certCAFilename -}} + {{- printf "/bitnami/scylladb/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Convert memory to M +Usage: +{{ include "scylladb.memory.convertToM" (dict "value" "3Gi") }} +*/}} +{{- define "scylladb.memory.convertToM" -}} +{{- $res := 0 -}} +{{- if regexMatch "G" .value -}} +{{- /* Multiply by 1000 if it is Gigabytes */ -}} +{{- $res = regexFind "[0-9.]+" .value | float64 | mulf 1000 | int -}} +{{- else -}} +{{- /* Assume M for the rest, so simply extract the number and convert to int */ -}} +{{- $res = regexFind "[0-9]+" .value | int -}} +{{- end -}} +{{- $res -}} +{{- end -}} + +{{/* +Return memory limit if resources or resourcesPreset has been set (in M) +*/}} +{{- define "scylladb.memory.getLimitInM" -}} +{{- $res := "" -}} +{{- if .Values.resources -}} + {{- /* We need to go step by step to avoid nil pointer exceptions */ -}} + {{- if .Values.resources.limits -}} + {{- if .Values.resources.limits.memory -}} + {{- $res = .Values.resources.limits.memory -}} + {{- end -}} + {{- end }} +{{- else if (ne .Values.resourcesPreset "none") -}} + {{- $preset := include "common.resources.preset" (dict "type" .Values.resourcesPreset) | fromYaml -}} + {{- $res = $preset.limits.memory -}} +{{- end -}} +{{- if $res -}} + {{- /* Convert to M */ -}} + {{- include "scylladb.memory.convertToM" (dict "value" $res) -}} +{{- end -}} +{{- end -}} + +{{/* +Calculate Max Heap Size based on the given values +*/}} +{{- define "scylladb.memory.calculateMaxHeapSize" -}} +{{- if .Values.jvm.maxHeapSize -}} +{{- /* Honor value explicitly set */ -}} +{{- print .Values.jvm.maxHeapSize -}} +{{- else -}} +{{- /* Calculate based on resources set */ -}} +{{- /* Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gc-ergonomics.html */ -}} +{{- $res := include "scylladb.memory.getLimitInM" . -}} +{{- $res = div $res 4 | min 1000 -}} +{{- printf "%vM" $res -}} +{{- end -}} +{{- end -}} + +{{/* +Calculate New Heap Size based on the given values +*/}} +{{- define "scylladb.memory.calculateNewHeapSize" -}} +{{- if .Values.jvm.newHeapSize -}} +{{- /* Honor value explicitly set */ -}} +{{- print .Values.jvm.newHeapSize -}} +{{- else -}} +{{- /* Calculate based on resources set */ -}} +{{- /* Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gc-ergonomics.html */ -}} +{{- $res := include "scylladb.memory.getLimitInM" . -}} +{{- $res = div $res 64 | max 256 -}} +{{- printf "%vM" $res -}} +{{- end -}} +{{- end -}} + +{{/* +Print warning if jvm memory not set +*/}} +{{- define "scylladb.warnings.jvm" -}} +{{- if not .Values.jvm.maxHeapSize }} +WARNING: JVM Max Heap Size not set in value jvm.maxHeapSize. When not set, the chart will calculate the following size: + MIN(Memory Limit (if set) / 4, 1024M) +{{- end }} +{{- if not .Values.jvm.maxHeapSize }} +WARNING: JVM New Heap Size not set in value jvm.newHeapSize. When not set, the chart will calculate the following size: + MAX(Memory Limit (if set) / 64, 256M) +{{- end }} +{{- end -}} + +{{/* +Get the metrics config map name. +*/}} +{{- define "scylladb.metricsConfConfigMap" -}} + {{- printf "%s-metrics-conf" (include "common.names.fullname" . ) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/bitnami/scylladb/templates/extra-list.yaml b/bitnami/scylladb/templates/extra-list.yaml new file mode 100644 index 00000000000000..329f5c653a440f --- /dev/null +++ b/bitnami/scylladb/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/bitnami/scylladb/templates/headless-svc.yaml b/bitnami/scylladb/templates/headless-svc.yaml new file mode 100644 index 00000000000000..c56b44c4bc12a3 --- /dev/null +++ b/bitnami/scylladb/templates/headless-svc.yaml @@ -0,0 +1,38 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: intra + port: {{ .Values.containerPorts.intra }} + targetPort: intra + - name: tls + port: {{ .Values.containerPorts.tls }} + targetPort: tls + - name: jmx + port: {{ .Values.containerPorts.jmx }} + targetPort: jmx + - name: cql + port: {{ .Values.containerPorts.cql }} + targetPort: cql + - name: cql-shard + port: {{ .Values.containerPorts.cqlShard }} + targetPort: cql + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/bitnami/scylladb/templates/metrics-configmap.yaml b/bitnami/scylladb/templates/metrics-configmap.yaml new file mode 100644 index 00000000000000..6ba3c789204697 --- /dev/null +++ b/bitnami/scylladb/templates/metrics-configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-metrics-conf" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb-exporter + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + config.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.configuration "context" $) | nindent 4 }} diff --git a/bitnami/scylladb/templates/networkpolicy.yaml b/bitnami/scylladb/templates/networkpolicy.yaml new file mode 100644 index 00000000000000..0a68009d604590 --- /dev/null +++ b/bitnami/scylladb/templates/networkpolicy.yaml @@ -0,0 +1,102 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow connection to other cluster pods + - ports: + - port: {{ .Values.containerPorts.cql }} + - port: {{ .Values.containerPorts.cqlShard }} + - port: {{ .Values.containerPorts.jmx }} + - port: {{ .Values.containerPorts.tls }} + - port: {{ .Values.containerPorts.intra }} + {{- range .Values.extraContainerPorts }} + - port: {{ . }} + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.cql }} + - port: {{ .Values.containerPorts.cqlShard }} + - port: {{ .Values.containerPorts.tls }} + - port: {{ .Values.containerPorts.intra }} + {{- range .Values.extraContainerPorts }} + - port: {{ . }} + {{- end }} + {{- if .Values.jmxProxy.enabled }} + - port: {{ .Values.containerPorts.jmx }} + {{- range .Values.jmxProxy.extraContainerPorts }} + - port: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPorts.http }} + - port: {{ .Values.metrics.containerPorts.jmx }} + {{- range .Values.metrics.extraContainerPorts }} + - port: {{ . }} + {{- end }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/scylladb/templates/pdb.yaml b/bitnami/scylladb/templates/pdb.yaml new file mode 100644 index 00000000000000..f1363fd9a7a0dc --- /dev/null +++ b/bitnami/scylladb/templates/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} +{{- end }} diff --git a/bitnami/scylladb/templates/secret.yaml b/bitnami/scylladb/templates/secret.yaml new file mode 100644 index 00000000000000..8a6951a9ef85a9 --- /dev/null +++ b/bitnami/scylladb/templates/secret.yaml @@ -0,0 +1,25 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (not .Values.dbUser.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if ( not .Values.dbUser.forcePassword ) }} + scylladb-password: {{ include "common.secrets.passwords.manage" ( dict "secret" ( include "common.names.fullname" . ) "key" "scylladb-password" "providedValues" ( list "dbUser.password" ) "context" $ ) }} + {{- else }} + scylladb-password: {{ required "A password is required!" .Values.dbUser.password | b64enc | quote }} + {{- end }} +{{ end }} diff --git a/bitnami/scylladb/templates/service.yaml b/bitnami/scylladb/templates/service.yaml new file mode 100644 index 00000000000000..84716573577104 --- /dev/null +++ b/bitnami/scylladb/templates/service.yaml @@ -0,0 +1,71 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: cql + port: {{ .Values.service.ports.cql }} + targetPort: cql + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cql)) }} + nodePort: {{ .Values.service.nodePorts.cql }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: cql-shard + port: {{ .Values.service.ports.cqlShard }} + targetPort: cql-shard + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cqlShard)) }} + nodePort: {{ .Values.service.nodePorts.cqlShard }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: {{ .Values.service.ports.metrics }} + targetPort: metrics + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }} + nodePort: {{ .Values.service.nodePorts.metrics }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb diff --git a/bitnami/scylladb/templates/serviceaccount.yaml b/bitnami/scylladb/templates/serviceaccount.yaml new file mode 100644 index 00000000000000..afb20192f2060c --- /dev/null +++ b/bitnami/scylladb/templates/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "scylladb.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/bitnami/scylladb/templates/servicemonitor.yaml b/bitnami/scylladb/templates/servicemonitor.yaml new file mode 100644 index 00000000000000..80e40e23b13a00 --- /dev/null +++ b/bitnami/scylladb/templates/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default ( include "common.names.namespace" . ) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . }} +{{- end }} diff --git a/bitnami/scylladb/templates/statefulset.yaml b/bitnami/scylladb/templates/statefulset.yaml new file mode 100644 index 00000000000000..d73534884ab2dc --- /dev/null +++ b/bitnami/scylladb/templates/statefulset.yaml @@ -0,0 +1,761 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.statefulsetLabels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if or .Values.statefulsetAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.statefulsetAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + replicas: {{ .Values.replicaCount }} + updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podAnnotations }} + {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "scylladb.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "scylladb.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- end }} + {{- if or .Values.initContainers (include "scylladb.tlsEncryption" . ) (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "scylladb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/data + {{- if .Values.persistence.commitLogMountPath }} + mkdir -p {{ .Values.persistence.commitLogMountPath }}/commitlog + chmod 700 {{ .Values.persistence.commitLogMountPath }}/commitlog + {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.persistence.commitLogMountPath }} + - name: commitlog + mountPath: {{ .Values.persistence.commitLogMountPath }} + {{- end }} + {{- end }} + {{- if .Values.sysctl.enabled }} + - name: init-sysctl + image: {{ include "scylladb.sysctl.image" . }} + imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} + securityContext: + privileged: true + runAsUser: 0 + command: + - /bin/bash + args: + - -ec + - | + #!/bin/bash + + {{- range $key, $val := .Values.sysctl.sysctls }} + echo "Applying sysctl {{ $key }}={{ $val }}" + sysctl -w {{ $key }}={{ $val }} + {{- end }} + {{- if .Values.sysctl.resources }} + resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} + {{- else if ne .Values.sysctl.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.mountHostSys }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: host-sys + mountPath: /host-sys + {{- end }} + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: scylladb + image: {{ include "scylladb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + command: + - bash + - -ec + - | + # Node 0 is the password seeder + if [[ $POD_NAME =~ (.*)-0$ ]]; then + echo "Setting node as password seeder" + export SCYLLADB_PASSWORD_SEEDER=yes + else + # Only node 0 will execute the startup initdb scripts + export SCYLLADB_IGNORE_INITDB_SCRIPTS=1 + fi + /opt/bitnami/scripts/scylladb/entrypoint.sh /opt/bitnami/scripts/scylladb/run.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: SCYLLADB_CLUSTER_NAME + value: {{ .Values.cluster.name }} + - name: SCYLLADB_SEEDS + value: {{ (include "scylladb.seeds" .) | quote }} + - name: SCYLLADB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.dbUser.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.dbUser.existingSecret "key" "scylladb-password") }} + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SCYLLADB_USER + value: {{ .Values.dbUser.user | quote }} + - name: SCYLLADB_NUM_TOKENS + value: {{ .Values.cluster.numTokens | quote }} + - name: SCYLLADB_DATACENTER + value: {{ .Values.cluster.datacenter | quote }} + - name: SCYLLADB_ENDPOINT_SNITCH + value: {{ .Values.cluster.endpointSnitch | quote }} + {{- if (include "scylladb.tlsEncryption" . ) }} + - name: SCYLLADB_SSL_CERT_FILE + value: {{ include "scylladb.tlsCert" . | quote }} + - name: SCYLLADB_SSL_KEY_FILE + value: {{ include "scylladb.tlsCertKey" . | quote }} + {{- if (include "scylladb.tlsCACert" .) }} + - name: SCYLLADB_SSL_CA_FILE + value: {{ include "scylladb.tlsCACert" . | quote }} + {{- end }} + {{- end }} + {{- if ne "none" (include "scylladb.internode.tlsEncryption" .) }} + - name: SCYLLADB_INTERNODE_ENCRYPTION + value: {{ (include "scylladb.internode.tlsEncryption" .) | quote }} + {{- end }} + {{- if (include "scylladb.client.tlsEncryption" .) }} + - name: SCYLLADB_CLIENT_ENCRYPTION + value: "true" + {{- end }} + - name: SCYLLADB_RACK + value: {{ .Values.cluster.rack }} + {{- if or .Values.jvm.maxHeapSize (include "scylladb.memory.getLimitInM" .) }} + - name: MAX_HEAP_SIZE + value: {{ include "scylladb.memory.calculateMaxHeapSize" . | quote }} + {{- end }} + {{- if or .Values.jvm.newHeapSize (include "scylladb.memory.getLimitInM" .) }} + - name: HEAP_NEWSIZE + value: {{ include "scylladb.memory.calculateNewHeapSize" . | quote }} + {{- end }} + {{- if .Values.jvm.extraOpts }} + - name: JVM_EXTRA_OPTS + value: {{ .Values.jvm.extraOpts | quote }} + {{- end }} + {{- if .Values.cluster.enableUDF }} + - name: SCYLLADB_ENABLE_USER_DEFINED_FUNCTIONS + value: {{ .Values.cluster.enableUDF | quote }} + {{- end }} + - name: SCYLLADB_TRANSPORT_PORT_NUMBER + value: {{ .Values.containerPorts.intra | quote }} + - name: SCYLLADB_JMX_PORT_NUMBER + value: {{ .Values.containerPorts.jmx | quote }} + - name: SCYLLADB_CQL_PORT_NUMBER + value: {{ .Values.containerPorts.cql | quote }} + - name: SCYLLADB_API_PORT_NUMBER + value: {{ .Values.containerPorts.api | quote }} + - name: SCYLLADB_CQL_SHARD_PORT_NUMBER + value: {{ .Values.containerPorts.cqlShard | quote }} + {{- if .Values.persistence.commitLogMountPath }} + - name: SCYLLADB_COMMITLOG_DIR + value: {{ .Values.persistence.commitLogMountPath | quote }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: + {{- if .Values.jmxProxy.enabled }} + exec: + command: + - /bin/bash + - -ec + - | + nodetool info | grep "Native Transport active: true" + {{- else }} + tcpSocket: + port: cql + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: + {{- if .Values.jmxProxy.enabled }} + exec: + command: + - /bin/bash + - -ec + - | + nodetool info | grep "Native Transport active: true" + {{- else }} + tcpSocket: + port: cql + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: + {{- if .Values.jmxProxy.enabled }} + exec: + command: + - /bin/bash + - -ec + - | + nodetool info | grep "Native Transport active: true" + {{- else }} + tcpSocket: + port: cql + {{- end }} + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- end }} + {{- if and (not .Values.lifecycleHooks) .Values.jmxProxy.enabled }} + lifecycle: + preStop: + exec: + command: + - bash + - -ec + # After stopping the node, create a flag file so the JMX Proxy can stop + {{- if not .Values.persistence.enabled }} + - nodetool decommission && touch /tmp/.node_decommissioned + {{- else }} + - nodetool drain && touch /tmp/.node_decommissioned + {{- end }} + {{- else if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + ports: + - name: intra + containerPort: {{ .Values.containerPorts.intra }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.intra }} + {{- else if .Values.hostPorts.intra }} + hostPort: {{ .Values.hostPorts.intra }} + {{- end }} + - name: jmx + containerPort: {{ .Values.containerPorts.jmx }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.jmx }} + {{- else if .Values.hostPorts.jmx }} + hostPort: {{ .Values.hostPorts.jmx }} + {{- end }} + {{- if (ne (include "scylladb.internode.tlsEncryption" .) "none") }} + - name: tls + containerPort: {{ .Values.containerPorts.tls }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.tls }} + {{- else if .Values.hostPorts.tls }} + hostPort: {{ .Values.hostPorts.tls }} + {{- end }} + {{- end }} + - name: cql + containerPort: {{ .Values.containerPorts.cql }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.cql }} + {{- else if .Values.hostPorts.cql }} + hostPort: {{ .Values.hostPorts.cql }} + {{- end }} + - name: cql-shard + containerPort: {{ .Values.containerPorts.cqlShard }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.cqlShard }} + {{- else if .Values.hostPorts.cqlShard }} + hostPort: {{ .Values.hostPorts.cqlShard }} + {{- end }} + - name: api + containerPort: {{ .Values.containerPorts.api }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.api }} + {{- else if .Values.hostPorts.api }} + hostPort: {{ .Values.hostPorts.api }} + {{- end }} + {{- if .Values.extraContainerPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.resources }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.commitLogMountPath }} + - name: commitlog + mountPath: {{ .Values.persistence.commitLogMountPath }} + {{- end }} + {{- if (include "scylladb.tlsEncryption" . ) }} + - name: certs + mountPath: /bitnami/scylladb/certs + {{- end }} + {{- if .Values.initDBConfigMap }} + - name: init-db-cm + mountPath: /docker-entrypoint-initdb.d/configmap + {{- end }} + {{- if .Values.initDBSecret }} + - name: init-db-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{ if .Values.existingConfiguration }} + - name: configurations + mountPath: {{ printf "%s/etc" .Values.persistence.mountPath }} + {{- end }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/scylladb/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/scylladb/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/scylladb/logs + subPath: app-logs-dir + - name: empty-dir + mountPath: /.cassandra + subPath: app-cqlsh-tmp-dir + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.jmxProxy.enabled }} + - name: scylladb-jmx-proxy + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.jmxProxy.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.command "context" $) | nindent 12 }} + {{- else }} + command: + - /opt/bitnami/scylladb/supervisor/scylla-jmx.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.jmxProxy.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.args "context" $) | nindent 12 }} + {{- end }} + image: {{ include "scylladb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.jmxProxy.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.jmxProxy.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + env: + {{- if or .Values.jvm.maxHeapSize (include "scylladb.memory.getLimitInM" .) }} + - name: MAX_HEAP_SIZE + value: {{ include "scylladb.memory.calculateMaxHeapSize" . | quote }} + {{- end }} + {{- if or .Values.jvm.newHeapSize (include "scylladb.memory.getLimitInM" .) }} + - name: HEAP_NEWSIZE + value: {{ include "scylladb.memory.calculateNewHeapSize" . | quote }} + {{- end }} + {{- if .Values.jvm.extraOpts }} + - name: JVM_EXTRA_OPTS + value: {{ .Values.jvm.extraOpts | quote }} + {{- end }} + - name: SCYLLA_JMX_PORT + value: {{ printf "-jp %d" (int .Values.containerPorts.jmx) | quote }} + - name: SCYLLA_API_PORT + value: {{ printf "-p %d" (int .Values.containerPorts.api) | quote }} + {{- if .Values.jmxProxy.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.jmxProxy.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.jmxProxy.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.jmxProxy.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.jmxProxy.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.jmxProxy.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.jmxProxy.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - pgrep + - -f + - scylla-jmx + initialDelaySeconds: {{ .Values.jmxProxy.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.jmxProxy.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.jmxProxy.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.jmxProxy.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.jmxProxy.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.jmxProxy.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.jmxProxy.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - pgrep + - -f + - scylla-jmx + initialDelaySeconds: {{ .Values.jmxProxy.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.jmxProxy.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.jmxProxy.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.jmxProxy.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.jmxProxy.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.jmxProxy.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.jmxProxy.startupProbe.enabled }} + startupProbe: + exec: + command: + - pgrep + - scylla-jmx + initialDelaySeconds: {{ .Values.jmxProxy.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.jmxProxy.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.jmxProxy.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.jmxProxy.startupProbe.successThreshold }} + failureThreshold: {{ .Values.jmxProxy.startupProbe.failureThreshold }} + {{- end }} + {{- if not .Values.jmxProxy.lifecycleHooks }} + lifecycle: + # Wait for the scylladb decommission to take place before stopping the JMX proxy + preStop: + exec: + command: + - bash + - -ec + - until [[ -f /tmp/.node_decommissioned ]]; do sleep 1; done && rm /tmp/.node_decommissioned + {{- else if .Values.jmxProxy.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.jmxProxy.extraContainerPorts }} + ports: {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.jmxProxy.resources }} + resources: {{ toYaml .Values.jmxProxy.resources | nindent 12 }} + {{- else if ne .Values.jmxProxy.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.jmxProxy.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.jmxProxy.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.jmxProxy.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "scylladb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPorts.http }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.metrics.containerPorts.http }} + {{- else if .Values.metrics.hostPorts.http }} + hostPort: {{ .Values.metrics.hostPorts.http }} + {{- end }} + protocol: TCP + - name: jmx + containerPort: {{ .Values.metrics.containerPorts.jmx }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.metrics.containerPorts.jmx }} + {{- else if .Values.metrics.hostPorts.jmx }} + hostPort: {{ .Values.metrics.hostPorts.jmx }} + {{- end }} + {{- if .Values.metrics.extraContainerPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.metrics.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.startupProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.startupProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.startupProbe.successThreshold }} + {{- end }} + {{- if .Values.metrics.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + volumeMounts: + - name: metrics-conf + mountPath: /opt/bitnami/cassandra-exporter/config.yml + subPath: config.yml + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.metrics.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: metrics-conf + configMap: + name: {{ include "scylladb.metricsConfConfigMap" . }} + {{- if (include "scylladb.tlsEncryption" . ) }} + - name: certs + secret: + secretName: {{ include "scylladb.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if .Values.existingConfiguration }} + - name: configurations + configMap: + name: {{ tpl .Values.existingConfiguration $ }} + {{- end }} + - name: empty-dir + emptyDir: {} + {{- if .Values.initDBConfigMap }} + - name: init-db-cm + configMap: + name: {{ tpl .Values.initDBConfigMap $ }} + {{- end }} + {{- if .Values.initDBSecret }} + - name: init-db-secret + secret: + secretName: {{ tpl .Values.initDBSecret $ }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.persistence.existingClaim $ }} + {{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.persistence.commitLogMountPath }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: commitlog + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.commitLogsize | quote }} + {{- include "scylladb.commitstorage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- end }} + {{- end }} diff --git a/bitnami/scylladb/templates/tls-secret.yaml b/bitnami/scylladb/templates/tls-secret.yaml new file mode 100644 index 00000000000000..3c51fc998b0613 --- /dev/null +++ b/bitnami/scylladb/templates/tls-secret.yaml @@ -0,0 +1,32 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "scylladb.createTlsSecret" . ) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- $ca := genCA "scylladb-ca" 365 }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := include "common.names.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $serviceName := include "common.names.fullname" . }} +{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "localhost" "127.0.0.1" $fullname }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: scylladb + app.kubernetes.io/component: scylladb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} diff --git a/bitnami/scylladb/values.yaml b/bitnami/scylladb/values.yaml new file mode 100644 index 00000000000000..5729651aa7e08a --- /dev/null +++ b/bitnami/scylladb/values.yaml @@ -0,0 +1,1212 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters +## + +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param commonLabels Labels to add to all deployed objects (sub-charts are not considered) +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity +## @section Scylladb parameters +## + +## Bitnami Scylladb image +## ref: https://hub.docker.com/r/bitnami/scylladb/tags/ +## @param image.registry [default: REGISTRY_NAME] Scylladb image registry +## @param image.repository [default: REPOSITORY_NAME/scylladb] Scylladb image repository +## @skip image.tag Scylladb image tag (immutable tags are recommended) +## @param image.digest Scylladb image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy image pull policy +## @param image.pullSecrets Scylladb image pull secrets +## @param image.debug Enable image debug mode +## +image: + registry: docker.io + # TODO: Change the image once it is published + repository: javsalgar/scylla-test + tag: 11 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false +## Secret with keystore, keystore password, truststore, truststore password +## DEPRECATED. Use tls.existingSecret instead +# tlsEncryptionSecretName: + +## Database credentials +## @param dbUser.user Scylladb admin user +## @param dbUser.forcePassword Force the user to provide a non +## @param dbUser.password Password for `dbUser.user`. Randomly generated if empty +## @param dbUser.existingSecret Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) +## +dbUser: + user: cassandra + forcePassword: false + password: "" + ## Use an existing secrets which already stores your password data. + ## for backwards compatibility, existingSecret can be a simple string, + ## referencing the secret by name. + ## existingSecret: + ## ## Name of the existing secret + ## ## + ## name: mySecret + ## ## Key mapping where is the value which the deployment is expecting and + ## ## is the name of the key in the existing secret. + ## ## + ## keyMapping: + ## scylladb-password: myScylladbPasswordKey + ## + existingSecret: "" +## @param initDBConfigMap ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data +## +initDBConfigMap: "" +## @param initDBSecret Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data +## +initDBSecret: "" +## @param existingConfiguration ConfigMap with custom scylladb configuration files. This overrides any other Scylladb configuration set in the chart +## +existingConfiguration: "" +## Cluster parameters +## @param cluster.name Scylladb cluster name +## @param cluster.seedCount Number of seed nodes +## @param cluster.numTokens Number of tokens for each node +## @param cluster.datacenter Datacenter name +## @param cluster.rack Rack name +## @param cluster.endpointSnitch Endpoint Snitch +## @param cluster.extraSeeds For an external/second scylladb ring. +## @param cluster.enableUDF Enable User defined functions +## +cluster: + name: scylladb + seedCount: 1 + numTokens: 256 + datacenter: dc1 + rack: rack1 + endpointSnitch: SimpleSnitch + ## eg: + ## extraSeeds: + ## - hostname/IP + ## - hostname/IP + ## + extraSeeds: [] + enableUDF: false +## JVM Settings +## @param jvm.extraOpts Set the value for Java Virtual Machine extra options +## @param jvm.maxHeapSize Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` +## @param jvm.newHeapSize Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` +## +jvm: + extraOpts: "" + ## Memory settings: These are calculated automatically unless specified otherwise + ## To run on environments with little resources (<= 8GB), tune your heap settings: + ## - calculate 1/2 ram and cap to 1024MB + ## - calculate 1/4 ram and cap to 8192MB + ## - pick the max + ## + maxHeapSize: "" + ## newHeapSize: + ## A good guideline is 100 MB per CPU core. + ## - min(100 * num_cores, 1/4 * heap size) + ## ref: https://docs.datastax.com/en/archived/scylladb/2.0/scylladb/operations/ops_tune_jvm_c.html + ## + newHeapSize: "" +## @param command Command for running the container (set to default if not set). Use array form +## +command: [] +## @param args Args for running the container (set to default if not set). Use array form +## +args: [] +## @param extraEnvVars Extra environment variables to be set on scylladb container +## For example: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" +## @section Statefulset parameters +## + +## @param replicaCount Number of Scylladb replicas +## +replicaCount: 1 +## @param updateStrategy.type updateStrategy for Scylladb statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param podManagementPolicy StatefulSet pod management policy +## +podManagementPolicy: OrderedReady +## @param priorityClassName Scylladb pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param podAnnotations Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param statefulsetLabels Labels for statefulset +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +statefulsetLabels: {} +## @param statefulsetAnnotations Annotations for statefulset +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +statefulsetAnnotations: {} +## @param podLabels Additional pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## Pod security context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled Scylladb pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Set Scylladb pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled Scylladb containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set Scylladb containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set Scylladb containers' Security Context runAsGroup +## @param containerSecurityContext.allowPrivilegeEscalation Set Scylladb containers' Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop Set Scylladb containers' Security Context capabilities to be dropped +## @param containerSecurityContext.readOnlyRootFilesystem Set Scylladb containers' Security Context readOnlyRootFilesystem +## @param containerSecurityContext.runAsNonRoot Set Scylladb containers' Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + readOnlyRootFilesystem: true +## Scylladb pods' resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## Minimum memory for development is 4GB and 2 CPU cores +## Minimum memory for production is 8GB and 4 CPU cores +## ref: http://docs.datastax.com/en/archived/scylladb/2.0/scylladb/architecture/architecturePlanningHardware_c.html +## +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "large" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} +## Configure extra options for Scylladb containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 30 + successThreshold: 1 + failureThreshold: 5 +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 30 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe [object] Override default startup probe +## +customStartupProbe: {} +## @param lifecycleHooks [object] Override default container hooks +## +lifecycleHooks: {} +## @param schedulerName Alternative scheduler +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds In seconds, time the given to the Scylladb pod needs to terminate gracefully +## ScyllaDB requires more time to have the node drained that's why we're setting a default value +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param extraVolumes Optionally specify extra list of additional volumes for scylladb container +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for scylladb container +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the scylladb pods +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the scylladb pods +## +sidecars: [] +## Scylladb Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Mininimum number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction + ## + maxUnavailable: "" +## @param hostNetwork Enable HOST Network +## If hostNetwork true -> dnsPolicy is set to ClusterFirstWithHostNet +## +hostNetwork: false +## Scylladb container ports to open +## If hostNetwork true: the hostPort is set identical to the containerPort +## @param containerPorts.intra Intra Port on the Host and Container +## @param containerPorts.tls TLS Port on the Host and Container +## @param containerPorts.jmx JMX Port on the Host and Container +## @param containerPorts.cql CQL Port on the Host and Container +## @param containerPorts.cqlShard CQL Port (Shard) on the Host and Container +## @param containerPorts.api REST API port on the Host and Container +## +containerPorts: + intra: 7000 + tls: 7001 + jmx: 7199 + cql: 9042 + cqlShard: 19042 + api: 10000 +## @param extraContainerPorts Optionally specify extra list of additional ports for the container +## e.g: +## extraContainerPorts: +## - name: myservice +## containerPort: 9090 +## +extraContainerPorts: [] +## Scylladb ports to be exposed as hostPort +## If hostNetwork is false, only the ports specified here will be exposed (or not if set to an empty string) +## @param hostPorts.intra Intra Port on the Host +## @param hostPorts.tls TLS Port on the Host +## @param hostPorts.jmx JMX Port on the Host +## @param hostPorts.cql CQL Port on the Host +## @param hostPorts.cqlShard CQL (Sharded) Port on the Host +## @param hostPorts.api REST API Port on the Host +## +hostPorts: + intra: "" + tls: "" + jmx: "" + cql: "" + cqlShard: "" + api: "" + +## @section JMX Proxy Deployment Parameters +## +jmxProxy: + ## @param jmxProxy.enabled Enable JMX Proxy sidecar + ## + enabled: true + ## @param jmxProxy.extraEnvVars Array with extra environment variables to add to JMX Proxy sidecar + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param jmxProxy.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for JMX Proxy sidecar + ## + extraEnvVarsCM: "" + ## @param jmxProxy.extraEnvVarsSecret Name of existing Secret containing extra env vars for JMX Proxy sidecar + ## + extraEnvVarsSecret: "" + ## @param jmxProxy.command Override default container command (useful when using custom images) + ## + command: [] + ## @param jmxProxy.args Override default container args (useful when using custom images) + ## + args: [] + ## Configure extra options for JMX Proxy containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param jmxProxy.livenessProbe.enabled Enable livenessProbe on JMX Proxy sidecar + ## @param jmxProxy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param jmxProxy.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param jmxProxy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param jmxProxy.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param jmxProxy.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param jmxProxy.readinessProbe.enabled Enable readinessProbe on JMX Proxy sidecar + ## @param jmxProxy.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param jmxProxy.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param jmxProxy.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param jmxProxy.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param jmxProxy.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param jmxProxy.startupProbe.enabled Enable startupProbe on JMX Proxy containers + ## @param jmxProxy.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param jmxProxy.startupProbe.periodSeconds Period seconds for startupProbe + ## @param jmxProxy.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param jmxProxy.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param jmxProxy.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param jmxProxy.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param jmxProxy.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param jmxProxy.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## JMX Proxy resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param jmxProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if jmxProxy.resources is set (jmxProxy.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param jmxProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param jmxProxy.containerSecurityContext.enabled Enabled containers' Security Context + ## @param jmxProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param jmxProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param jmxProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param jmxProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param jmxProxy.containerSecurityContext.privileged Set container's Security Context privileged + ## @param jmxProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param jmxProxy.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param jmxProxy.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param jmxProxy.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## @param jmxProxy.lifecycleHooks for the JMX Proxy container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param jmxProxy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the JMX Proxy container(s) + ## + extraVolumeMounts: [] + ## @param jmxProxy.extraContainerPorts Optionally specify extra list of additional ports for the container + ## e.g: + ## extraContainerPorts: + ## - name: myservice + ## containerPort: 9090 + ## + extraContainerPorts: [] + +## @section RBAC parameters +## + +## Scylladb pods ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Scylladb pods + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the scylladb.fullname template + ## + name: "" + ## @param serviceAccount.annotations Annotations for Scylladb Service Account + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. + ## + automountServiceAccountToken: false +## @section Traffic Exposure Parameters +## + +## Scylladb service parameters +## +service: + ## @param service.type Scylladb service type + ## + type: ClusterIP + ## @param service.ports.cql Scylladb service CQL Port + ## @param service.ports.cqlShard Scylladb service CQL Port (sharded) + ## @param service.ports.metrics Scylladb service metrics port + ## + ports: + cql: 9042 + cqlShard: 19042 + metrics: 8080 + ## Node ports to expose + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## @param service.nodePorts.cql Node port for CQL + ## @param service.nodePorts.cqlShard Node port for CQL (sharded) + ## @param service.nodePorts.metrics Node port for metrics + ## + nodePorts: + cql: "" + cqlShard: "" + metrics: "" + ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.loadBalancerIP LoadBalancerIP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.clusterIP Service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalTrafficPolicy Service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Provide any additional annotations which may be required. + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param service.headless.annotations Annotations for the headless service. + ## + annotations: {} +## Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable Scylladb data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## @param persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param persistence.storageClass PVC Storage Class for Scylladb data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.commitStorageClass PVC Storage Class for Scylladb Commit Log volume + ## Storage class to use with SCYLLADB_COMMITLOG_DIR to reduce the concurrence for writing data and commit logs + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/scylladb + ## If set to "-", commitStorageClass: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + commitStorageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for Scylladb data volume + ## + size: 8Gi + ## @param persistence.commitLogsize PVC Storage Request for Scylladb commit log volume. Unset by default + ## + commitLogsize: 2Gi + ## @param persistence.mountPath The path the data volume will be mounted at + ## + mountPath: /bitnami/scylladb + ## @param persistence.commitLogMountPath The path the commit log volume will be mounted at. Unset by default. Set it to '/bitnami/scylladb/commitlog' to enable a separate commit log volume + ## + # commitLogMountPath: /bitnami/scylladb/commitlog + commitLogMountPath: "" +## @section Volume Permissions parameters +## + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume image repository + ## @skip volumePermissions.image.tag Init container volume image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r20 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param volumePermissions.securityContext.runAsUser User ID for the init container + ## + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + seLinuxOptions: {} + runAsUser: 0 +## @section Metrics parameters +## + +## Scylladb Prometheus exporter configuration +## +metrics: + ## @param metrics.enabled Start a side-car prometheus exporter + ## + enabled: false + ## Bitnami Scylladb Exporter image + ## ref: https://hub.docker.com/r/bitnami/scylladb-exporter/tags/ + ## @param metrics.image.registry [default: REGISTRY_NAME] Scylladb exporter image registry + ## @param metrics.image.repository [default: REPOSITORY_NAME/scylladb-exporter] Scylladb exporter image name + ## @skip metrics.image.tag Scylladb exporter image tag + ## @param metrics.image.digest Scylladb exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/cassandra-exporter + tag: 2.3.8-debian-12-r21 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.command Command for running the container (set to default if not set). Use array form + ## + command: [] + ## @param metrics.args Args for running the container (set to default if not set). Use array form + ## + args: [] + ## Scylladb Prometheus exporter resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param metrics.livenessProbe.enabled Enable liveness probe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 45 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.readinessProbe.enabled Enable readiness probe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 45 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.startupProbe.enabled Enable startup probe + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 45 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe [object] Override default startup probe + ## + customStartupProbe: {} + ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for scylladb-exporter container + ## + extraVolumeMounts: [] + ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + ## @param metrics.lifecycleHooks [object] Override default container hooks + ## + lifecycleHooks: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: monitoring + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + relabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## @param metrics.serviceMonitor.labels Used to pass Labels that are required by the installed Prometheus Operator + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + labels: {} + ## Metrics container ports to open + ## If hostNetwork true: the hostPort is set identical to the containerPort + ## @param metrics.containerPorts.http HTTP Port on the Host and Container + ## @param metrics.containerPorts.jmx JMX Port on the Host and Container + ## + containerPorts: + http: 8080 + jmx: 5555 + ## @param metrics.extraContainerPorts Optionally specify extra list of additional ports for the container + ## e.g: + ## extraContainerPorts: + ## - name: myservice + ## containerPort: 9090 + ## + extraContainerPorts: [] + ## Metrics ports to be exposed as hostPort + ## If hostNetwork is false, only the ports specified here will be exposed (or not if set to an empty string) + ## @param metrics.hostPorts.http HTTP Port on the Host + ## @param metrics.hostPorts.jmx JMX Port on the Host + ## + hostPorts: + http: "" + jmx: "" + ## @param metrics.configuration [string] Configure Scylladb-exporter with a custom config.yml file + ## ref: https://github.com/criteo/scylladb_exporter/blob/master/config.yml + ## + configuration: | + host: localhost:{{ .Values.containerPorts.jmx }} + ssl: False + user: + password: + listenPort: {{ .Values.metrics.containerPorts.http }} + blacklist: + # To profile the duration of jmx call you can start the program with the following options + # > java -Dorg.slf4j.simpleLogger.defaultLogLevel=trace -jar scylladb_exporter.jar config.yml --oneshot + # + # To get intuition of what is done by scylladb when something is called you can look in scylladb + # https://github.com/apache/scylladb/tree/trunk/src/java/org/apache/scylladb/metrics + # Please avoid to scrape frequently those calls that are iterating over all sstables + + # Unaccessible metrics (not enough privilege) + - java:lang:memorypool:.*usagethreshold.* + + # Leaf attributes not interesting for us but that are presents in many path + - .*:999thpercentile + - .*:95thpercentile + - .*:fifteenminuterate + - .*:fiveminuterate + - .*:durationunit + - .*:rateunit + - .*:stddev + - .*:meanrate + - .*:mean + - .*:min + + # Path present in many metrics but uninterresting + - .*:viewlockacquiretime:.* + - .*:viewreadtime:.* + - .*:cas[a-z]+latency:.* + - .*:colupdatetimedeltahistogram:.* + + # Mostly for RPC, do not scrap them + - org:apache:scylladb:db:.* + + # columnfamily is an alias for Table metrics + # https://github.com/apache/scylladb/blob/8b3a60b9a7dbefeecc06bace617279612ec7092d/src/java/org/apache/scylladb/metrics/TableMetrics.java#L162 + - org:apache:scylladb:metrics:columnfamily:.* + + # Should we export metrics for system keyspaces/tables ? + - org:apache:scylladb:metrics:[^:]+:system[^:]*:.* + + # Don't scrap us + - com:criteo:nosql:scylladb:exporter:.* + + maxScrapFrequencyInSec: + 50: + - .* + + # Refresh those metrics only every hour as it is costly for scylladb to retrieve them + 3600: + - .*:snapshotssize:.* + - .*:estimated.* + - .*:totaldiskspaceused:.* +## @section TLS/SSL parameters +## + +## TLS/SSL parameters +## @param tls.internodeEncryption Set internode encryption +## @param tls.clientEncryption Set client-server encryption +## @param tls.autoGenerated Generate automatically self-signed TLS certificates +## @param tls.existingSecret Existing secret that contains TLS certificates +## @param tls.certFilename The secret key from the existingSecret if 'cert' key different from the default (tls.crt) +## @param tls.certKeyFilename The secret key from the existingSecret if 'key' key different from the default (tls.key) +## @param tls.certCAFilename The secret key from the existingSecret if 'ca' key different from the default (ca.crt) +## +tls: + internodeEncryption: none + clientEncryption: false + autoGenerated: true + existingSecret: "" + certFilename: tls.crt + certKeyFilename: tls.key + certCAFilename: "" + +## init-sysctl container parameters +## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) +## +sysctl: + ## @param sysctl.enabled Enable init container to modify Kernel settings + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param sysctl.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param sysctl.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip sysctl.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param sysctl.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param sysctl.image.pullPolicy OS Shell + Utility image pull policy + ## @param sysctl.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r19 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param sysctl.sysctls [object] Map with sysctl settings to change. These are translated to sysctl -w = + ## + sysctls: + "fs.aio-max-nr": "30000000" + ## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys` + ## + mountHostSys: false + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {}