Skip to content

C
charts
Commit b33e8e21 by Keith McClellan
Options

Initial commit

Clones Helm chart and adds app-readme.md and questions.yml with minimal support for Rancher advanced config Updates as requested Update questions.yml change questions.yml formatting Update questions.yml move categories out of questions block
parent 15a62ebc
Showing with 738 additions and 0 deletions
charts/cockroachdb/19.1.5/Chart.yaml 0 → 100755
apiVersion: v1
name: cockroachdb
home: https://www.cockroachlabs.com
version: 2.1.16
appVersion: 19.1.5
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
sources:
- https://github.com/cockroachdb/cockroach
maintainers:
- name: a-robinson
email: alexdwanerobinson@gmail.com
- name: DuskEagle
email: Joel.A.Kenny@gmail.com
- name: joshimhoff
email: joshimhoff13@gmail.com
- name: keith-mcclellan
email: keith.mcclellan@gmail.com
charts/cockroachdb/19.1.5/OWNERS 0 → 100644
approvers:
- a-robinson
- DuskEagle
- joshimhoff
- keith-mcclellan
reviewers:
- a-robinson
- DuskEagle
- joshimhoff
- keith-mcclellan
charts/cockroachdb/19.1.5/app-readme.md 0 → 100644
# CockroachDB Chart
CockroachDB is a Distributed SQL database that runs natively in Kubernetes. It gives you resilient, horizontal scale across multiple clouds with always-on availability and data partitioned by location.
CockroachDB scales horizontally without reconfiguration or need for a massive architectural overhaul. Simply add a new node to the cluster and CockroachDB takes care of the underlying complexity.
- Scale by simply adding new nodes to a CockroachDB cluster
- Automate balancing and distribution of ranges, not shards
- Optimize server utilization evenly across all nodes
charts/cockroachdb/19.1.5/questions.yml 0 → 100644
labels:
- io.rancher.certified: partner
categories:
- Config
questions:
default: 100Gi
description: "Size of volume for each CockroachDB Node/Pod"
group: Config
label: "Storage per Node/Pod"
required: true
type: string
variable: Storage
charts/cockroachdb/19.1.5/templates/NOTES.txt 0 → 100644
CockroachDB can be accessed via port {{ .Values.ExternalGrpcPort }} at the
following DNS name from within your cluster:
{{ .Release.Name }}-public.{{ .Release.Namespace }}.svc.cluster.local
Because CockroachDB supports the PostgreSQL wire protocol, you can connect to
the cluster using any available PostgreSQL client.
{{- if not .Values.Secure.Enabled }}
For example, you can open up a SQL shell to the cluster by running:
kubectl run -it --rm cockroach-client \
--image=cockroachdb/cockroach \
--restart=Never \{{- if and (.Values.NetworkPolicy.Enabled) (not .Values.NetworkPolicy.AllowExternal) }}
--labels="{{.Release.Name}}-{{.Values.Component}}-client=true" \{{- end }}
--command -- ./cockroach sql --insecure --host {{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-public.{{ .Release.Namespace }}
From there, you can interact with the SQL shell as you would any other SQL shell,
confident that any data you write will be safe and available even if parts of
your cluster fail.
{{- else }}
Note that because the cluster is running in secure mode, any client application
that you attempt to connect will either need to have a valid client certificate
or a valid username and password.
{{- end }}
{{- if and (.Values.NetworkPolicy.Enabled) (not .Values.NetworkPolicy.AllowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
{{.Release.Name}}-{{.Values.Component}}-client=true"
will be able to connect to this cockroachdb cluster.
{{- end }}
Finally, to open up the CockroachDB admin UI, you can port-forward from your
local machine into one of the instances in the cluster:
kubectl port-forward {{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-0 {{ .Values.InternalHttpPort }}
{{- if not .Values.Secure.Enabled }}
Then you can access the admin UI at http://localhost:{{ .Values.InternalHttpPort }}/ in your web browser.
{{- else }}
Then you can access the admin UI at https://localhost:{{ .Values.InternalHttpPort }}/ in your web browser.
{{- end }}
For more information on using CockroachDB, please see the project's docs at
https://www.cockroachlabs.com/docs/
charts/cockroachdb/19.1.5/templates/_helpers.tpl 0 → 100644
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "cockroachdb.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "cockroachdb.serviceAccountName" -}}
{{- if .Values.Secure.ServiceAccount.Create -}}
{{ default (printf "%s-%s" .Release.Name .Values.Name | trunc 56) .Values.Secure.ServiceAccount.Name }}
{{- else -}}
{{ default "default" .Values.Secure.ServiceAccount.Name }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for StatefulSets
*/}}
{{- define "statefulset.apiVersion" -}}
{{- if semverCompare "<1.12-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
charts/cockroachdb/19.1.5/templates/cluster-init.yaml 0 → 100644
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-init"
labels:
heritage: {{.Release.Service | quote }}
release: {{.Release.Name | quote }}
chart: "{{.Chart.Name}}-{{.Chart.Version}}"
spec:
template:
metadata:
{{- if and (.Values.NetworkPolicy.Enabled) (not .Values.NetworkPolicy.AllowExternal) }}
labels:
{{.Release.Name}}-{{.Values.Component}}-client: "true"
{{- end }}
{{- if .Values.ExtraInitAnnotations }}
annotations:
{{ toYaml .Values.ExtraInitAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.Secure.Enabled }}
serviceAccountName: {{ template "cockroachdb.serviceAccountName" . }}
initContainers:
# The init-certs container sends a certificate signing request to the
# kubernetes cluster.
# You can see pending requests using: kubectl get csr
# CSRs can be approved using: kubectl certificate approve <csr name>
#
# In addition to the client certificate and key, the init-certs entrypoint will symlink
# the cluster CA to the certs directory.
- name: init-certs
image: "{{ .Values.Secure.RequestCertsImage }}:{{ .Values.Secure.RequestCertsImageTag }}"
imagePullPolicy: "{{ .Values.ImagePullPolicy }}"
command:
- "/bin/ash"
- "-ecx"
- "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=client -user=root -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: client-certs
mountPath: /cockroach-certs
{{- end }}
containers:
- name: cluster-init
image: "{{ .Values.Image }}:{{ .Values.ImageTag }}"
imagePullPolicy: "{{ .Values.ImagePullPolicy }}"
resources:
{{ toYaml .Values.InitPodResources | indent 10 }}
{{- if .Values.Secure.Enabled }}
volumeMounts:
- name: client-certs
mountPath: /cockroach-certs
{{- end }}
# Run the command in an `until` loop because this job is bound to come
# up before the cockroach pods (due to the time needed to get
# persistent volumes attached to nodes), and sleeping 5 seconds between
# attempts is much better than letting the pod fail when the init
# command does and waiting out Kubernetes' non-configurable exponential
# backoff for pod restarts.
command:
- "/bin/bash"
- "-ecx"
- "until /cockroach/cockroach init {{ if .Values.Secure.Enabled }}--certs-dir=/cockroach-certs{{ else }}--insecure{{ end }} --host={{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-0.{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }} --port {{ .Values.InternalGrpcPort }}; do sleep 5; done"
restartPolicy: OnFailure
{{- if .Values.Secure.Enabled }}
volumes:
- name: client-certs
emptyDir: {}
{{- end }}
charts/cockroachdb/19.1.5/templates/clusterrole.yaml 0 → 100644
{{- if .Values.Secure.Enabled }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
rules:
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- create
- get
- watch
{{- end }}
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/clusterrolebinding.yaml 0 → 100644
{{- if .Values.Secure.Enabled }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
subjects:
- kind: ServiceAccount
name: {{ template "cockroachdb.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/networkpolicy.yaml 0 → 100644
{{- if .Values.NetworkPolicy.Enabled }}
kind: NetworkPolicy
apiVersion: {{ template "cockroachdb.networkPolicy.apiVersion" . }}
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
spec:
podSelector:
matchLabels:
component: "{{.Release.Name}}-{{.Values.Component}}"
ingress:
- ports:
- port: {{ .Values.ExternalGrpcPort}}
{{- if not .Values.NetworkPolicy.AllowExternal }}
from:
# Allow clients to connect.
- podSelector:
matchLabels:
{{.Release.Name}}-{{.Values.Component}}-client: "true"
# Allow other cockroachdb's to connect to form cluster.
- podSelector:
matchLabels:
component: "{{.Release.Name}}-{{.Values.Component}}"
{{- end }}
{{- if ne .Values.InternalGrpcPort .Values.ExternalGrpcPort }}
- ports:
- port: {{ .Values.InternalGrpcPort}}
from:
# Allow other cockroachdb's to connect to form cluster.
- podSelector:
matchLabels:
component: "{{.Release.Name}}-{{.Values.Component}}"
{{- end }}
# Allow connections to admin UI.
- ports:
- port: {{.Values.ExternalHttpPort}}
# Allow connections from Prometheus.
- ports:
- port: {{.Values.ExternalHttpPort}}
{{- end }}
charts/cockroachdb/19.1.5/templates/pdb.yaml 0 → 100644
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-budget"
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
spec:
selector:
matchLabels:
component: "{{ .Release.Name }}-{{ .Values.Component }}"
maxUnavailable: {{ .Values.MaxUnavailable }}
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/role.yaml 0 → 100644
{{- if .Values.Secure.Enabled }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
{{- end }}
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/rolebinding.yaml 0 → 100644
{{- if .Values.Secure.Enabled }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
subjects:
- kind: ServiceAccount
name: {{ template "cockroachdb.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/service-discovery.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
# This service only exists to create DNS entries for each pod in the stateful
# set such that they can resolve each other's IP addresses. It does not
# create a load-balanced ClusterIP and should not be used directly by clients
# in most circumstances.
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
{{- if .Values.ServiceDiscovery.labels }}
{{ toYaml .Values.ServiceDiscovery.labels | indent 4 }}
{{- end }}
annotations:
# Use this annotation in addition to the actual field below because the
# annotation will stop being respected soon but the field is broken in
# some versions of Kubernetes:
# https://github.com/kubernetes/kubernetes/issues/58662
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
# Enable automatic monitoring of all instances when Prometheus is running in the cluster.
prometheus.io/scrape: "true"
prometheus.io/path: "_status/vars"
prometheus.io/port: "{{ .Values.ExternalHttpPort }}"
spec:
ports:
- port: {{ .Values.ExternalGrpcPort }}
targetPort: {{ .Values.InternalGrpcPort }}
name: {{ .Values.ExternalGrpcName }}
# The secondary port serves the UI as well as health and debug endpoints.
- port: {{ .Values.ExternalHttpPort }}
targetPort: {{ .Values.InternalHttpPort }}
name: {{ .Values.HttpName }}
{{- if ne .Values.InternalGrpcPort .Values.ExternalGrpcPort }}
- port: {{ .Values.InternalGrpcPort }}
targetPort: {{ .Values.InternalGrpcPort }}
name: {{ .Values.InternalGrpcName }}
{{- end }}
# We want all pods in the StatefulSet to have their addresses published for
# the sake of the other CockroachDB pods even before they're ready, since they
# have to be able to talk to each other in order to become ready.
publishNotReadyAddresses: true
clusterIP: None
selector:
component: "{{ .Release.Name }}-{{ .Values.Component }}"
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
# This service is meant to be used by clients of the database. It exposes a ClusterIP that will
# automatically load balance connections to the different database pods.
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-public"
annotations:
{{ toYaml .Values.Service.annotations | indent 4 }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
{{- if .Values.Service.labels }}
{{ toYaml .Values.Service.labels | indent 4 }}
{{- end }}
spec:
type: {{ .Values.Service.type }}
ports:
# The main port, served by gRPC, serves Postgres-flavor SQL, internode
# traffic and the cli.
- port: {{ .Values.ExternalGrpcPort }}
targetPort: {{ .Values.InternalGrpcPort }}
name: {{ .Values.ExternalGrpcName }}
# The secondary port serves the UI as well as health and debug endpoints.
- port: {{ .Values.ExternalHttpPort }}
targetPort: {{ .Values.InternalHttpPort }}
name: {{ .Values.HttpName }}
{{- if ne .Values.InternalGrpcPort .Values.ExternalGrpcPort }}
- port: {{ .Values.InternalGrpcPort }}
targetPort: {{ .Values.InternalGrpcPort }}
name: {{ .Values.InternalGrpcName }}
{{- end }}
selector:
component: "{{ .Release.Name }}-{{ .Values.Component }}"
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/serviceaccount.yaml 0 → 100644
{{- if and .Values.Secure.Enabled .Values.Secure.ServiceAccount.Create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "cockroachdb.serviceAccountName" . }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
{{- end }}
\ No newline at end of file
charts/cockroachdb/19.1.5/templates/statefulset.yaml 0 → 100644
apiVersion: {{ template "statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
spec:
serviceName: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
replicas: {{ default 3 .Values.Replicas }}
selector:
matchLabels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
component: "{{ .Release.Name }}-{{ .Values.Component }}"
template:
metadata:
{{- if .Values.ExtraAnnotations }}
annotations:
{{ toYaml .Values.ExtraAnnotations | indent 8 }}
{{- end }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
component: "{{ .Release.Name }}-{{ .Values.Component }}"
spec:
{{- if .Values.Secure.Enabled }}
serviceAccountName: {{ template "cockroachdb.serviceAccountName" . }}
initContainers:
# The init-certs container sends a certificate signing request to the
# kubernetes cluster.
# You can see pending requests using: kubectl get csr
# CSRs can be approved using: kubectl certificate approve <csr name>
#
# All addresses used to contact a node must be specified in the --addresses arg.
#
# In addition to the node certificate and key, the init-certs entrypoint will symlink
# the cluster CA to the certs directory.
- name: init-certs
image: "{{ .Values.Secure.RequestCertsImage }}:{{ .Values.Secure.RequestCertsImageTag }}"
imagePullPolicy: "{{ .Values.ImagePullPolicy }}"
command:
- "/bin/ash"
- "-ecx"
- "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node -addresses=localhost,127.0.0.1,$(hostname -f),$(hostname -f|cut -f 1-2 -d '.'),{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-public,{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-public.$(hostname -f|cut -f 3- -d '.') -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: certs
mountPath: /cockroach-certs
{{- end }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: component
operator: In
values:
- "{{ .Release.Name }}-{{ .Values.Component }}"
topologyKey: kubernetes.io/hostname
{{- if .Values.NodeSelector }}
nodeSelector:
{{ toYaml .Values.NodeSelector | indent 8 }}
{{- end }}
{{- if .Values.Tolerations }}
tolerations:
{{ toYaml .Values.Tolerations | indent 8 }}
{{- end }}
containers:
- name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
image: "{{ .Values.Image }}:{{ .Values.ImageTag }}"
imagePullPolicy: "{{ .Values.ImagePullPolicy }}"
ports:
- containerPort: {{ .Values.InternalGrpcPort }}
name: grpc
- containerPort: {{ .Values.InternalHttpPort }}
name: http
livenessProbe:
httpGet:
path: "/health"
port: http
{{- if .Values.Secure.Enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: "/health?ready=1"
port: http
{{- if .Values.Secure.Enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 2
resources:
{{ toYaml .Values.Resources | indent 10 }}
env:
- name: STATEFULSET_NAME
value: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}"
- name: STATEFULSET_FQDN
value: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}.{{ .Release.Namespace }}.svc.{{ .Values.ClusterDomain }}"
- name: COCKROACH_CHANNEL
value: kubernetes-helm
{{- if .Values.ExtraEnvArgs }}
{{ toYaml .Values.ExtraEnvArgs | indent 8 }}
{{- end }}
volumeMounts:
- name: datadir
mountPath: /cockroach/cockroach-data
{{- if .Values.Secure.Enabled }}
- name: certs
mountPath: /cockroach/cockroach-certs
{{- end }}
{{- range .Values.ExtraSecretMounts }}
- name: extra-secret-{{ . }}
mountPath: /etc/cockroach/secrets/{{ . }}
readOnly: true
{{- end }}
command:
- "/bin/bash"
- "-ecx"
# The use of qualified `hostname -f` is crucial:
# Other nodes aren't able to look up the unqualified hostname.
- "exec /cockroach/cockroach start --logtostderr {{ if .Values.Secure.Enabled }}--certs-dir /cockroach/cockroach-certs{{ else }}--insecure{{ end }} --advertise-host $(hostname).${STATEFULSET_FQDN} --http-host 0.0.0.0 --http-port {{ .Values.InternalHttpPort }} --port {{ .Values.InternalGrpcPort }} --cache {{ .Values.CacheSize }} --max-sql-memory {{ .Values.MaxSQLMemory }} {{ if .Values.Locality }}--locality={{.Values.Locality }}{{ end }} --join {{ if .Values.JoinExisting }}{{ join "," .Values.JoinExisting }}{{ else }}${STATEFULSET_NAME}-0.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }},${STATEFULSET_NAME}-1.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }},${STATEFULSET_NAME}-2.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }}{{ end }}{{ range .Values.ExtraArgs }} {{ . }}{{ end }}"
# No pre-stop hook is required, a SIGTERM plus some time is all that's
# needed for graceful shutdown of a node.
terminationGracePeriodSeconds: 60
volumes:
- name: datadir
persistentVolumeClaim:
claimName: datadir
{{- if .Values.Secure.Enabled }}
- name: certs
emptyDir: {}
{{- end }}
{{- range .Values.ExtraSecretMounts }}
- name: extra-secret-{{ . }}
secret:
secretName: {{ . }}
{{- end }}
podManagementPolicy: {{ .Values.PodManagementPolicy }}
updateStrategy:
{{ toYaml .Values.UpdateStrategy | indent 4 }}
volumeClaimTemplates:
- metadata:
name: datadir
spec:
accessModes:
- "ReadWriteOnce"
{{- if .Values.StorageClass }}
{{- if (eq "-" .Values.StorageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.StorageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.Storage }}"
charts/cockroachdb/19.1.5/templates/tests/client-test.yaml 0 → 100644
apiVersion: v1
kind: Pod
metadata:
name: "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-test"
annotations:
"helm.sh/hook": test-success
{{- if and (.Values.NetworkPolicy.Enabled) (not .Values.NetworkPolicy.AllowExternal) }}
labels:
"{{.Release.Name}}-{{.Values.Component}}-client": true
{{- end }}
spec:
containers:
- name: "client-test"
image: "{{ .Values.Image }}:{{ .Values.ImageTag }}"
imagePullPolicy: "{{ .Values.ImagePullPolicy }}"
command:
- "/cockroach/cockroach"
- "sql"
- "--insecure"
- "--host"
- "{{ printf "%s-%s" .Release.Name .Values.Name | trunc 56 }}-public.{{ .Release.Namespace }}"
- "--port"
- "{{ .Values.ExternalGrpcPort }}"
- "-e"
- "SHOW DATABASES;"
restartPolicy: Never
charts/cockroachdb/19.1.5/values.yaml 0 → 100644
# Default values for cockroachdb.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
Name: "cockroachdb"
Image: "cockroachdb/cockroach"
ImageTag: "v19.1.5"
ImagePullPolicy: "Always"
Replicas: 3
MaxUnavailable: 1
Component: "cockroachdb"
# You can set a different external and internal GRPC port and service name. If using istio set InternalGrpcName to "cockroach"
InternalGrpcPort: 26257
ExternalGrpcPort: 26257
# If the port numbers are different then then port names must be different as well.
InternalGrpcName: grpc
ExternalGrpcName: grpc
InternalHttpPort: 8080
ExternalHttpPort: 8080
HttpName: http
# Uncomment the following resources definitions or pass them from command line
# to control the cpu and memory resources allocated by the Kubernetes cluster
Resources: {}
# requests:
# cpu: "100m"
# memory: "512Mi"
# The init pod runs at cluster creation to initialize CockroachDB. It finishes
# quickly and doesn't continue to consume resources in the Kubernetes
# cluster. Normally, you should leave this section commented out, but if your
# Kubernetes cluster uses Resource Quotas and requires all pods to specify
# resource requests or limits, you can set those here.
InitPodResources: {}
# requests:
# cpu: "10m"
# memory: "128Mi"
# limits:
# cpu: "10m"
# memory: "128Mi"
Storage: "100Gi"
## Persistent Volume Storage Class for database data
## If defined, storageClassName: <StorageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
StorageClass: null
CacheSize: "25%"
MaxSQLMemory: "25%"
ClusterDomain: "cluster.local"
NetworkPolicy:
Enabled: false
AllowExternal: true
Service:
type: ClusterIP
annotations: {}
labels: {}
ServiceDiscovery:
labels: {}
PodManagementPolicy: Parallel
UpdateStrategy:
type: RollingUpdate
NodeSelector: {}
Tolerations: {}
Secure:
Enabled: false
RequestCertsImage: "cockroachdb/cockroach-k8s-request-cert"
RequestCertsImageTag: "0.4"
ServiceAccount:
# Specifies whether a service account should be created.
Create: true
# The name of the service account to use.
# If not set and create is true, a name is generated.
Name:
# If you are deploying a second cockroach instance that should join a first, use the below list to join to the existing instance.
# Each item in the array should be a FQDN (and port if needed) resolvable by the new pods.
JoinExisting: []
# Set a locality (e.g. "region=us-central1,datacenter=us-centra1-a") if you're doing multi-cluster so data is distributed properly
Locality: ""
# Additional command-line arguments you want to pass to the `cockroach start` commands
ExtraArgs: []
# ExtraSecretMounts is a list of names from secrets in the same namespace as the cockroachdb cluster, which shall be mounted into /etc/cockroach/secrets/ for every cluster member.
ExtraSecretMounts: []
# ExtraEnvArgs is a list of name,value tuples providing extra ENV variables.
# e.g.:
# ExtraEnvArgs:
# - name: COCKROACH_ENGINE_MAX_SYNC_DURATION
# value: "24h"
ExtraEnvArgs: []
# ExtraAnnotations is an object to provide additional annotations to the Statefulset
# e.g.:
# ExtraAnnotations:
# key: values
ExtraAnnotations: {}
# ExtraInitAnnotations is an object to provide additional annotations to the ClusterInit Pod
# e.g.:
# ExtraInitAnnotations:
# key: values
ExtraInitAnnotations: {}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment