github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/receive/statefulset.yaml (about) 1 {{- if .Values.receive.enabled }} 2 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} 3 kind: StatefulSet 4 metadata: 5 name: {{ include "common.names.fullname" . }}-receive 6 namespace: {{ .Release.Namespace | quote }} 7 labels: {{- include "common.labels.standard" . | nindent 4 }} 8 app.kubernetes.io/component: receive 9 {{- if .Values.commonLabels }} 10 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 11 {{- end }} 12 {{- if .Values.commonAnnotations }} 13 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 14 {{- end }} 15 spec: 16 {{- if not .Values.receive.autoscaling.enabled }} 17 replicas: {{ .Values.receive.replicaCount }} 18 {{- end }} 19 podManagementPolicy: {{ .Values.receive.podManagementPolicy }} 20 serviceName: {{ include "common.names.fullname" . }}-receive-headless 21 {{- if .Values.receive.updateStrategy }} 22 updateStrategy: {{- toYaml .Values.receive.updateStrategy | nindent 4 }} 23 {{- end }} 24 selector: 25 matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} 26 app.kubernetes.io/component: receive 27 template: 28 metadata: 29 labels: {{- include "common.labels.standard" . | nindent 8 }} 30 app.kubernetes.io/component: receive 31 {{- if .Values.commonLabels }} 32 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} 33 {{- end }} 34 {{- if .Values.receive.podLabels }} 35 {{- include "common.tplvalues.render" (dict "value" .Values.receive.podLabels "context" $) | nindent 8 }} 36 {{- end }} 37 annotations: 38 checksum/objstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") . | sha256sum }} 39 {{- if (include "thanos.receive.createConfigmap" .) }} 40 checksum/receive-configuration: {{ include (print $.Template.BasePath "/receive/configmap.yaml") . | sha256sum }} 41 {{- end }} 42 {{- if .Values.receive.podAnnotations }} 43 {{- include "common.tplvalues.render" (dict "value" .Values.receive.podAnnotations "context" $) | nindent 8 }} 44 {{- end }} 45 spec: 46 {{- include "thanos.imagePullSecrets" . | nindent 6 }} 47 serviceAccount: {{ include "thanos.serviceAccountName" (dict "component" "receive" "context" $) }} 48 automountServiceAccountToken: {{ .Values.receive.automountServiceAccountToken }} 49 {{- if .Values.receive.hostAliases }} 50 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.receive.hostAliases "context" $) | nindent 8 }} 51 {{- end }} 52 {{- if .Values.receive.affinity }} 53 affinity: {{- include "common.tplvalues.render" (dict "value" .Values.receive.affinity "context" $) | nindent 8 }} 54 {{- else }} 55 affinity: 56 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAffinityPreset "component" "receive" "context" $) | nindent 10 }} 57 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAntiAffinityPreset "component" "receive" "context" $) | nindent 10 }} 58 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.receive.nodeAffinityPreset.type "key" .Values.receive.nodeAffinityPreset.key "values" .Values.receive.nodeAffinityPreset.values) | nindent 10 }} 59 {{- end }} 60 {{- if .Values.receive.nodeSelector }} 61 nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.receive.nodeSelector "context" $) | nindent 8 }} 62 {{- end }} 63 {{- if .Values.receive.tolerations }} 64 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.receive.tolerations "context" $) | nindent 8 }} 65 {{- end }} 66 {{- if .Values.receive.priorityClassName }} 67 priorityClassName: {{ .Values.receive.priorityClassName | quote }} 68 {{- end }} 69 {{- if .Values.receive.schedulerName }} 70 schedulerName: {{ .Values.receive.schedulerName }} 71 {{- end }} 72 {{- if .Values.receive.podSecurityContext.enabled }} 73 securityContext: {{- omit .Values.receive.podSecurityContext "enabled" | toYaml | nindent 8 }} 74 {{- end }} 75 {{- if .Values.receive.topologySpreadConstraints }} 76 topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.receive.topologySpreadConstraints "context" $) | nindent 8 }} 77 {{- end }} 78 {{- if or .Values.receive.initContainers (and .Values.volumePermissions.enabled .Values.receive.persistence.enabled) }} 79 initContainers: 80 {{- if and .Values.volumePermissions.enabled .Values.receive.persistence.enabled }} 81 - name: init-chmod-data 82 image: {{ include "thanos.volumePermissions.image" . }} 83 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} 84 command: 85 - sh 86 - -c 87 - | 88 mkdir -p /var/thanos/receive 89 chown -R "{{ .Values.receive.containerSecurityContext.runAsUser }}:{{ .Values.receive.podSecurityContext.fsGroup }}" /var/thanos/receive 90 securityContext: 91 runAsUser: 0 92 volumeMounts: 93 - name: data 94 mountPath: /var/thanos/receive 95 {{- end }} 96 {{- if .Values.receive.initContainers }} 97 {{- include "common.tplvalues.render" (dict "value" .Values.receive.initContainers "context" $) | nindent 8 }} 98 {{- end }} 99 {{- end }} 100 containers: 101 {{- if .Values.receive.sidecars }} 102 {{- include "common.tplvalues.render" (dict "value" .Values.receive.sidecars "context" $) | nindent 8 }} 103 {{- end }} 104 - name: receive 105 image: {{ include "thanos.image" . }} 106 imagePullPolicy: {{ .Values.image.pullPolicy | quote }} 107 {{- if .Values.receive.containerSecurityContext.enabled }} 108 securityContext: {{- omit .Values.receive.containerSecurityContext "enabled" | toYaml | nindent 12 }} 109 {{- end }} 110 {{- if .Values.receive.command }} 111 command: {{- include "common.tplvalues.render" (dict "value" .Values.receive.command "context" $) | nindent 12 }} 112 {{- end }} 113 args: 114 {{- if .Values.receive.args }} 115 {{- include "common.tplvalues.render" (dict "value" .Values.receive.args "context" $) | nindent 12 }} 116 {{- else }} 117 - receive 118 - --log.level={{ .Values.receive.logLevel }} 119 - --log.format={{ .Values.receive.logFormat }} 120 - --grpc-address=0.0.0.0:10901 121 - --http-address=0.0.0.0:10902 122 - --remote-write.address=0.0.0.0:19291 123 {{- if or .Values.objstoreConfig .Values.existingObjstoreSecret }} 124 - --objstore.config=$(OBJSTORE_CONFIG) 125 {{- end }} 126 {{- if (include "thanos.httpConfigEnabled" .) }} 127 - --http.config=/conf/http/http-config.yml 128 {{- end }} 129 - --tsdb.path=/var/thanos/receive 130 - --label={{ .Values.receive.replicaLabel }}="$(NAME)" 131 - --label=receive="true" 132 - --tsdb.retention={{ .Values.receive.tsdbRetention }} 133 {{- if not .Values.receive.service.additionalHeadless }} 134 - --receive.local-endpoint=127.0.0.1:10901 135 {{- else }} 136 - --receive.local-endpoint=$(NAME).{{ include "common.names.fullname" . }}-receive-headless.$(NAMESPACE).svc.{{ .Values.clusterDomain }}:10901 137 {{- end }} 138 {{- if eq .Values.receive.mode "standalone" }} 139 - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json 140 - --receive.replication-factor={{ .Values.receive.replicationFactor }} 141 {{- end }} 142 {{- if .Values.receive.grpc.server.tls.enabled }} 143 - --grpc-server-tls-cert=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "key" "tls-cert") }} 144 - --grpc-server-tls-key=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "key" "tls-key") }} 145 - --grpc-server-tls-client-ca=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "key" "ca-cert") }} 146 {{- end }} 147 {{- if .Values.receive.extraFlags }} 148 {{- .Values.receive.extraFlags | toYaml | nindent 12 }} 149 {{- end }} 150 {{- end }} 151 env: 152 - name: NAME 153 valueFrom: 154 fieldRef: 155 fieldPath: metadata.name 156 - name: NAMESPACE 157 valueFrom: 158 fieldRef: 159 fieldPath: metadata.namespace 160 {{- if or .Values.objstoreConfig .Values.existingObjstoreSecret }} 161 - name: OBJSTORE_CONFIG 162 valueFrom: 163 secretKeyRef: 164 key: objstore.yml 165 name: {{ include "thanos.objstoreSecretName" . }} 166 {{- end }} 167 {{- if .Values.receive.extraEnvVars }} 168 {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraEnvVars "context" $) | nindent 12 }} 169 {{- end }} 170 {{- if or .Values.receive.extraEnvVarsCM .Values.receive.extraEnvVarsSecret }} 171 envFrom: 172 {{- if .Values.receive.extraEnvVarsCM }} 173 - configMapRef: 174 name: {{ include "common.tplvalues.render" (dict "value" .Values.receive.extraEnvVarsCM "context" $) }} 175 {{- end }} 176 {{- if .Values.receive.extraEnvVarsSecret }} 177 - secretRef: 178 name: {{ include "common.tplvalues.render" (dict "value" .Values.receive.extraEnvVarsSecret "context" $) }} 179 {{- end }} 180 {{- end }} 181 ports: 182 - containerPort: 10901 183 name: grpc 184 protocol: TCP 185 - containerPort: 10902 186 name: http 187 protocol: TCP 188 - containerPort: 19291 189 name: remote-write 190 protocol: TCP 191 {{- if .Values.receive.customLivenessProbe }} 192 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receive.customLivenessProbe "context" $) | nindent 12 }} 193 {{- else if .Values.receive.livenessProbe.enabled }} 194 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receive.livenessProbe "enabled") "context" $) | nindent 12 }} 195 {{- if not .Values.auth.basicAuthUsers }} 196 httpGet: 197 path: /-/healthy 198 port: http 199 scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} 200 {{- else }} 201 tcpSocket: 202 port: http 203 {{- end }} 204 {{- end }} 205 {{- if .Values.receive.customReadinessProbe }} 206 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receive.customReadinessProbe "context" $) | nindent 12 }} 207 {{- else if .Values.receive.readinessProbe.enabled }} 208 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receive.readinessProbe "enabled") "context" $) | nindent 12 }} 209 {{- if not .Values.auth.basicAuthUsers }} 210 httpGet: 211 path: /-/ready 212 port: http 213 scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} 214 {{- else }} 215 tcpSocket: 216 port: http 217 {{- end }} 218 {{- end }} 219 {{- if .Values.receive.customStartupProbe }} 220 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receive.customStartupProbe "context" $) | nindent 12 }} 221 {{- else if .Values.receive.startupProbe.enabled }} 222 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receive.startupProbe "enabled") "context" $) | nindent 12 }} 223 {{- if not .Values.auth.basicAuthUsers }} 224 httpGet: 225 path: /-/ready 226 port: http 227 scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} 228 {{- else }} 229 tcpSocket: 230 port: http 231 {{- end }} 232 {{- end }} 233 {{- if .Values.receive.lifecycleHooks }} 234 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.receive.lifecycleHooks "context" $) | nindent 12 }} 235 {{- end }} 236 {{- if .Values.receive.resources }} 237 resources: {{- toYaml .Values.receive.resources | nindent 12 }} 238 {{- end }} 239 volumeMounts: 240 {{- if (include "thanos.httpConfigEnabled" .) }} 241 - name: http-config 242 mountPath: /conf/http 243 {{- if .Values.https.enabled }} 244 - name: http-certs 245 mountPath: /certs 246 {{- end }} 247 {{- end }} 248 - name: hashring-config 249 mountPath: /var/lib/thanos-receive 250 - name: data 251 mountPath: /var/thanos/receive 252 {{- if .Values.receive.grpc.server.tls.enabled }} 253 - name: grpc-server-tls 254 mountPath: /certs 255 {{- end }} 256 {{- if .Values.receive.extraVolumeMounts }} 257 {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraVolumeMounts "context" $) | nindent 12 }} 258 {{- end }} 259 volumes: 260 - name: hashring-config 261 configMap: 262 name: {{ include "thanos.receive.configmapName" . }} 263 {{- if .Values.receive.grpc.server.tls.enabled }} 264 - name: grpc-server-tls 265 secret: 266 secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "defaultNameSuffix" "receive-grpc-server" "context" $) }} 267 {{- end }} 268 {{- if (include "thanos.httpConfigEnabled" .) }} 269 - name: http-config 270 secret: 271 secretName: {{ include "thanos.httpConfigSecretName" . }} 272 {{- if .Values.https.enabled }} 273 - name: http-certs 274 secret: 275 secretName: {{ include "thanos.httpCertsSecretName" . }} 276 {{- end }} 277 {{- end }} 278 {{- if .Values.receive.extraVolumes }} 279 {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraVolumes "context" $) | nindent 8 }} 280 {{- end }} 281 {{- if and .Values.receive.persistence.enabled .Values.receive.persistence.existingClaim }} 282 - name: data 283 persistentVolumeClaim: 284 claimName: {{ .Values.receive.persistence.existingClaim }} 285 {{- else if not .Values.receive.persistence.enabled }} 286 - name: data 287 emptyDir: {} 288 {{- else if and .Values.receive.persistence.enabled (not .Values.receive.persistence.existingClaim) }} 289 volumeClaimTemplates: 290 - metadata: 291 name: data 292 {{- if .Values.receive.persistence.annotations }} 293 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.receive.persistence.annotations "context" $) | nindent 10 }} 294 {{- end }} 295 spec: 296 accessModes: 297 {{- range .Values.receive.persistence.accessModes }} 298 - {{ . | quote }} 299 {{- end }} 300 resources: 301 requests: 302 storage: {{ .Values.receive.persistence.size | quote }} 303 {{- include "common.storage.class" (dict "persistence" .Values.receive.persistence "global" .Values.global) | nindent 8 }} 304 {{- end }} 305 {{- end }}