From b2b1f05a6f7d81113320540c3b8dfb26b30a0134 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Mon, 29 Apr 2024 14:44:11 -0500 Subject: [PATCH] Attempt to migrate to influxdb version 2. --- .../influxdb/4.12.5/Chart.yaml | 22 - .../influxdb/4.12.5/README.md | 285 ---- .../4.12.5/ci/auth-init-script-values.yaml | 13 - .../influxdb/4.12.5/ci/default-values.yaml | 1 - .../4.12.5/files/backup-retention-script.sh | 69 - .../influxdb/4.12.5/templates/NOTES.txt | 42 - .../influxdb/4.12.5/templates/_helpers.tpl | 88 -- .../4.12.5/templates/backup-cronjob.yaml | 164 --- .../influxdb/4.12.5/templates/backup-pvc.yaml | 21 - .../templates/backup-retention-configmap.yaml | 11 - .../templates/backup-retention-cronjob.yaml | 79 -- .../influxdb/4.12.5/templates/configmap.yaml | 184 --- .../influxdb/4.12.5/templates/ingress.yaml | 39 - .../4.12.5/templates/init-config.yaml | 10 - .../4.12.5/templates/meta-configmap.yaml | 35 - .../4.12.5/templates/meta-service.yaml | 25 - .../4.12.5/templates/meta-statefulset.yaml | 132 -- .../influxdb/4.12.5/templates/secret.yaml | 17 - .../influxdb/4.12.5/templates/service.yaml | 56 - .../4.12.5/templates/serviceaccount.yaml | 12 - .../4.12.5/templates/statefulset.yaml | 209 --- .../influxdb/4.12.5/values.yaml | 313 ----- .../bitnamicharts/influxdb/6.0.8}/.helmignore | 2 + .../bitnamicharts/influxdb/6.0.8/Chart.lock | 6 + .../bitnamicharts/influxdb/6.0.8/Chart.yaml | 38 + .../bitnamicharts/influxdb/6.0.8/README.md | 607 +++++++++ .../influxdb/6.0.8/charts/common/.helmignore | 24 + .../influxdb/6.0.8/charts/common/Chart.yaml | 23 + .../influxdb/6.0.8/charts/common/README.md | 235 ++++ .../charts/common/templates/_affinities.tpl | 139 ++ .../charts/common/templates/_capabilities.tpl | 229 ++++ .../common/templates/_compatibility.tpl | 39 + .../6.0.8/charts/common/templates/_errors.tpl | 28 + .../6.0.8/charts/common/templates/_images.tpl | 117 ++ .../charts/common/templates/_ingress.tpl | 73 + .../6.0.8/charts/common/templates/_labels.tpl | 46 + .../6.0.8/charts/common/templates/_names.tpl | 71 + .../charts/common/templates/_resources.tpl | 50 + .../charts/common/templates/_secrets.tpl | 182 +++ .../charts/common/templates/_storage.tpl | 28 + .../charts/common/templates/_tplvalues.tpl | 38 + .../6.0.8/charts/common/templates/_utils.tpl | 77 ++ .../charts/common/templates/_warnings.tpl | 82 ++ .../templates/validations/_cassandra.tpl | 77 ++ .../common/templates/validations/_mariadb.tpl | 108 ++ .../common/templates/validations/_mongodb.tpl | 113 ++ .../common/templates/validations/_mysql.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 134 ++ .../common/templates/validations/_redis.tpl | 81 ++ .../templates/validations/_validations.tpl | 51 + .../influxdb/6.0.8/charts/common/values.yaml | 8 + .../influxdb/6.0.8/files/conf/README.md | 7 + .../docker-entrypoint-initdb.d/README.md | 5 + .../influxdb/6.0.8/templates/NOTES.txt | 143 ++ .../influxdb/6.0.8/templates/_helpers.tpl | 111 ++ .../6.0.8/templates/configmap-backup.yaml | 70 + .../templates/configmap-initdb-scripts.yaml | 19 + .../influxdb/6.0.8/templates/configmap.yaml | 21 + .../6.0.8/templates/cronjob-backup.yaml | 260 ++++ .../influxdb/6.0.8/templates/deployment.yaml | 366 +++++ .../influxdb/6.0.8/templates/extra-list.yaml | 9 + .../influxdb/6.0.8/templates/ingress.yaml | 69 + .../6.0.8/templates/networkpolicy.yaml | 86 ++ .../influxdb/6.0.8/templates/psp-role.yaml | 22 + .../6.0.8/templates/psp-rolebinding.yaml | 24 + .../influxdb/6.0.8/templates/psp.yaml | 44 + .../influxdb/6.0.8/templates/pvc-backup.yaml | 27 + .../influxdb/6.0.8/templates/pvc.yaml | 27 + .../6.0.8/templates/secrets-backup.yaml | 54 + .../influxdb/6.0.8/templates/secrets.yaml | 29 + .../6.0.8/templates/service-collectd.yaml | 54 + .../6.0.8/templates/service-metrics.yaml | 54 + .../influxdb/6.0.8/templates/service.yaml | 61 + .../6.0.8/templates/serviceaccount.yaml | 19 + .../6.0.8/templates/servicemonitor.yaml | 46 + .../bitnamicharts/influxdb/6.0.8/values.yaml | 1203 +++++++++++++++++ .../opmon/influxdb/helm-chart.yml | 7 +- .../opmon/influxdb/helm-values.yml | 79 +- .../opmon/influxdb/kustomization.yml | 1 - .../opmon/variables/influxdb.yaml | 23 +- variables/prometheus_labels.yaml | 1 + 81 files changed, 5705 insertions(+), 1877 deletions(-) delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/Chart.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/README.md delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/auth-init-script-values.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/default-values.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/files/backup-retention-script.sh delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/NOTES.txt delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/_helpers.tpl delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-cronjob.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-pvc.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-configmap.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-cronjob.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/configmap.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/ingress.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/init-config.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-configmap.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-service.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-statefulset.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/secret.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/service.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/serviceaccount.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/statefulset.yaml delete mode 100644 .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/values.yaml rename .helm-charts/{https_helm.influxdata.com/influxdb/4.12.5 => oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8}/.helmignore (94%) create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.lock create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/README.md create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/.helmignore create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/Chart.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/README.md create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_affinities.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_capabilities.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_compatibility.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_errors.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_images.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_ingress.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_labels.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_names.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_resources.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_secrets.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_storage.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_tplvalues.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_utils.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_warnings.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_cassandra.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mariadb.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mongodb.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mysql.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_postgresql.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_redis.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_validations.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/values.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/conf/README.md create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/docker-entrypoint-initdb.d/README.md create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/NOTES.txt create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/_helpers.tpl create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-backup.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-initdb-scripts.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/cronjob-backup.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/deployment.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/extra-list.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/ingress.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/networkpolicy.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-role.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-rolebinding.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc-backup.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets-backup.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-collectd.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-metrics.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/serviceaccount.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/servicemonitor.yaml create mode 100644 .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/values.yaml diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/Chart.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/Chart.yaml deleted file mode 100644 index e837e556..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -appVersion: 1.8.10 -description: Scalable datastore for metrics, events, and real-time analytics. -home: https://www.influxdata.com/time-series-platform/influxdb/ -keywords: -- influxdb -- database -- timeseries -- influxdata -maintainers: -- email: rawkode@influxdata.com - name: rawkode -- email: giacomo@influxdata.com - name: gitirabassi -- email: urakiny@gmail.com - name: aisuko -- email: naseem@transit.app - name: naseemkullah -name: influxdb -sources: -- https://github.com/influxdata/influxdb -version: 4.12.5 diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/README.md b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/README.md deleted file mode 100644 index 918b1701..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/README.md +++ /dev/null @@ -1,285 +0,0 @@ -# InfluxDB Helm chart - -[InfluxDB](https://github.com/influxdata/influxdb) is an open source time series database with no external dependencies. It's useful for recording metrics, events, and performing analytics. - -The InfluxDB Helm chart uses the [Helm](https://helm.sh) package manager to bootstrap an InfluxDB StatefulSet and service on a [Kubernetes](http://kubernetes.io) cluster. - -> **Note:** ### If you're using the InfluxDB Enterprise Helm chart, check out [InfluxDB Enterprise Helm chart](https://github.com/influxdata/helm-charts/tree/master/charts/influxdb-enterprise). - -## Prerequisites - -- Helm v2 or later -- Kubernetes 1.4+ -- (Optional) PersistentVolume (PV) provisioner support in the underlying infrastructure - -## Install the chart - -1. Add the InfluxData Helm repository: - - ```bash - helm repo add influxdata https://helm.influxdata.com/ - ``` - -2. Run the following command, providing a name for your release: - - ```bash - helm upgrade --install my-release influxdata/influxdb - ``` - - > **Tip**: `--install` can be shortened to `-i`. - - This command deploys InfluxDB on the Kubernetes cluster using the default configuration. To find parameters you can configure during installation, see [Configure the chart](#configure-the-chart). - - > **Tip**: To view all Helm chart releases, run `helm list`. - -## Uninstall the chart - -To uninstall the `my-release` deployment, use the following command: - -```bash -helm uninstall my-release -``` - -This command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configure the chart - -The following table lists configurable parameters, their descriptions, and their default values stored in `values.yaml`. - -| Parameter | Description | Default | -|---|---|----------------------------------------------------------------------| -| image.repository | Image repository url | influxdb | -| image.tag | Image tag | 1.8.0-alpine | -| image.pullPolicy | Image pull policy | IfNotPresent | -| image.pullSecrets | It will store the repository's credentials to pull image | nil | -| serviceAccount.create | It will create service account | true | -| serviceAccount.name | Service account name | "" | -| serviceAccount.annotations | Service account annotations | {} | -| livenessProbe | Health check for pod | {} | -| readinessProbe | Health check for pod | {} | -| startupProbe | Health check for pod | {} | -| service.type | Kubernetes service type | ClusterIP | -| service.loadBalancerIP | A user-specified IP address for service type LoadBalancer to use as External IP (if supported) | nil | -| service.externalIPs | A user-specified list of externalIPs to add to the service | nil | -| service.externalTrafficPolicy | A user specified external traffic policy | nil | -| service.nodePorts.http | Node port to expose for HTTP API if `service.type=NodePort` or `service.type=LoadBalancer` | Random port from range 30000-32767 | -| persistence.enabled | Boolean to enable and disable persistance | true | -| persistence.existingClaim | An existing PersistentVolumeClaim, ignored if enterprise.enabled=true | nil | -| persistence.storageClass | If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack | | -| persistence.annotations | Annotations for volumeClaimTemplates | nil | -| persistence.accessMode | Access mode for the volume | ReadWriteOnce | -| persistence.size | Storage size | 8Gi | -| podAnnotations | Annotations for pod | {} | -| podLabels | Labels for pod | {} | -| ingress.enabled | Boolean flag to enable or disable ingress | false | -| ingress.tls | Boolean to enable or disable tls for ingress. If enabled provide a secret in `ingress.secretName` containing TLS private key and certificate. | false | -| ingress.secretName | Kubernetes secret containing TLS private key and certificate. It is `only` required if `ingress.tls` is enabled. | nil | -| ingress.hostname | Hostname for the ingress | `""` | -| ingress.annotations | ingress annotations | nil | -| schedulerName | Use an [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/), e.g. "stork". | nil | -| nodeSelector | Node labels for pod assignment | {} | -| affinity | [Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) for pod assignment | { | -| tolerations | [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) for pod assignment | [] | -| securityContext | [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pod | {} | -| env | environment variables for influxdb container | {} | -| volumes | `volumes` stanza(s) to be used in the main container | nil | -| mountPoints | `volumeMount` stanza(s) to be used in the main container | nil | -| extraContainers | Additional containers to be added to the pod | {} | -| config.reporting_disabled | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#reporting-disabled-false) | false | -| config.rpc | RPC address for backup and storage | `bind-address: ":8088"` | -| config.meta | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#meta) | {} | -| config.data | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#data) | {} | -| config.coordinator | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#coordinator) | {} | -| config.retention | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#retention) | {} | -| config.shard_precreation | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#shard-precreation) | {} | -| config.monitor | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#monitor) | {} | -| config.http | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#http) | `enabled: true`
`bind-address: ":8086"`
`flux-enabled: true` | -| config.logging | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#logging) | {} | -| config.subscriber | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#subscriber) | {} | -| config.graphite | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#graphite) | {} | -| config.collectd | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#collectd) | {} | -| config.opentsdb | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#opentsdb) | {} | -| config.udp | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#udp) | {} | -| config.continous_queries | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#continuous-queries) | {} | -| config.tls | [Details](https://docs.influxdata.com/influxdb/v1.8/administration/config/#tls) | {} | -| initScripts.enabled | Boolean flag to enable and disable initscripts. If the container finds any files with the extensions .sh or .iql inside of the /docker-entrypoint-initdb.d folder, it will execute them. The order they are executed in is determined by the shell. This is usually alphabetical order. | false | -| initScripts.scripts | Init scripts | {} | -| backup.enabled | Enable backups, if `true` must configure one of the storage providers | `false` | -| backup.gcs | Google Cloud Storage config | `nil` -| backup.azure | Azure Blob Storage config | `nil` -| backup.s3 | Amazon S3 (or compatible) config | `nil` -| backup.schedule | Schedule to run jobs in cron format | `0 0 * * *` | -| backup.startingDeadlineSeconds | Deadline in seconds for starting the job if it misses its scheduled time for any reason | `nil` | -| backup.annotations | Annotations for backup cronjob | {} | -| backup.podAnnotations | Annotations for backup cronjob pods | {} | -| backup.persistence.enabled | Boolean to enable and disable persistance | false | -| backup.persistence.storageClass | If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack | | -| backup.persistence.annotations | Annotations for volumeClaimTemplates | {} | -| backup.persistence.accessMode | Access mode for the volume | ReadWriteOnce | -| backup.persistence.size | Storage size | 8Gi | -| backup.resources | Resources requests and limits for `backup` pods | `ephemeral-storage: 8Gi` | - -To configure the chart, do either of the following: - -- Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade --install`. For example: - - ```bash - helm upgrade --install my-release \ - --set persistence.enabled=true,persistence.size=200Gi \ - influxdata/influxdb - ``` - - This command enables persistence and changes the size of the requested data volume to 200GB. - -- Provide a YAML file that specifies the parameter values while installing the chart. For example, use the following command: - - ```bash - helm upgrade --install my-release -f values.yaml influxdata/influxdb - ``` - - > **Tip**: Use the default [values.yaml](values.yaml). - -For information about running InfluxDB in Docker, see the [full image documentation](https://hub.docker.com/_/influxdb/). - -## Persistence - -The [InfluxDB](https://hub.docker.com/_/influxdb/) image stores data in the `/var/lib/influxdb` directory in the container. - -If persistence is enabled, a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) associated with StatefulSet is provisioned. The volume is created using dynamic volume provisioning. In case of a disruption (for example, a node drain), Kubernetes ensures that the same volume is reattached to the Pod, preventing any data loss. However, when persistence is **not enabled**, InfluxDB data is stored in an empty directory, so if a Pod restarts, data is lost. - -## Start with authentication - -In `values.yaml`, change `.Values.config.http.auth-enabled` to `true`. - -To handle this set up during startup, set `.Values.setDefaultUser.enabled` to `true`. - -Make sure to uncomment or configure default user settings after enabling it. If a password is not set, a random password will be generated. - -Alternatively, if `.Values.setDefaultUser.user.existingSecret` is set the user and password are obtained from an existing Secret, the expected keys are `influxdb-user` and `influxdb-password`. Use this variable if you need to check in the `values.yaml` in a repository to avoid exposing your secrets. - -## Back up and restore - -Before proceeding, please read [Backing up and restoring in InfluxDB OSS](https://docs.influxdata.com/influxdb/v1.8/administration/backup_and_restore/). While the chart offers backups by means of the [`backup-cronjob`](./templates/backup-cronjob.yaml), restores do not fall under the chart's scope today but can be achieved by one-off kubernetes jobs. - -### Backups - -When enabled, the[`backup-cronjob`](./templates/backup-cronjob.yaml) runs on the configured schedule. One can create a job from the backup cronjob on demand as follows: - -```sh -kubectl create job --from=cronjobs/influxdb-backup influx-backup-$(date +%Y%m%d%H%M%S) -``` - -#### Backup Storage - -The backup process consists of an init-container that writes the backup to a -local volume, which is by default an `emptyDir`, shared to the runtime container -which uploads the backup to the configured object store. - -In order to avoid filling the node's disk space, it is recommended to set a sufficient -`ephemeral-storage` request or enable persistence, which allocates a PVC. - -Furthermore, if no object store provider is available, one can simply use the -PVC as the final storage destination when `persistence` is enabled. - -### Restores - -It is up to the end user to configure their own one-off restore jobs. Below is just an example, which assumes that the backups are stored in GCS and that all dbs in the backup already exist and should be restored. It is to be used as a reference only; configure the init-container and the command and of the `influxdb-restore` container as well as both containers' resources to suit your needs. - -```yaml -apiVersion: batch/v1 -kind: Job -metadata: - generateName: influxdb-restore- - namespace: monitoring -spec: - template: - spec: - volumes: - - name: backup - emptyDir: {} - serviceAccountName: influxdb - initContainers: - - name: init-gsutil-cp - image: google/cloud-sdk:alpine - command: - - /bin/sh - args: - - "-c" - - | - gsutil -m cp -r gs:///* /backup - volumeMounts: - - name: backup - mountPath: /backup - resources: - requests: - cpu: 1 - memory: 4Gi - limits: - cpu: 2 - memory: 8Gi - containers: - - name: influxdb-restore - image: influxdb:1.8-alpine - volumeMounts: - - name: backup - mountPath: /backup - command: - - /bin/sh - args: - - "-c" - - | - #!/bin/sh - INFLUXDB_HOST=influxdb.monitoring.svc - for db in $(influx -host $INFLUXDB_HOST -execute 'SHOW DATABASES' | tail -n +5); do - influxd restore -host $INFLUXDB_HOST:8088 -portable -db "$db" -newdb "$db"_bak /backup - done - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 500m - memory: 512Mi - restartPolicy: OnFailure -``` - -At which point the data from the new `_bak` dbs would have to be side loaded into the original dbs. -Please see [InfluxDB documentation for more restore examples](https://docs.influxdata.com/influxdb/v1.8/administration/backup_and_restore/#restore-examples). - -## Mounting Extra Volumes - -Extra volumes can be mounted by providing the `volumes` and `mountPoints` keys, consistent -with the behavior of other charts provided by Influxdata. - -```yaml -volumes: -- name: ssl-cert-volume - secret: - secretName: secret-name -mountPoints: -- name: ssl-cert-volume - mountPath: /etc/ssl/certs/selfsigned/ - readOnly: true -``` - -## Upgrading - -### From < 1.0.0 To >= 1.0.0 - -Values `.Values.config.bind_address` and `.Values.exposeRpc` no longer exist. They have been replaced with `.Values.config.rpc.bind_address` and `.Values.config.rpc.enabled` respectively. Please adjust your values file accordingly. - -### From < 1.5.0 to >= 2.0.0 - -The Kubernetes API change to support 1.160 may not be backwards compatible and may require the chart to be uninstalled in order to upgrade. See [this issue](https://github.com/helm/helm/issues/6583) for some background. - -### From < 3.0.0 to >= 3.0.0 - -Since version 3.0.0 this chart uses a StatefulSet instead of a Deployment. As part of this update the existing persistent volume (and all data) is deleted and a new one is created. Make sure to backup and restore the data manually. - -### From < 4.0.0 to >= 4.0.0 - -Labels are changed in accordance with [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/\#labels). This change also removes the ability to configure clusterIP value to avoid `Error: UPGRADE FAILED: failed to replace object: Service "my-influxdb" is invalid: spec.clusterIP: Invalid value: "": field is immutable` type errors. For more information on this error and why it's important to avoid this error, please see [this Github issue](https://github.com/helm/helm/issues/6378#issuecomment-582764215). - -Due to the significance of the changes, we recommend uninstalling and reinstalling the chart (although the PVC shouldn't be deleted during this process, we highly recommended backing up your data beforehand). - -Check out our [Slack channel](https://www.influxdata.com/slack) for support and information. diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/auth-init-script-values.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/auth-init-script-values.yaml deleted file mode 100644 index dc6de5f8..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/auth-init-script-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -config: - http: - auth-enabled: true - -setDefaultUser: - enabled: true - -initScripts: - enabled: true - scripts: - init.iql: |+ - CREATE DATABASE "telegraf" WITH DURATION 30d REPLICATION 1 NAME "rp_30d" - CREATE DATABASE "iot" WITH DURATION 7d REPLICATION 1 NAME "rp_7d" diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/default-values.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/default-values.yaml deleted file mode 100644 index 986b68f1..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Default values only, no overrides diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/files/backup-retention-script.sh b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/files/backup-retention-script.sh deleted file mode 100644 index e301c184..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/files/backup-retention-script.sh +++ /dev/null @@ -1,69 +0,0 @@ -#! /usr/bin/env bash - -set -e - -# This script wants these variable to be set. - -## S3_BUCKET <- The name of the bucket where the backups are stored -## S3_ENDPOINT <- The endpoint of the S3 service -## AWS_ACCESS_KEY_ID <- Access credentials -## AWS_SECRET_ACCESS_KEY <- Access credentials -## DAYS_TO_RETAIN <- The TTL for the backups === number of backups to keep. - -# Sanity check to avoid removing all backups. -[[ "$DAYS_TO_RETAIN" -lt 1 ]] && DAYS_TO_RETAIN=1 - -# Prepare endpoint-url argument -[[ -z "$S3_ENDPOINT" ]] && endpoint_arg="" || endpoint_arg="--endpoint-url ${S3_ENDPOINT}" - -function get_records { - before_date="$1" - - aws s3api list-objects \ - --bucket ${S3_BUCKET} \ - ${endpoint_arg} \ - --query "Contents[?LastModified<='${before_date}'][].{Key: Key}" -} - -function remove_old_backups { - before_date=$(date --iso-8601=seconds -d "-${DAYS_TO_RETAIN} days") - now=$(date --iso-8601=seconds) - - del_records=$(get_records "${before_date}") - all_records=$(get_records "${now}") - - del_paths=() - all_paths=() - - function _jq { - echo ${row} | base64 --decode | jq -r ${1} - } - - for row in $(echo "${del_records}" | jq -r '.[] | @base64'); do - del_paths+=($(_jq '.Key')) - done - - for row in $(echo "${all_records}" | jq -r '.[] | @base64'); do - all_paths+=($(_jq '.Key')) - done - - # Number of backups left if all old backups are removed. - left=$((${#all_paths[@]} - ${#del_paths[@]})) - - # We ALWAYS keep N backups even if their TTL has expired! - if (( ${left} < ${DAYS_TO_RETAIN} )); then - num_to_delete=$((${#all_paths[@]} - ${DAYS_TO_RETAIN})) - else - num_to_delete=${#del_paths[@]} - fi - - for path in "${del_paths[@]::${num_to_delete}}"; do - aws s3 rm "s3://${S3_BUCKET}/${path}" \ - ${endpoint_arg} - done -} - -# Installs jq. -yum install -y jq - -remove_old_backups diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/NOTES.txt b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/NOTES.txt deleted file mode 100644 index e6fd0e65..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/NOTES.txt +++ /dev/null @@ -1,42 +0,0 @@ -InfluxDB can be accessed via port {{ include "influxdb.httpPortNumber" . }} on the following DNS name from within your cluster: - - http://{{ include "influxdb.fullname" . }}.{{ .Release.Namespace }}:{{ include "influxdb.httpPortNumber" . }} - -You can connect to the remote instance with the influx CLI. To forward the API port to localhost:8086, run the following: - - kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') 8086:{{ include "influxdb.httpPortNumber" . }} - -You can also connect to the influx CLI from inside the container. To open a shell session in the InfluxDB pod, run the following: - - kubectl exec -i -t --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{.items[0].metadata.name}') /bin/sh - -To view the logs for the InfluxDB pod, run the following: - - kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') - -{{- if .Values.setDefaultUser.enabled }} - -To retrieve the default user name: - -{{- if .Values.setDefaultUser.user.existingSecret }} - - echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode) - -{{- else }} - - echo $(kubectl get secret {{ include "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode) - -{{- end }} - -To retrieve the default user password: - -{{- if .Values.setDefaultUser.user.existingSecret }} - - echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode) - -{{- else }} - - echo $(kubectl get secret {{ include "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode) - -{{- end }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/_helpers.tpl b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/_helpers.tpl deleted file mode 100644 index 2e930f2a..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/_helpers.tpl +++ /dev/null @@ -1,88 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "influxdb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "influxdb.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "influxdb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "influxdb.labels" -}} -helm.sh/chart: {{ include "influxdb.chart" . }} -{{ include "influxdb.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "influxdb.selectorLabels" -}} -app.kubernetes.io/name: {{ include "influxdb.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "influxdb.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "influxdb.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Define ports for kubernetes. -*/}} -{{- define "influxdb.rpcPortNumber" -}} - {{ default 8088 (regexReplaceAll ":([0-9]+)" (index .Values "config" "rpc" "bind-address") "${1}") }} -{{- end -}} -{{- define "influxdb.metaPortNumber" -}} - {{ default 8091 (regexReplaceAll ":([0-9]+)" (index .Values "config" "meta" "bind-address") "${1}") }} -{{- end -}} -{{- define "influxdb.httpPortNumber" -}} - {{ default 8086 (regexReplaceAll ":([0-9]+)" (index .Values "config" "http" "bind-address") "${1}") }} -{{- end -}} -{{- define "influxdb.graphitePortNumber" -}} - {{ default 2003 (regexReplaceAll ":([0-9]+)" (index .Values "config" "graphite" "bind-address") "${1}") }} -{{- end -}} -{{- define "influxdb.collectdPortNumber" -}} - {{ default 25826 (regexReplaceAll ":([0-9]+)" (index .Values "config" "collectd" "bind-address") "${1}") }} -{{- end -}} -{{- define "influxdb.opentsdbPortNumber" -}} - {{ default 4242 (regexReplaceAll ":([0-9]+)" (index .Values "config" "opentsdb" "bind-address") "${1}") }} -{{- end -}} -{{- define "influxdb.udpPortNumber" -}} - {{ default 8089 (regexReplaceAll ":([0-9]+)" (index .Values "config" "udp" "bind-address") "${1}") }} -{{- end -}} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-cronjob.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-cronjob.yaml deleted file mode 100644 index 1a620ce1..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-cronjob.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- if .Values.backup.enabled }} -{{- if .Capabilities.APIVersions.Has "batch/v1" }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ include "influxdb.fullname" . }}-backup - labels: - {{- include "influxdb.labels" . | nindent 4 }} - app.kubernetes.io/component: backup - annotations: - {{- toYaml .Values.backup.annotations | nindent 4 }} -spec: - schedule: {{ .Values.backup.schedule | quote }} - startingDeadlineSeconds: {{ .Values.backup.startingDeadlineSeconds }} - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - metadata: - {{- if .Values.backup.podAnnotations }} - annotations: - {{ toYaml .Values.backup.podAnnotations | nindent 12 }} - {{- end }} - labels: - {{- include "influxdb.selectorLabels" . | nindent 12 }} - spec: - restartPolicy: OnFailure - {{- with .Values.backup.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: backup - {{- if .Values.backup.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "influxdb.fullname" . }}-backup - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.backup.gcs }} - {{- if .Values.backup.gcs.serviceAccountSecret }} - - name: google-cloud-key - secret: - secretName: {{ .Values.backup.gcs.serviceAccountSecret | quote }} - {{- end }} - {{- end }} - {{- if .Values.backup.s3 }} - {{- if .Values.backup.s3.credentialsSecret }} - - name: aws-credentials-secret - secret: - secretName: {{ .Values.backup.s3.credentialsSecret | quote }} - {{- end }} - {{- end }} - serviceAccountName: {{ include "influxdb.serviceAccountName" . }} - initContainers: - - name: influxdb-backup - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - volumeMounts: - - name: backup - mountPath: /backup - command: - - /bin/sh - args: - - '-c' - - | - influxd backup \ - -host {{ include "influxdb.fullname" . }}.{{ .Release.Namespace }}.svc:{{ include "influxdb.rpcPortNumber" . }} \ - -portable /backup/"$(date +%Y%m%d%H%M%S)" - resources: - {{- toYaml .Values.backup.resources | nindent 14 }} - containers: - {{- if .Values.backup.gcs }} - - name: gsutil-cp - image: google/cloud-sdk:alpine - command: - - /bin/sh - args: - - '-c' - - '-e' - - | - if [ -n "$KEY_FILE" ]; then - gcloud auth activate-service-account --key-file $KEY_FILE - fi - gsutil -m cp -r /backup/* "$DST_URL" - rm -rf /backup/* - volumeMounts: - - name: backup - mountPath: /backup - {{- if .Values.backup.gcs.serviceAccountSecretKey}} - - name: google-cloud-key - mountPath: /var/secrets/google/ - {{- end }} - env: - - name: DST_URL - value: {{ .Values.backup.gcs.destination}} - {{- if .Values.backup.gcs.serviceAccountSecretKey}} - - name: KEY_FILE - value: /var/secrets/google/{{ .Values.backup.gcs.serviceAccountSecretKey }} - {{- end }} - resources: - {{- toYaml .Values.backup.resources | nindent 14 }} - {{- end }} - {{- if .Values.backup.azure }} - - name: azure-cli - image: mcr.microsoft.com/azure-cli - command: - - /bin/sh - args: - - '-c' - - '-e' - - | - az storage container create --name "$DST_CONTAINER" - az storage blob upload-batch --destination "$DST_CONTAINER" --destination-path "$DST_PATH" --source "$SRC_URL" - rm -rf /backup/* - volumeMounts: - - name: backup - mountPath: /backup - env: - - name: SRC_URL - value: /backup - - name: DST_CONTAINER - value: {{ .Values.backup.azure.destination_container }} - - name: DST_PATH - value: {{ .Values.backup.azure.destination_path }} - - name: AZURE_STORAGE_CONNECTION_STRING - valueFrom: - secretKeyRef: - name: {{ .Values.backup.azure.storageAccountSecret }} - key: connection-string - resources: - {{- toYaml .Values.backup.resources | nindent 14 }} - {{- end }} - {{- if .Values.backup.s3 }} - - name: aws-cli - image: amazon/aws-cli - command: - - /bin/sh - args: - - '-c' - - '-e' - - | - aws {{- if .Values.backup.s3.endpointUrl }} --endpoint-url={{ .Values.backup.s3.endpointUrl }} {{- end }} s3 cp --recursive "$SRC_URL" "$DST_URL" - rm -rf /backup/* - volumeMounts: - - name: backup - mountPath: /backup - {{- if .Values.backup.s3.credentialsSecret}} - - name: aws-credentials-secret - mountPath: /var/secrets/aws/ - {{- end }} - env: - - name: AWS_CONFIG_FILE - value: /var/secrets/aws/credentials - - name: SRC_URL - value: /backup - - name: DST_URL - value: {{ .Values.backup.s3.destination }} - resources: - {{- toYaml .Values.backup.resources | nindent 14 }} - {{- end }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-pvc.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-pvc.yaml deleted file mode 100644 index ebf4ba1c..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.backup.enabled .Values.backup.persistence.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "influxdb.fullname" . }}-backup - labels: - {{- include "influxdb.labels" . | nindent 4 }} -spec: - accessModes: - - {{ .Values.backup.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.backup.persistence.size | quote }} -{{- if .Values.backup.persistence.storageClass }} -{{- if (eq "-" .Values.backup.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.backup.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-configmap.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-configmap.yaml deleted file mode 100644 index d158eb54..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.backupRetention.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "influxdb.fullname" . }}-backup-retention - labels: - {{- include "influxdb.labels" . | nindent 4 }} -data: - backup-retention.sh: |- - {{- .Files.Get "files/backup-retention-script.sh" | nindent 4 }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-cronjob.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-cronjob.yaml deleted file mode 100644 index d822818b..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/backup-retention-cronjob.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.backupRetention.enabled }} -{{- if .Capabilities.APIVersions.Has "batch/v1" }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ include "influxdb.fullname" . }}-backup-retention - labels: - {{- include "influxdb.labels" . | nindent 4 }} - app.kubernetes.io/component: backup-retention - annotations: - {{- toYaml .Values.backupRetention.annotations | nindent 4 }} -spec: - schedule: {{ .Values.backupRetention.schedule | quote }} - startingDeadlineSeconds: {{ .Values.backupRetention.startingDeadlineSeconds }} - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - metadata: - {{- if .Values.backupRetention.podAnnotations }} - annotations: - {{ toYaml .Values.backupRetention.podAnnotations | nindent 12 }} - {{- end }} - labels: - {{- include "influxdb.selectorLabels" . | nindent 12 }} - spec: - restartPolicy: OnFailure - volumes: - - name: scripts - configMap: - name: {{ include "influxdb.fullname" . }}-backup-retention - {{- if .Values.backupRetention.gcs }} - {{- if .Values.backupRetention.gcs.serviceAccountSecret }} - - name: google-cloud-key - secret: - secretName: {{ .Values.backupRetention.gcs.serviceAccountSecret | quote }} - {{- end }} - {{- end }} - {{- if .Values.backupRetention.s3 }} - {{- if .Values.backupRetention.s3.credentialsSecret }} - - name: aws-credentials-secret - secret: - secretName: {{ .Values.backupRetention.s3.credentialsSecret | quote }} - {{- end }} - {{- end }} - serviceAccountName: {{ include "influxdb.serviceAccountName" . }} - containers: - {{- if .Values.backupRetention.gcs }} - {{- end }} - {{- if .Values.backupRetention.azure }} - {{- end }} - {{- if .Values.backupRetention.s3 }} - - name: aws-cli - image: amazon/aws-cli - command: ['/bin/bash'] - args: ['/scripts/backup-retention.sh'] - volumeMounts: - - name: scripts - mountPath: /scripts - {{- if .Values.backupRetention.s3.credentialsSecret}} - - name: aws-credentials-secret - mountPath: /var/secrets/aws/ - {{- end }} - env: - - name: AWS_CONFIG_FILE - value: /var/secrets/aws/credentials - - name: DAYS_TO_RETAIN - value: {{ .Values.backupRetention.daysToRetain | quote }} - - name: S3_BUCKET - value: {{ .Values.backupRetention.s3.bucketName }} - - name: S3_ENDPOINT - value: {{ .Values.backupRetention.s3.endpointUrl }} - resources: - {{- toYaml .Values.backupRetention.resources | nindent 14 }} - {{- end }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/configmap.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/configmap.yaml deleted file mode 100644 index e041a47e..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/configmap.yaml +++ /dev/null @@ -1,184 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "influxdb.fullname" . }} - labels: - {{- include "influxdb.labels" . | nindent 4 }} -data: - influxdb.conf: |+ - reporting-disabled = {{ .Values.config.reporting_disabled }} - bind-address = "{{ index .Values "config" "rpc" "bind-address"| default (printf ":%s" (include "influxdb.rpcPortNumber" . ))}}" - - [meta] - dir = "/var/lib/influxdb/meta" - {{- range $key, $value := index .Values.config.meta }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - {{- if .Values.enterprise.enabled }} - internal-shared-secret = "{{ sha256sum .Values.enterprise.meta.seed }}" - meta-auth-enabled = {{ .Values.config.meta.authEnabled }} - {{- end }} - - [data] - dir = "/var/lib/influxdb/data" - wal-dir = "/var/lib/influxdb/wal" - {{- range $key, $value := index .Values.config.data }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [coordinator] - {{- range $key, $value := index .Values.config.coordinator }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [retention] - {{- range $key, $value := index .Values.config.retention }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [shard-precreation] - {{- range $key, $value := index .Values.config.shard_precreation }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [monitor] - {{- range $key, $value := index .Values.config.monitor }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [subscriber] - {{- range $key, $value := index .Values.config.subscriber }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [http] - {{- range $key, $value := index .Values.config.http }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - # TODO: allow multiple graphite listeners - - [[graphite]] - {{- range $key, $value := index .Values.config.graphite }} - {{- if ne $key "templates"}} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.config.graphite.templates }} - templates = [ - {{- range .Values.config.graphite.templates }} - {{ quote . }}, - {{- end }} - ] - {{- end }} - - # TODO: allow multiple collectd listeners with templates - - [[collectd]] - {{- range $key, $value := index .Values.config.collectd }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - # TODO: allow multiple opentsdb listeners with templates - - [[opentsdb]] - {{- range $key, $value := index .Values.config.opentsdb }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - # TODO: allow multiple udp listeners with templates - - [[udp]] - {{- range $key, $value := index .Values.config.udp }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [continuous_queries] - {{- range $key, $value := index .Values.config.continuous_queries }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - [logging] - {{- range $key, $value := index .Values.config.logging }} - {{- $tp := typeOf $value }} - {{- if eq $tp "string" }} - {{ $key }} = {{ $value | quote }} - {{- else }} - {{ $key }} = {{ $value }} - {{- end }} - {{- end }} - - {{ if .Values.enterprise.enabled -}} - [enterprise] - license-key = {{ .Values.enterprise.licensekey | quote }} - - [hinted-handoff] - enabled = true - dir = "/var/lib/influxdb/hh" - {{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/ingress.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/ingress.yaml deleted file mode 100644 index f5a77f89..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "influxdb.fullname" . }} - labels: -{{- include "influxdb.labels" . | nindent 4 }} -{{- if .Values.ingress.annotations }} - annotations: -{{ toYaml .Values.ingress.annotations | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - - hosts: - - {{ .Values.ingress.hostname | quote }} -{{- if .Values.ingress.secretName }} - secretName: {{ .Values.ingress.secretName }} -{{- end }} -{{- end }} -{{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} -{{- end }} - rules: -{{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname | quote }} - http: -{{- else }} - - http: -{{- end }} - paths: - - path: {{ .Values.ingress.path }} - pathType: Prefix - backend: - service: - name: {{ include "influxdb.fullname" . }} - port: - number: {{ include "influxdb.httpPortNumber" . }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/init-config.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/init-config.yaml deleted file mode 100644 index 5f608985..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/init-config.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.initScripts.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "influxdb.fullname" . }}-init - labels: - {{- include "influxdb.labels" . | nindent 4 }} -data: -{{ toYaml .Values.initScripts.scripts | indent 2 }} -{{- end -}} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-configmap.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-configmap.yaml deleted file mode 100644 index 82234c34..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-configmap.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{ if .Values.enterprise.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "influxdb.fullname" . }}-meta - labels: - {{- include "influxdb.labels" . | nindent 4 }} - app.kubernetes.io/component: meta -data: - influxdb-meta.conf: |+ - reporting-disabled = {{ .Values.config.reporting_disabled }} - bind-address = "{{ index .Values "config" "meta" "bind-address" | default (printf ":%s" (include "influxdb.metaPortNumber" .))}}" - - [enterprise] - license-key = {{ .Values.enterprise.licensekey | quote }} - - [meta] - dir = "/var/lib/influxdb/meta" - {{- range $key, $value := index .Values.config.meta }} - {{ $key }} = {{ $value }} - {{- end }} - {{- if .Values.enterprise.enabled }} - meta-auth-enabled = {{ .Values.config.meta.authEnabled }} - {{- end }} - - [logging] - {{- range $key, $value := index .Values.config.logging }} - {{ $key }} = {{ $value }} - {{- end }} - - [tls] - {{- range $key, $value := index .Values.config.tls }} - {{ $key }} = {{ $value }} - {{- end }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-service.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-service.yaml deleted file mode 100644 index a68fdf89..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.enterprise.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - name: {{ include "influxdb.fullname" . }}-meta - labels: - {{- include "influxdb.labels" . | nindent 4 }} - app.kubernets.io/component: meta -spec: - type: ClusterIP - clusterIP: None - # publishNotReadyAddresses is used for service discovery of meta and data nodes by querying the service's SRV record. - publishNotReadyAddresses: true - ports: - - name: meta - port: {{ include "influxdb.metaPortNumber" . }} - targetPort: meta - selector: - {{- include "influxdb.selectorLabels" . | nindent 4 }} - app.kubernets.io/component: meta -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-statefulset.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-statefulset.yaml deleted file mode 100644 index cadf6114..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/meta-statefulset.yaml +++ /dev/null @@ -1,132 +0,0 @@ -{{- if .Values.enterprise.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "influxdb.fullname" . }}-meta - labels: - {{- include "influxdb.labels" . | nindent 4 }} - app.kubernetes.io/component: meta -spec: - replicas: {{ .Values.enterprise.meta.clusterSize }} - selector: - matchLabels: - {{- include "influxdb.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: meta - serviceName: "{{ include "influxdb.fullname" . }}-meta" - template: - metadata: - labels: - {{- include "influxdb.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: meta - {{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end}} - {{- end }} - serviceAccountName: {{ include "influxdb.serviceAccountName" . }} - containers: - - name: "{{ include "influxdb.fullname" . }}-meta" - image: "{{ .Values.image.repository }}:{{ .Values.enterprise.meta.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - resources: -{{ toYaml .Values.enterprise.meta.resources | indent 10 }} - ports: - - name: udp - containerPort: {{ include "influxdb.udpPortNumber" . }} - - name: rpc - containerPort: {{ include "influxdb.rpcPortNumber" . }} - - name: meta - containerPort: {{ include "influxdb.metaPortNumber" . }} - {{- if .Values.env }} - env: -{{ toYaml .Values.env | indent 10 }} - # Values.env's HOSTNAME isn't fundamentally different from $HOSTNAME, but this way we get a distinguished name for InfluxDB at runtime. - - name: INFLUXDB_HOSTNAME - value: "$(_HOSTNAME).{{ include "influxdb.fullname" . }}-meta" - {{- end }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path | default "/ping" }} - port: meta - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5 }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path | default "/ping" }} - port: meta - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 5 }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 1 }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.startupProbe.path | default "/ping" }} - port: meta - failureThreshold: {{ .Values.startupProbe.failureThreshold | default 6 }} - periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} - {{- end }} - volumeMounts: - - name: {{ include "influxdb.fullname" . }}-meta - mountPath: /var/lib/influxdb - - name: config - mountPath: /etc/influxdb - {{- if .Values.initScripts.enabled }} - - name: init - mountPath: /docker-entrypoint-initdb.d - {{- end }} - volumes: - - name: config - configMap: - name: {{ include "influxdb.fullname" . }}-meta - {{- if .Values.initScripts.enabled }} - - name: init - configMap: - name: {{ include "influxdb.fullname" . }}-init - {{- end }} - {{- if (not .Values.persistence.enabled ) }} - - name: {{ include "influxdb.fullname" . }}-meta - emptyDir: {} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "influxdb.fullname" . }}-meta - annotations: - {{- range $key, $value := .Values.persistence.annotations }} - {{ $key }}: "{{ $value }}" - {{- end }} - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote}} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/secret.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/secret.yaml deleted file mode 100644 index c6390f1e..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.setDefaultUser.enabled -}} -{{- if not (.Values.setDefaultUser.user.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "influxdb.fullname" . }}-auth - labels: - {{- include "influxdb.labels" . | nindent 4 }} -data: - {{- if .Values.setDefaultUser.user.password }} - influxdb-password: {{ .Values.setDefaultUser.user.password | b64enc | quote }} - {{- else }} - influxdb-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - influxdb-user: {{ .Values.setDefaultUser.user.username | b64enc | quote }} -{{- end -}} -{{- end -}} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/service.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/service.yaml deleted file mode 100644 index f5bf2871..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - name: {{ include "influxdb.fullname" . }} - labels: - {{- include "influxdb.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - name: api - port: {{ include "influxdb.httpPortNumber" . }} - targetPort: api - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http | int }} - {{- end }} - - name: rpc - port: {{ include "influxdb.rpcPortNumber" . }} - targetPort: rpc - {{- if .Values.config.graphite.enabled }} - - name: graphite - port: {{ include "influxdb.graphitePortNumber" . }} - targetPort: graphite - {{- end }} - {{- if .Values.config.collectd.enabled }} - - name: collectd - port: {{ include "influxdb.collectdPortNumber" . }} - protocol: UDP - targetPort: collectd - {{- end }} - {{- if .Values.config.udp.enabled }} - - name: udp - port: {{ include "influxdb.udpPortNumber" . }} - protocol: UDP - targetPort: udp - {{- end }} - {{- if .Values.config.opentsdb.enabled }} - - name: opentsdb - port: {{ include "influxdb.opentsdbPortNumber" . }} - targetPort: opentsdb - {{- end }} - selector: - {{- include "influxdb.selectorLabels" . | nindent 4 }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} -{{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/serviceaccount.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/serviceaccount.yaml deleted file mode 100644 index c4966965..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "influxdb.serviceAccountName" . }} - labels: - {{- include "influxdb.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/statefulset.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/statefulset.yaml deleted file mode 100644 index f2b21c00..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/templates/statefulset.yaml +++ /dev/null @@ -1,209 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "influxdb.fullname" . }} - labels: - {{- include "influxdb.labels" . | nindent 4 }} -spec: - {{- if .Values.enterprise.enabled }} - replicas: {{ .Values.enterprise.clusterSize }} - {{ else }} - replicas: 1 - {{- end}} - selector: - matchLabels: - {{- include "influxdb.selectorLabels" . | nindent 6 }} - serviceName: "{{ include "influxdb.fullname" . }}" - template: - metadata: - labels: - {{- include "influxdb.selectorLabels" . | nindent 8 }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - {{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end}} - {{- end }} - serviceAccountName: {{ include "influxdb.serviceAccountName" . }} - containers: - - name: {{ include "influxdb.fullname" . }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- end }} - ports: - - name: api - containerPort: {{ include "influxdb.httpPortNumber" . }} - {{- if .Values.config.graphite.enabled }} - - name: graphite - containerPort: {{ include "influxdb.graphitePortNumber" . }} - {{- end }} - {{- if .Values.config.collectd.enabled }} - - name: collectd - containerPort: {{ include "influxdb.collectdPortNumber" . }} - protocol: UDP - {{- end }} - {{- if .Values.config.udp.enabled }} - - name: udp - containerPort: {{ include "influxdb.udpPortNumber" . }} - protocol: UDP - {{- end }} - {{- if .Values.config.opentsdb.enabled }} - - name: opentsdb - containerPort: {{ include "influxdb.opentsdbPortNumber" . }} - {{- end }} - - name: rpc - containerPort: {{ include "influxdb.rpcPortNumber" . }} - {{- if .Values.enterprise.enabled }} - - name: meta - containerPort: {{ include "influxdb.metaPortNumber" . }} - {{- end }} - {{- if or .Values.env .Values.setDefaultUser.enabled }} - env: - {{- if .Values.env }} -{{ toYaml .Values.env | indent 10 }} - {{- end }} - {{- if .Values.enterprise.enabled }} - - name: INFLUXDB_HOSTNAME # Values.env's HOSTNAME isn't fundamentally different from $HOSTNAME, but this way weg get a distinguished name at runtime. - value: "$(_HOSTNAME).{{ include "influxdb.fullname" . }}" - {{- end }} - {{- if .Values.setDefaultUser.enabled }} - - name: INFLUXDB_ADMIN_USER - valueFrom: - secretKeyRef: - {{- if .Values.setDefaultUser.user.existingSecret }} - name: {{ .Values.setDefaultUser.user.existingSecret -}} - {{ else }} - name: {{ include "influxdb.fullname" . }}-auth - {{- end }} - key: influxdb-user - - name: INFLUXDB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.setDefaultUser.user.existingSecret }} - name: {{ .Values.setDefaultUser.user.existingSecret -}} - {{ else }} - name: {{ include "influxdb.fullname" . }}-auth - {{- end }} - key: influxdb-password - {{- end }} - {{- end }} - {{- if .Values.envFromSecret }} - envFrom: - - secretRef: - name: {{ .Values.envFromSecret }} - {{- end }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path | default "/ping" }} - port: api - scheme: {{ .Values.livenessProbe.scheme | default "HTTP" }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5 }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path | default "/ping" }} - port: api - scheme: {{ .Values.readinessProbe.scheme | default "HTTP" }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 5 }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 1 }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.startupProbe.path | default "/ping" }} - port: api - scheme: {{ .Values.startupProbe.scheme | default "HTTP" }} - failureThreshold: {{ .Values.startupProbe.failureThreshold | default 6 }} - periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} - {{- end }} - volumeMounts: - - name: {{ include "influxdb.fullname" . }}-data - mountPath: /var/lib/influxdb - - name: config - mountPath: /etc/influxdb - {{- if .Values.initScripts.enabled }} - - name: init - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if .Values.mountPoints }} -{{ toYaml .Values.mountPoints | indent 8 }} - {{- end }} - {{- if .Values.extraContainers }} -{{ toYaml .Values.extraContainers | indent 6}} - {{- end }} - volumes: - - name: config - configMap: - name: {{ include "influxdb.fullname" . }} - {{- if .Values.initScripts.enabled }} - - name: init - configMap: - name: {{ include "influxdb.fullname" . }}-init - {{- end }} - {{- if (not .Values.persistence.enabled ) }} - - name: {{ include "influxdb.fullname" . }}-data - emptyDir: {} - {{- end }} - # Cannot use existing claim in enterprise mode - {{- if and .Values.persistence.enabled .Values.persistence.existingClaim (not .Values.enterprise.enabled) }} - - name: {{ include "influxdb.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim }} - {{- end }} - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 6 }} - {{- end }} - # Must use volume claim template in enterprise mode - {{- if and .Values.persistence.enabled (or (not .Values.persistence.existingClaim) .Values.enterprise.enabled) }} - volumeClaimTemplates: - - metadata: - name: {{ include "influxdb.fullname" . }}-data - {{- if .Values.persistence.annotations }} - annotations: - {{- range $key, $value := .Values.persistence.annotations }} - {{ $key }}: "{{ $value }}" - {{- end }} - {{- end }} - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote}} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- end }} diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/values.yaml b/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/values.yaml deleted file mode 100644 index 73d35976..00000000 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/values.yaml +++ /dev/null @@ -1,313 +0,0 @@ -## influxdb image version -## ref: https://hub.docker.com/r/library/influxdb/tags/ -image: - repository: "influxdb" - tag: "1.8.10-alpine" - pullPolicy: IfNotPresent - ## If specified, use these secrets to access the images - # pullSecrets: - # - registry-secret - - -serviceAccount: - create: true - name: - annotations: {} - -## Customize liveness, readiness and startup probes -## ref: https://docs.influxdata.com/influxdb/v1.8/tools/api/#ping-http-endpoint -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ -## -livenessProbe: {} - # path: "/ping" - # initialDelaySeconds: 30 - # timeoutSeconds: 5 - # scheme: HTTP - -readinessProbe: {} - # path: "/ping" - # initialDelaySeconds: 5 - # timeoutSeconds: 1 - # scheme: HTTP - -securityContext: {} - # runAsUser: 999 - # runAsGroup: 999 - -startupProbe: - enabled: false - # path: "/ping" - # failureThreshold: 6 - # periodSeconds: 5 - # scheme: HTTP - -## Specify a service type and optional port -## NodePort is default -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - ## Add annotations to service - # annotations: {} - type: ClusterIP - # externalIPs: [] - # externalTrafficPolicy: "" - # nodePort(s) value for the LoadBalancer and NodePort service types - nodePorts: - http: "" - -## Persist data to a persistent volume -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - ## influxdb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - annotations: {} - accessMode: ReadWriteOnce - size: 8Gi - -## Deploy InfluxDB Enterprise - License required -## ref: https://www.influxdata.com/products/influxdb-enterprise/ -enterprise: - enabled: false - licensekey: {} - clusterSize: 4 - meta: - image: - ## This image contains the enterprise meta node package for clustering. - ## It is meant to be used in conjunction with the influxdb:data package of the same version. - ## ref: https://hub.docker.com/_/influxdb - tag: meta - clusterSize: 3 - ## seed is hashed and used as `internal-shared-secret` for Meta service. - seed: dead-beef-cafe-bae - ## Configure resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # resources: - # requests: - # memory: 512Mi - # cpu: 2 - # limits: - # memory: 1Gi - # cpu: 4 - -## Set default user -## -setDefaultUser: - enabled: false - user: - ## The user name - ## Default: "admin" - username: "admin" - - ## User password - ## single quotes must be escaped (\') - ## Default: (Randomly generated 10 characters of AlphaNum) - # password: - - ## The user name and password are obtained from an existing secret. The expected - ## keys are `influxdb-user` and `influxdb-password`. - ## If set, the username and password values above are ignored. - # existingSecret: influxdb-auth - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -resources: {} -# requests: -# memory: 256Mi -# cpu: 0.1 -# limits: -# memory: 16Gi -# cpu: 8 - -# Annotations to be added to InfluxDB pods -podAnnotations: {} - -# Labels to be added to InfluxDB pods -podLabels: {} - -ingress: - enabled: false - tls: false - # secretName: my-tls-cert # only needed if tls above is true - hostname: - className: nginx - annotations: {} - # nginx.ingress.kubernetes.io/rewrite-target: $1 - path: / - - -## Add custom volume and volumeMounts -# volumes: -# - name: ssl-cert-volume -# secret: -# secretName: secret-name -# mountPoints: -# - name: ssl-cert-volume -# mountPath: /etc/ssl/certs/selfsigned/ -# readOnly: true - -## Additional containers to be added to the pod. -extraContainers: {} -# - name: my-sidecar -# image: nginx:latest - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -# - key: "key" -# operator: "Equal|Exists" -# value: "value" -# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - -## The InfluxDB image uses several environment variables to automatically -## configure certain parts of the server. -## Ref: https://hub.docker.com/_/influxdb/ -env: {} - # - name: INFLUXDB_DB - # value: "demo" - -## The name of a secret in the same kubernetes namespace which contain values -## to be added to the environment. -## This can be used, for example, to set the INFLUXDB_HTTP_SHARED_SECRET -## environment variable. -envFromSecret: {} - -## InfluxDB configuration -## ref: https://docs.influxdata.com/influxdb/v1.8/administration/config -config: - reporting_disabled: false - rpc: - bind-address: ":8088" - meta: {} - data: {} - coordinator: {} - retention: {} - shard_precreation: {} - monitor: {} - http: - enabled: true - bind-address: ":8086" - flux-enabled: true - logging: {} - subscriber: {} - graphite: {} - collectd: {} - opentsdb: {} - udp: {} - continuous_queries: {} - tls: {} - -# Allow executing custom init scripts -# -# If the container finds any files with the extensions .sh or .iql inside of the -# /docker-entrypoint-initdb.d folder, it will execute them. The order they are -# executed in is determined by the shell. This is usually alphabetical order. -initScripts: - enabled: false - scripts: - init.iql: |+ - CREATE DATABASE "telegraf" WITH DURATION 30d REPLICATION 1 NAME "rp_30d" - -backup: - enabled: false - ## By default emptyDir is used as a transitory volume before uploading to object store. - ## As such, ensure that a sufficient ephemeral storage request is set to prevent node disk filling completely. - resources: - requests: - # memory: 512Mi - # cpu: 2 - ephemeral-storage: "8Gi" - # limits: - # memory: 1Gi - # cpu: 4 - # ephemeral-storage: "16Gi" - ## If backup destination is PVC, or want to use intermediate PVC before uploading to object store. - persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - annotations: - accessMode: ReadWriteOnce - size: 8Gi - schedule: "0 0 * * *" - startingDeadlineSeconds: "" - annotations: {} - podAnnotations: {} - nodeSelector: {} - - ## Google Cloud Storage - # gcs: - # serviceAccountSecret: influxdb-backup-key - # serviceAccountSecretKey: key.json - # destination: gs://bucket/influxdb - - ## Azure - ## Secret is expected to have connection string stored in `connection-string` field - ## Existing container will be used or private one withing storage account will be created. - # azure: - # storageAccountSecret: influxdb-backup-azure-key - # destination_container: influxdb-container - # destination_path: "" - - ## Amazon S3 or compatible - ## Secret is expected to have AWS (or compatible) credentials stored in `credentials` field. - ## Please look at https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-where - ## for the credentials format. - ## The bucket should already exist. - # s3: - # credentialsSecret: aws-credentials-secret - # destination: s3://bucket/path - ## Optional. Specify if you're using an alternate S3 endpoint. - # endpointUrl: "" - -backupRetention: - enabled: false - resources: - requests: - # memory: 512Mi - # cpu: 2 - # limits: - # memory: 1Gi - # cpu: 4 - schedule: "0 0 * * *" - startingDeadlineSeconds: - annotations: {} - podAnnotations: {} - daysToRetain: 7 - # s3: - # credentialsSecret: aws-credentials-secret - # bucketName: bucket - # ## Optional. Specify if you're using an alternate S3 endpoint. - # # endpointUrl: "" diff --git a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/.helmignore b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/.helmignore similarity index 94% rename from .helm-charts/https_helm.influxdata.com/influxdb/4.12.5/.helmignore rename to .helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/.helmignore index f0c13194..fb56657a 100644 --- a/.helm-charts/https_helm.influxdata.com/influxdb/4.12.5/.helmignore +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.lock b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.lock new file mode 100644 index 00000000..7a745546 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.19.1 +digest: sha256:c883732817d9aaa3304f7b3109262aa338959de15b432dc5a2dbde13d2e136a5 +generated: "2024-04-04T14:08:03.545502756Z" diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.yaml new file mode 100644 index 00000000..b9a38b88 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/Chart.yaml @@ -0,0 +1,38 @@ +annotations: + category: Database + images: | + - name: aws-cli + image: docker.io/bitnami/aws-cli:2.15.30-debian-12-r1 + - name: azure-cli + image: docker.io/bitnami/azure-cli:2.59.0-debian-12-r0 + - name: google-cloud-sdk + image: docker.io/bitnami/google-cloud-sdk:0.471.0-debian-12-r1 + - name: influxdb + image: docker.io/bitnami/influxdb:2.7.6-debian-12-r2 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r18 + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.7.6 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: InfluxDB(TM) is an open source time-series database. It is a core component + of the TICK (Telegraf, InfluxDB(TM), Chronograf, Kapacitor) stack. +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/influxdb/img/influxdb-stack-220x234.png +keywords: +- influxdb +- tick +- database +- timeseries +maintainers: +- name: VMware, Inc. + url: https://github.com/bitnami/charts +name: influxdb +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/influxdb +version: 6.0.8 diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/README.md b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/README.md new file mode 100644 index 00000000..7c6c7e5d --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/README.md @@ -0,0 +1,607 @@ + + +# Bitnami Stack for InfluxDB(TM) + +InfluxDB(TM) is an open source time-series database. It is a core component of the TICK (Telegraf, InfluxDB(TM), Chronograf, Kapacitor) stack. + +[Overview of InfluxDB™](https://www.influxdata.com/products/influxdb-overview) + +InfluxDB(TM) is a trademark owned by InfluxData, which is not affiliated with, and does not endorse, this site. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/influxdb +``` + +Looking to use InfluxDB™ in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +This chart bootstraps a [influxdb](https://github.com/bitnami/containers/tree/main/bitnami/influxdb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/influxdb +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +These commands deploy influxdb on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +This chart installs a deployment with the following configuration: + +```text + ------------------ + | Ingress | + | Controller | + ------------------ + | + | /query + | /write + \/ + ---------------- + | InfluxDB(TM) | + | svc | + ---------------- + | + \/ + -------------- + | InfluxDB(TM) | + | Server | + | Pod | + -------------- +``` + +### Configure the way how to expose InfluxDB™ + +- **Ingress**: The ingress controller must be installed in the Kubernetes cluster. Set `ingress.enabled=true` to expose InfluxDB™ through Ingress. +- **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. Set `influxdb.service.type=ClusterIP` to choose this service type. +- **NodePort**: Exposes the service on each Node's IP at a static port (the NodePort). You'll be able to contact the NodePort service, from outside the cluster, by requesting `NodeIP:NodePort`. Set `influxdb.service.type=NodePort` to choose this service type. +- **LoadBalancer**: Exposes the service externally using a cloud provider's load balancer. Set `influxdb.service.type=LoadBalancer` to choose this service type. + +### Using custom configuration + +This helm chart supports to customize the whole configuration file. + +Add your custom configuration file to "files/conf" in your working directory. This file will be mounted as a configMap to the containers and it will be used for configuring InfluxDB™. + +Alternatively, you can specify the InfluxDB™ configuration using the `influxdb.configuration` parameter. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `influxdb.existingConfiguration` parameter. Note that this will override the two previous options. + +### Adding extra environment variables + +In case you want to add extra environment variables, you can use the `influxdb.extraEnvVars` property. + +```yaml +extraEnvVars: + - name: INFLUXDB_DATA_QUERY_LOG_ENABLED + value: "true" +``` + +### Initialize a fresh instance + +The [Bitnami InfluxDB™](https://github.com/bitnami/containers/tree/main/bitnami/influxdb) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `influxdb.initdbScripts` parameter. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `influxdb.initdbScriptsCM` parameter. Note that this will override the two previous options. parameter. + +The allowed extensions are `.sh`, and `.txt`. + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Persistence + +The data is persisted by default using PVC(s). You can disable the persistence setting the `persistence.enabled` parameter to `false`. +A default `StorageClass` is needed in the Kubernetes cluster to dynamically provision the volumes. Specify another StorageClass in the `persistence.storageClass` or set `persistence.existingClaim` if you have already existing persistent volumes to use. + +### Adjust permissions of persistent volume mountpoint + +As the images run as non-root by default, it is necessary to adjust the ownership of the persistent volumes so that the containers can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. +As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. + +You can enable this **initContainer** by setting `volumePermissions.enabled` to `true`. +There are K8s distribution, such as OpenShift, where you can dynamically define the UID to run this **initContainer**. To do so, set the `volumePermissions.securityContext.runAsUser` to `auto`. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global storage class for dynamic provisioning | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override influxdb.fullname template with a string (will prepend the release name) | `""` | +| `fullnameOverride` | String to fully override influxdb.fullname template with a string | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + +### InfluxDB™ parameters + +| Name | Description | Value | +| ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | InfluxDB™ image registry | `REGISTRY_NAME` | +| `image.repository` | InfluxDB™ image repository | `REPOSITORY_NAME/influxdb` | +| `image.digest` | InfluxDB™ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | InfluxDB™ image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `auth.enabled` | Enable/disable authentication (Variable to keep compatibility with InfluxDB™ v1, in v2 it will be ignored) | `true` | +| `auth.usePasswordFiles` | Whether to use files to provide secrets instead of env vars. | `false` | +| `auth.admin.username` | InfluxDB™ admin user name | `admin` | +| `auth.admin.password` | InfluxDB™ admin user's password | `""` | +| `auth.admin.token` | InfluxDB™ admin user's token. Only valid with InfluxDB™ v2 | `""` | +| `auth.admin.org` | InfluxDB™ admin user's org. Only valid with InfluxDB™ v2 | `primary` | +| `auth.admin.bucket` | InfluxDB™ admin user's bucket. Only valid with InfluxDB™ v2 | `primary` | +| `auth.admin.retention` | InfluxDB™ admin user's bucket retention. Only valid with InfluxDB™ v2 | `""` | +| `auth.createUserToken` | Whether to create tokens for the different users. Take into account these tokens are going to be created by CLI randomly and they will not be accessible from a secret. See more influxdb 2.0 [auth ref](https://docs.influxdata.com/influxdb/v2.0/security/tokens/) | `false` | +| `auth.user.username` | Name for InfluxDB™ user with 'admin' privileges on the bucket specified at `auth.user.bucket` and `auth.user.org` or `auth.admin.org` | `""` | +| `auth.user.password` | InfluxDB™ password for `user.name` user | `""` | +| `auth.user.org` | Org to be created on first run | `""` | +| `auth.user.bucket` | Bucket to be created on first run | `""` | +| `auth.readUser.username` | Name for InfluxDB™ user with 'read' privileges on the bucket specified at `auth.user.bucket` | `""` | +| `auth.readUser.password` | InfluxDB™ password for `auth.readUser.username` user | `""` | +| `auth.writeUser.username` | Name for InfluxDB™ user with 'read' privileges on the bucket specified at `auth.user.bucket` | `""` | +| `auth.writeUser.password` | InfluxDB™ password for `auth.writeUser.username` user | `""` | +| `auth.existingSecret` | Name of existing Secret object with InfluxDB™ credentials (`auth.admin.password`, `auth.user.password`, `auth.readUser.password`, and `auth.writeUser.password` will be ignored and picked up from this secret) | `""` | +| `influxdb.configuration` | Specify content for influxdb.conf | `""` | +| `influxdb.existingConfiguration` | Name of existing ConfigMap object with the InfluxDB™ configuration (`influxdb.configuration` will be ignored). | `""` | +| `influxdb.initdbScripts` | Dictionary of initdb scripts | `{}` | +| `influxdb.initdbScriptsCM` | Name of existing ConfigMap object with the initdb scripts (`influxdb.initdbScripts` will be ignored). | `""` | +| `influxdb.initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`) | `""` | +| `influxdb.podAffinityPreset` | InfluxDB™ Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `influxdb.podAntiAffinityPreset` | InfluxDB™ Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `influxdb.nodeAffinityPreset.type` | InfluxDB™ Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `influxdb.nodeAffinityPreset.key` | InfluxDB™ Node label key to match Ignored if `affinity` is set. | `""` | +| `influxdb.nodeAffinityPreset.values` | InfluxDB™ Node label values to match. Ignored if `affinity` is set. | `[]` | +| `influxdb.affinity` | InfluxDB™ Affinity for pod assignment | `{}` | +| `influxdb.nodeSelector` | InfluxDB™ Node labels for pod assignment | `{}` | +| `influxdb.tolerations` | InfluxDB™ Tolerations for pod assignment | `[]` | +| `influxdb.podAnnotations` | Annotations for InfluxDB™ pods | `{}` | +| `influxdb.podLabels` | Extra labels for InfluxDB™ pods | `{}` | +| `influxdb.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `influxdb.hostAliases` | InfluxDB™ pods host aliases | `[]` | +| `influxdb.updateStrategy.type` | InfluxDB™ statefulset/deployment strategy type | `RollingUpdate` | +| `influxdb.priorityClassName` | InfluxDB™ pods' priorityClassName | `""` | +| `influxdb.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `influxdb.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `influxdb.podManagementPolicy` | podManagementPolicy to manage scaling operation of InfluxDB™ pods | `OrderedReady` | +| `influxdb.podSecurityContext.enabled` | Enabled InfluxDB™ pods' Security Context | `true` | +| `influxdb.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `influxdb.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `influxdb.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `influxdb.podSecurityContext.fsGroup` | Set InfluxDB™ pod's Security Context fsGroup | `1001` | +| `influxdb.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `influxdb.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `influxdb.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `influxdb.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `influxdb.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `influxdb.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `influxdb.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `influxdb.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `influxdb.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `influxdb.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `influxdb.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). | `nano` | +| `influxdb.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `influxdb.command` | Override default container command (useful when using custom images) | `[]` | +| `influxdb.args` | Override default container args (useful when using custom images) | `[]` | +| `influxdb.lifecycleHooks` | for the InfluxDB™ container(s) to automate configuration before or after startup | `{}` | +| `influxdb.extraEnvVars` | Array containing extra env vars to configure InfluxDB™ | `[]` | +| `influxdb.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for InfluxDB™ nodes | `""` | +| `influxdb.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for InfluxDB™ nodes | `""` | +| `influxdb.extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting extraVolumeMounts | `[]` | +| `influxdb.extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with extraVolumes. | `[]` | +| `influxdb.containerPorts.http` | InfluxDB™ container HTTP port | `8086` | +| `influxdb.containerPorts.rpc` | InfluxDB™ container RPC port | `8088` | +| `influxdb.startupProbe.enabled` | Enable startupProbe | `false` | +| `influxdb.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `180` | +| `influxdb.startupProbe.periodSeconds` | Period seconds for startupProbe | `45` | +| `influxdb.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `30` | +| `influxdb.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `influxdb.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `influxdb.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `influxdb.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | +| `influxdb.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `45` | +| `influxdb.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `influxdb.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `influxdb.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `influxdb.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `influxdb.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `influxdb.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `45` | +| `influxdb.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `influxdb.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `influxdb.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `influxdb.customStartupProbe` | Override default startup probe | `{}` | +| `influxdb.customLivenessProbe` | Override default liveness probe | `{}` | +| `influxdb.customReadinessProbe` | Override default readiness probe | `{}` | +| `influxdb.sidecars` | Add additional sidecar containers to the InfluxDB™ pod(s) | `[]` | +| `influxdb.initContainers` | Add additional init containers to the InfluxDB™ pod(s) | `[]` | +| `influxdb.service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` | +| `influxdb.service.ports.http` | InfluxDB™ HTTP port | `8086` | +| `influxdb.service.ports.rpc` | InfluxDB™ RPC port | `8088` | +| `influxdb.service.nodePorts` | Specify the nodePort(s) value for the LoadBalancer and NodePort service types. | `{}` | +| `influxdb.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | +| `influxdb.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `influxdb.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `influxdb.service.externalTrafficPolicy` | InfluxDB™ service external traffic policy | `Cluster` | +| `influxdb.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `influxdb.service.annotations` | Annotations for InfluxDB™ service | `{}` | +| `influxdb.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `influxdb.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + +### InfluxDB Collectd™ parameters + +| Name | Description | Value | +| ------------------------------------------- | ----------------------------------------------------------------------------------------- | ----------- | +| `collectd.enabled` | InfluxDB Collectd™ service enable | `false` | +| `collectd.service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` | +| `collectd.service.port` | InfluxDB Collectd™ UDP port (should match with corresponding port in influxdb.conf) | `25826` | +| `collectd.service.nodePort` | Kubernetes HTTP node port | `""` | +| `collectd.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | +| `collectd.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `collectd.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `collectd.service.externalTrafficPolicy` | InfluxDB Collectd™ service external traffic policy | `Cluster` | +| `collectd.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `collectd.service.annotations` | Annotations for InfluxDB Collectd™ service | `{}` | +| `collectd.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `collectd.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + +### Exposing parameters + +| Name | Description | Value | +| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.tls` | Create TLS Secret | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress resource (evaluated as template) | `influxdb.local` | +| `ingress.path` | Ingress path*' in order to use this | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraPaths` | Additional arbitrary path/backend objects | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | + +### Metrics parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` | +| `metrics.service.port` | InfluxDB™ Prometheus port | `9122` | +| `metrics.service.nodePort` | Kubernetes HTTP node port | `""` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | +| `metrics.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `metrics.service.annotations` | Annotations for the Prometheus metrics service | `{}` | +| `metrics.service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `persistence.enabled` | Enable data persistence | `true` | +| `persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | +| `persistence.accessModes` | Access mode of data volume | `["ReadWriteOnce"]` | +| `persistence.size` | Size of data volume | `8Gi` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | + +### Volume permissions parameters + +| Name | Description | Value | +| -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | + +### InfluxDB™ backup parameters + +| Name | Description | Value | +| ------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | +| `backup.enabled` | Enable InfluxDB™ backup | `false` | +| `backup.directory` | Directory where backups are stored | `/backups` | +| `backup.retentionDays` | Retention time in days for backups (older backups are deleted) | `10` | +| `backup.cronjob.schedule` | Schedule in Cron format to save snapshots | `0 2 * * *` | +| `backup.cronjob.historyLimit` | Number of successful finished jobs to retain | `1` | +| `backup.cronjob.podAnnotations` | Pod annotations | `{}` | +| `backup.cronjob.podSecurityContext.enabled` | Enable security context for InfluxDB™ backup pods | `true` | +| `backup.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `backup.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the InfluxDB™ filesystem | `1001` | +| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `backup.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `backup.cronjob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). | `none` | +| `backup.cronjob.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `backup.podAffinityPreset` | Backup ™ Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `backup.podAntiAffinityPreset` | Backup™ Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `backup.nodeAffinityPreset.type` | Backup™ Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `backup.nodeAffinityPreset.key` | Backup™ Node label key to match Ignored if `affinity` is set. | `""` | +| `backup.nodeAffinityPreset.values` | Backup™ Node label values to match. Ignored if `affinity` is set. | `[]` | +| `backup.affinity` | Backup™ Affinity for backup pod assignment | `{}` | +| `backup.nodeSelector` | Backup™ Node labels for backup pod assignment | `{}` | +| `backup.tolerations` | Backup™ Tolerations for backup pod assignment | `[]` | +| `backup.uploadProviders.google.enabled` | enable upload to google storage bucket | `false` | +| `backup.uploadProviders.google.secret` | json secret with serviceaccount data to access Google storage bucket | `""` | +| `backup.uploadProviders.google.secretKey` | service account secret key name | `key.json` | +| `backup.uploadProviders.google.existingSecret` | Name of existing secret object with Google serviceaccount json credentials | `""` | +| `backup.uploadProviders.google.bucketName` | google storage bucket name name | `gs://bucket/influxdb` | +| `backup.uploadProviders.google.image.registry` | Google Cloud SDK image registry | `REGISTRY_NAME` | +| `backup.uploadProviders.google.image.repository` | Google Cloud SDK image name | `REPOSITORY_NAME/google-cloud-sdk` | +| `backup.uploadProviders.google.image.digest` | Google Cloud SDK image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `backup.uploadProviders.google.image.pullPolicy` | Google Cloud SDK image pull policy | `IfNotPresent` | +| `backup.uploadProviders.google.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `backup.uploadProviders.google.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). | `none` | +| `backup.uploadProviders.google.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `backup.uploadProviders.azure.enabled` | Enable upload to azure storage container | `false` | +| `backup.uploadProviders.azure.secret` | Secret with credentials to access Azure storage | `""` | +| `backup.uploadProviders.azure.secretKey` | Service account secret key name | `connection-string` | +| `backup.uploadProviders.azure.existingSecret` | Name of existing secret object | `""` | +| `backup.uploadProviders.azure.containerName` | Destination container | `influxdb-container` | +| `backup.uploadProviders.azure.image.registry` | Azure CLI image registry | `REGISTRY_NAME` | +| `backup.uploadProviders.azure.image.repository` | Azure CLI image repository | `REPOSITORY_NAME/azure-cli` | +| `backup.uploadProviders.azure.image.digest` | Azure CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `backup.uploadProviders.azure.image.pullPolicy` | Azure CLI image pull policy | `IfNotPresent` | +| `backup.uploadProviders.azure.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `backup.uploadProviders.azure.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). | `none` | +| `backup.uploadProviders.azure.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `backup.uploadProviders.aws.enabled` | Enable upload to aws s3 bucket | `false` | +| `backup.uploadProviders.aws.accessKeyID` | Access Key ID to access aws s3 | `""` | +| `backup.uploadProviders.aws.secretAccessKey` | Secret Access Key to access aws s3 | `""` | +| `backup.uploadProviders.aws.region` | Region of aws s3 bucket | `us-east-1` | +| `backup.uploadProviders.aws.existingSecret` | Name of existing secret object | `""` | +| `backup.uploadProviders.aws.bucketName` | aws s3 bucket name | `s3://bucket/influxdb` | +| `backup.uploadProviders.aws.endpoint` | aws s3 endpoint, no value default public endpoint aws s3 endpoint | `""` | +| `backup.uploadProviders.aws.image.registry` | AWS CLI image registry | `REGISTRY_NAME` | +| `backup.uploadProviders.aws.image.repository` | AWS CLI image repository | `REPOSITORY_NAME/aws-cli` | +| `backup.uploadProviders.aws.image.digest` | AWS CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `backup.uploadProviders.aws.image.pullPolicy` | AWS CLI image pull policy | `IfNotPresent` | +| `backup.uploadProviders.aws.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `backup.uploadProviders.aws.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). | `none` | +| `backup.uploadProviders.aws.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `auth.admin.password`, `user.pwd`, `auth.readUser.password` and `auth.writeUser.password` parameters when upgrading the chart: + +```console +helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/influxdb \ + --set auth.admin.password=[ADMIN_USER_PASSWORD] \ + --set auth.user.password=[USER_PASSWORD] \ + --set auth.readUser.password=[READ_USER_PASSWORD] \ + --set auth.writeUser.password=[WRITE_USER_PASSWORD] +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> Note: you need to substitute the placeholders _[ADMIN_USER_PASSWORD]_, _[USER_PASSWORD]_, _[READ_USER_PASSWORD]_, and _[WRITE_USER_PASSWORD]_ with the values obtained from instructions in the installation notes. + +### To 6.0.0 + +This major bump changes the following security defaults: + +- `runAsGroup` is changed from `0` to `1001` +- `readOnlyRootFilesystem` is set to `true` +- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). +- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. + +This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. + +### To 5.0.0 + +This major release completely removes support for InfluxDB Relay™ because the component is [no longer maintained](https://github.com/influxdata/influxdb-relay/issues/81#issuecomment-824207830) by the original developers. As a consequence, the "high-availability" architecture feature is no longer supported. + +To update from the previous major, please follow this steps: + +```console +kubectl delete deployments.apps influxdb +helm upgrade influxdb oci://REGISTRY_NAME/REPOSITORY_NAME/influxdb +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +### To 4.0.0 + +This major release completely removes support for InfluxDB™ branch 1.x.x. You can use images for versions ~1.x.x taking into account the chart may need some modification to run with them. + +If you were using InfluxDB™ +2.0 no issues are expected during upgrade. + +### To 3.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +Affected values: + +- `influxdb.service.port` was deprecated, we recommend using `influxdb.service.ports.http` instead. +- `influxdb.service.rpcPort` was deprecated, we recommend using `influxdb.service.ports.rpc` instead. +- `relay.service.port` was deprecated, we recommend using `relay.service.ports.http` instead. +- `relay.service.nodePort` was renamed as `relay.service.nodePorts.http`. +- `influxdb.securityContext` split into `influxdb.containerSecurityContext` and `influxdb.podSecurityContext`. +- `relay.securityContext` split into `relay.containerSecurityContext` and `relay.podSecurityContext`. +- `influxdb.updateStrategy` and `relay.updateStrategy`changed from String type (previously default to 'rollingUpdate') to Object type, allowing users to configure other updateStrategy parameters, similar to other charts. + +### To 2.0.0 + +This version adds support to InfluxDB™ +2.0, since this version the chart is only verified to work with InfluxDB™ +2.0 bitnami images. +However, you can use images for versions ~1.x.x taking into account the chart may need some modification to run with them. + +#### Installing InfluxDB™ v1 in chart v2 + +```console +helm install oci://REGISTRY_NAME/REPOSITORY_NAME/influxdb --set image.tag=1.8.3-debian-10-r88 +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +As a consecuece some breaking changes have been included in this version. + +- Authentication values has been moved to `auth....`. +- We keep `auth.readUser` and `auth.writeUser` user options in order to be compatible with InfluxDB™ v1. If you are using InfluxDB™ 2.0, please, use the CLI to create user and tokens through initDb scripts at `influxdb.initdbScripts` or the UI due to we are not able to automacally provide a token for them to be used. See more [InfluxDB™ 2.0 auth](https://docs.influxdata.com/influxdb/v2.0/security/tokens/) +- InfluxDB™ 2.0 has removed database concept, now it is called Bucket so the property `database` has been also moved to `auth.user.bucket`. +- Removed support for `files/docker-entrypoint-initdb.d/*.{sh,txt}`, please use `.influxdb.initdbScripts` or `.Values.influxdb.initdbScriptsCM` instead. +- Removed support for `files/conf/influxdb.conf`, please use `.influxdb.configuration` or `.influxdb.existingConfiguration` instead. +- Removed support for `files/conf/relay.toml`, please use `.Values.relay.configuration` or `.Values.relay.existingConfiguration` instead. +- `ingress.hosts` parameter has been replaced by `ingress.hostname` and `ingress.extraHosts` that may give us a bit more flexibility. + +#### Migrating form InfluxDB™ v1 to v2 + +Since this release could mean lot of concepts changes, we strongly recommend to not do it direcly using the chart upgrade. Please, read more info in their [upgrade guide](https://docs.influxdata.com/influxdb/v2.0/upgrade/v1-to-v2/). + +We actually recommend to backup all the data form a previous helm release, install new release using latest version of the chart and images and then restore data following their guides. + +#### Upgrading the chart form 1.x.x to 2.x.x using InfluxDB™ v1 images + +> NOTE: Please, create a backup of your database before running any of those actions. + +Having an already existing chart release called `influxdb` and deployed like + +```console +helm install influxdb oci://REGISTRY_NAME/REPOSITORY_NAME/influxdb +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +##### Export secrets and required values to update + +```console +export INFLUXDB_ADMIN_PASSWORD=$(kubectl get secret --namespace default influxdb -o jsonpath="{.data.admin-user-password}" | base64 -d) +``` + +##### Upgrade the chart release + +> NOTE: Please remember to migrate all the values to its new path following the above notes, e.g: `adminUser.pwd` -> `auth.admin.password`. + +```console +helm upgrade influxdb oci://REGISTRY_NAME/REPOSITORY_NAME/influxdb --set image.tag=1.8.3-debian-10-r99 \ + --set auth.admin.password=${INFLUXDB_ADMIN_PASSWORD} +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +### To 1.1.0 + +This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- The different fields present in the _Chart.yaml_ file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/.helmignore b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/.helmignore new file mode 100644 index 00000000..7c7c21d6 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# img folder +img/ diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/Chart.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/Chart.yaml new file mode 100644 index 00000000..8d0e5469 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.19.1 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://bitnami.com +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: VMware, Inc. + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts +type: library +version: 2.19.1 diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/README.md b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/README.md new file mode 100644 index 00000000..0d01a1e0 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/README.md @@ -0,0 +1,235 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts +``` + +```console +helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Parameters + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_affinities.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..e85b1df4 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_capabilities.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..115674af --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_capabilities.tpl @@ -0,0 +1,229 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admissionConfiguration.supported" -}} +{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_compatibility.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_compatibility.tpl new file mode 100644 index 00000000..17665d56 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_compatibility.tpl @@ -0,0 +1,39 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "common.compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "common.compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} +{{- if .context.Values.global.compatibility -}} + {{- if .context.Values.global.compatibility.openshift -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_errors.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_errors.tpl new file mode 100644 index 00000000..07ded6f6 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_images.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_images.tpl new file mode 100644 index 00000000..1bcb779d --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_images.tpl @@ -0,0 +1,117 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_ingress.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..efa5b85c --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_labels.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_labels.tpl new file mode 100644 index 00000000..d90a6cdc --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_labels.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_names.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_names.tpl new file mode 100644 index 00000000..a222924f --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_resources.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_resources.tpl new file mode 100644 index 00000000..030fa1a9 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "common.resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "common.resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_secrets.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..84dbe380 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_secrets.tpl @@ -0,0 +1,182 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. + - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. + - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | b64dec }} + {{- else if not (eq .failOnNew false) }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} +{{- end -}} +{{- if not .skipB64enc }} +{{- $password = $password | b64enc }} +{{- end -}} +{{- if .skipQuote -}} +{{- printf "%s" $password -}} +{{- else -}} +{{- printf "%s" $password | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_storage.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_storage.tpl new file mode 100644 index 00000000..16405a0f --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_storage.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_tplvalues.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..a8ed7637 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_utils.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_utils.tpl new file mode 100644 index 00000000..bfbddf05 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_utils.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_warnings.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..0f763cd8 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/_warnings.tpl @@ -0,0 +1,82 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers +{{- end }} +{{- end -}} + +{{/* +Warning about not setting the resource object in all deployments. +Usage: +{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} +Example: +{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} +The list in the example assumes that the following values exist: + - csiProvider.provider.resources + - server.resources + - volumePermissions.resources + - resources +*/}} +{{- define "common.warnings.resources" -}} +{{- $values := .context.Values -}} +{{- $printMessage := false -}} +{{ $affectedSections := list -}} +{{- range .sections -}} + {{- if eq . "" -}} + {{/* Case where the resources section is at the root (one main deployment in the chart) */}} + {{- if not (index $values "resources") -}} + {{- $affectedSections = append $affectedSections "resources" -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} + {{- $keys := split "." . -}} + {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} + {{- $section := $values -}} + {{- range $keys -}} + {{- $section = index $section . -}} + {{- end -}} + {{- if not (index $section "resources") -}} + {{/* If the section has enabled=false or replicaCount=0, do not include it */}} + {{- if and (hasKey $section "enabled") -}} + {{- if index $section "enabled" -}} + {{/* enabled=true */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else if and (hasKey $section "replicaCount") -}} + {{/* We need a casting to int because number 0 is not treated as an int by default */}} + {{- if (gt (index $section "replicaCount" | int) 0) -}} + {{/* replicaCount > 0 */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Default case, add it to the affected sections */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: +{{- range $affectedSections }} + - {{ . }} +{{- end }} ++info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +{{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_cassandra.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..eda9aada --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mariadb.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..17d83a2f --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mongodb.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..bbb445b8 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mysql.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 00000000..ca3953f8 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_postgresql.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..8c9aa570 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_redis.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..fc0d208d --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_validations.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..31ceda87 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/values.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/values.yaml new file mode 100644 index 00000000..9abe0e15 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/charts/common/values.yaml @@ -0,0 +1,8 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/conf/README.md b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/conf/README.md new file mode 100644 index 00000000..ea46eb89 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/conf/README.md @@ -0,0 +1,7 @@ +# How to use this folder + +Place your InfluxDB™ configuration file here. These will not be used in case the value *existingConfiguration* is used. + +More information can be found in the link below: + +- [InfluxDB™ Configuration File](https://github.com/bitnami/containers/tree/main/bitnami/influxdb#configuration-file) diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/docker-entrypoint-initdb.d/README.md b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 00000000..1bb42f86 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,5 @@ +# How to use this folder + +You can copy here your custom `.sh` or `.txt` files so they are executed during the first boot of the image. + +More info in the [influxdb](https://github.com/bitnami/containers/tree/main/bitnami/influxdb#initializing-a-new-instance) container README. diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/NOTES.txt b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/NOTES.txt new file mode 100644 index 00000000..82cf3c4b --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/NOTES.txt @@ -0,0 +1,143 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/influxdb/entrypoint.sh /opt/bitnami/scripts/influxdb/run.sh + +{{- else }} + +InfluxDB™ can be accessed through following DNS names from within your cluster: + + InfluxDB™: {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }}) + {{- if .Values.metrics.enabled }} + InfluxDB™ Prometheus Metrics: {{ include "common.names.fullname" . }}-metrics.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.metrics.service.port }}) + {{- end }} + +{{- if .Values.authEnabled }} + +To get the password for the {{ .Values.auth.admin.username }} user, run: + + export ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "influxdb.secretName" . }} -o jsonpath="{.data.admin-user-password}" | base64 -d) + +{{- if .Values.auth.user.username }} + +To get the password for the {{ .Values.auth.user.username }} user, run: + + export USER_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "influxdb.secretName" . }} -o jsonpath="{.data.user-password}" | base64 -d) + +{{- end }} +{{- if .Values.auth.readUser.username }} + +To get the password for the {{ .Values.auth.readUser.username }} user, run: + + export READ_USER_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "influxdb.secretName" . }} -o jsonpath="{.data.read-user-password}" | base64 -d) + +{{- end }} +{{- if .Values.auth.writeUser.username }} + +To get the password for the {{ .Values.auth.writeUser.username }} user, run: + + export WRITE_USER_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "influxdb.secretName" . }} -o jsonpath="{.data.write-user-password}" | base64 -d) + +{{- end }} +{{- end }} + +To connect to your database run the following commands: + + kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} {{ if .Values.authEnabled }}--env="INFLUX_USERNAME={{ .Values.auth.admin.username }}" --env="INFLUX_PASSWORD=$ADMIN_PASSWORD"{{ end }} \ + {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ include "common.names.fullname" . }}-client=true" {{ end }}--image {{ include "influxdb.image" . }} \ + --command -- influx -host {{ include "common.names.fullname" . }} -port {{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }} + +{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + +Note: Since NetworkPolicy is enabled, only pods with label "{{ include "common.names.fullname" . }}-client=true" will be able to connect to InfluxDB™ server(s). + +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if .Values.ingress.enabled }} +{{- $ingressHost := (tpl .Values.ingress.hostname .) }} + {{- if .Values.ingress.extraHosts }} + You should be able to access your new InfluxDB™ server(s) through: + {{- end }} + {{- range .Values.ingress.extraHosts }} + {{ if .tls }}https{{- else }}http{{ end }}://{{ .name }} + {{- end }} + + e.g.: + + {{ if .Values.authEnabled }}INFLUX_USERNAME="{{ .Values.auth.admin.username }}" INFLUX_PASSWORD="$ADMIN_PASSWORD"{{ end }} influx -host {{ $ingressHost }} -port 80 + +{{- else if contains "NodePort" .Values.influxdb.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + {{- if .Values.authEnabled }}INFLUX_USERNAME="{{ .Values.auth.admin.username }}" INFLUX_PASSWORD="$ADMIN_PASSWORD"{{- end }} influx -host $NODE_IP -port $NODE_PORT + +{{- else if contains "LoadBalancer" .Values.influxdb.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + {{- if .Values.authEnabled }}INFLUX_USERNAME="{{ .Values.auth.admin.username }}" INFLUX_PASSWORD="$ADMIN_PASSWORD"{{- end }} influx -host $SERVICE_IP -port {{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }} + +{{- else if contains "ClusterIP" .Values.influxdb.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8086:{{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }} & + {{- if .Values.authEnabled }}INFLUX_USERNAME="{{ .Values.auth.admin.username }}" INFLUX_PASSWORD="$ADMIN_PASSWORD"{{- end }} influx -host 127.0.0.1 -port 8086 + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.backup.uploadProviders.google.image }} +{{- include "common.warnings.rollingTag" .Values.backup.uploadProviders.azure.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} + +{{- $passwordValueConfigs := list -}} +{{- if not .Values.auth.existingSecret -}} + {{- $secretName := include "influxdb.secretName" . -}} + + {{- $adminPasswordConfig := dict "valueKey" "auth.admin.password" "secret" $secretName "field" "admin-user-password" "context" $ -}} + {{- $passwordValueConfigs = append $passwordValueConfigs $adminPasswordConfig -}} + {{- $adminTokenConfig := dict "valueKey" "auth.admin.token" "secret" $secretName "field" "admin-user-token" "context" $ -}} + {{- $passwordValueConfigs = append $passwordValueConfigs $adminTokenConfig -}} + + {{- if .Values.auth.user.username }} + {{- $userPasswordConfig := dict "valueKey" "auth.user.password" "secret" $secretName "field" "user-password" "context" $ -}} + {{- $passwordValueConfigs = append $passwordValueConfigs $userPasswordConfig -}} + {{- end }} + {{- if .Values.auth.readUser.username }} + {{- $readUserPasswordConfig := dict "valueKey" "auth.readUser.password" "secret" $secretName "field" "read-user-password" "context" $ -}} + {{- $passwordValueConfigs = append $passwordValueConfigs $readUserPasswordConfig -}} + {{- end }} + {{- if .Values.auth.writeUser.username }} + {{- $writeUserPasswordConfig := dict "valueKey" "auth.writeUser.password" "secret" $secretName "field" "write-user-password" "context" $ -}} + {{- $passwordValueConfigs = append $passwordValueConfigs $writeUserPasswordConfig -}} + {{- end }} +{{- end -}} + +{{- $passwordValidationErrors := include "common.validations.values.multiple.empty" (dict "required" $passwordValueConfigs "context" $) -}} +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} + +{{- end }} +{{- include "common.warnings.resources" (dict "sections" (list "influxdb") "context" $) }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/_helpers.tpl b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/_helpers.tpl new file mode 100644 index 00000000..12a35ebb --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/_helpers.tpl @@ -0,0 +1,111 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + + +{{/* +Return the proper InfluxDB™ image name +*/}} +{{- define "influxdb.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper init container volume-permissions image name +*/}} +{{- define "influxdb.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper gcloud-sdk image name +*/}} +{{- define "gcloudSdk.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.backup.uploadProviders.google.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper azure-cli image name +*/}} +{{- define "azureCli.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.backup.uploadProviders.azure.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper aws-cli image name +*/}} +{{- define "awsCli.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.backup.uploadProviders.aws.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "influxdb.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.backup.uploadProviders.google.image .Values.backup.uploadProviders.azure.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "influxdb.serviceAccountName" -}} +{{- if or .Values.serviceAccount.enabled .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the InfluxDB™ credentials secret. +*/}} +{{- define "influxdb.secretName" -}} +{{- if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the InfluxDB™ configuration configmap. +*/}} +{{- define "influxdb.configmapName" -}} +{{- if .Values.influxdb.existingConfiguration -}} + {{- printf "%s" (tpl .Values.influxdb.existingConfiguration $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the InfluxDB™ PVC name. +*/}} +{{- define "influxdb.claimName" -}} +{{- if .Values.persistence.existingClaim }} + {{- printf "%s" (tpl .Values.persistence.existingClaim $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the InfluxDB™ initialization scripts configmap. +*/}} +{{- define "influxdb.initdbScriptsConfigmapName" -}} +{{- if .Values.influxdb.initdbScriptsCM -}} + {{- printf "%s" (tpl .Values.influxdb.initdbScriptsCM $) -}} +{{- else -}} + {{- printf "%s-initdb-scripts" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the InfluxDB™ initialization scripts secret. +*/}} +{{- define "influxdb.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.influxdb.initdbScriptsSecret $) -}} +{{- end -}} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-backup.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-backup.yaml new file mode 100644 index 00000000..6235e01f --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-backup.yaml @@ -0,0 +1,70 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.backup.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.sh: |- + #!/bin/bash + + set -e + + . /opt/bitnami/scripts/libinfluxdb.sh + + DATE="$(date +%Y%m%d_%H%M%S)" + + host="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc" + + get_orgs() { + INFLUX_TOKEN="${INFLUXDB_ADMIN_USER_TOKEN}" influx org list --host "http://${host}:{{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }}" 2> /dev/null | grep -v 'ID' | awk -F '\t' 'BEGIN{ORS=" "} {print $2}' + } + + get_databases() { + local org_name="${1:-}" + INFLUX_TOKEN="${INFLUXDB_ADMIN_USER_TOKEN}" influx bucket list --host "http://${host}:{{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }}" --org "${org_name}" 2> /dev/null | grep -v 'ID' | awk -F '\t' 'BEGIN{ORS=" "} {print $2}' + } + + for ORG in $(get_orgs); do + echo "finding buckets in org ${ORG}" + for BUCKET in $(get_databases "${ORG}"); do + backup_dir="{{ .Values.backup.directory }}/${ORG}/${BUCKET}" + echo "backuping ${BUCKET} bucket to ${backup_dir}" + mkdir -p "${backup_dir}" + + INFLUX_TOKEN="${INFLUXDB_ADMIN_USER_TOKEN}" influx backup --host "http://${host}:{{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }}" --bucket "${BUCKET}" "${backup_dir}/${DATE}" + done + done + + echo "deleting old backups" + find {{ .Values.backup.directory }} -mindepth 3 -maxdepth 3 -not -name ".snapshot" -not -name "lost+found" -type d -mtime +{{ .Values.backup.retentionDays }} -exec rm -r {} \; + upload-google.sh: |- + #!/bin/sh + + set -e + + gcloud auth activate-service-account --key-file /var/secrets/google/{{ .Values.backup.uploadProviders.google.secretKey }} + gsutil -m rsync -r -d {{ .Values.backup.directory }}/ {{ .Values.backup.uploadProviders.google.bucketName }} + upload-azure.sh: |- + #!/bin/sh + + set -e + + az storage blob sync --source {{ .Values.backup.directory }} --container {{ .Values.backup.uploadProviders.azure.containerName }} + upload-aws.sh: |- + #!/bin/sh + + set -e + + aws s3 sync {{ .Values.backup.directory }} {{ .Values.backup.uploadProviders.aws.bucketName }} +{{ end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-initdb-scripts.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-initdb-scripts.yaml new file mode 100644 index 00000000..7e15d029 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap-initdb-scripts.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Values.influxdb.initdbScripts) (not .Values.influxdb.initdbScriptsCM) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-initdb-scripts + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{ include "common.tplvalues.render" (dict "value" .Values.influxdb.initdbScripts "context" $) | nindent 2 }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap.yaml new file mode 100644 index 00000000..408c74a9 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/configmap.yaml @@ -0,0 +1,21 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.influxdb.configuration (not .Values.influxdb.existingConfiguration) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + influxdb.conf: |- + # User-supplied configuration: + {{ include "common.tplvalues.render" (dict "value" .Values.influxdb.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/cronjob-backup.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/cronjob-backup.yaml new file mode 100644 index 00000000..f0416a0a --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/cronjob-backup.yaml @@ -0,0 +1,260 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.backup.enabled }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: "{{ template "common.names.fullname" . }}-backup" + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + schedule: {{ .Values.backup.cronjob.schedule | quote }} + concurrencyPolicy: Forbid + successfulJobsHistoryLimit: {{ .Values.backup.cronjob.historyLimit }} + failedJobsHistoryLimit: {{ .Values.backup.cronjob.historyLimit }} + jobTemplate: + spec: + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 12 }} + {{- if .Values.backup.cronjob.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.podAnnotations "context" $) | nindent 12 }} + {{- end }} + spec: + {{- if .Values.backup.cronjob.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.podSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- include "influxdb.imagePullSecrets" . | nindent 10 }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} + restartPolicy: OnFailure + volumes: + - name: empty-dir + emptyDir: {} + - name: backup-scripts + configMap: + name: {{ include "common.names.fullname" . }}-backup + defaultMode: 0755 + {{- if .Values.backup.uploadProviders.google.enabled }} + - name: google-cloud-key + secret: + {{- if .Values.backup.uploadProviders.google.existingSecret }} + secretName: {{ .Values.backup.uploadProviders.google.existingSecret | quote }} + {{- else }} + secretName: {{ include "common.names.fullname" . }}-backup-gcloud + {{- end }} + {{- end }} + - name: {{ include "common.names.fullname" . }}-backups + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.names.fullname" . }}-backups + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.backup.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.backup.affinity "context" $) | nindent 12 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.backup.podAffinityPreset "component" "influxdb" "customLabels" .Values.commonLabels "context" $) | nindent 14 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.backup.podAntiAffinityPreset "component" "influxdb" "customLabels" .Values.commonLabels "context" $) | nindent 14 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.backup.nodeAffinityPreset.type "key" .Values.backup.nodeAffinityPreset.key "values" .Values.backup.nodeAffinityPreset.values) | nindent 14 }} + {{- end }} + {{- if .Values.backup.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.backup.nodeSelector "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.backup.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.backup.tolerations "context" $) | nindent 10 }} + {{- end }} + initContainers: + - name: influxdb-backup + image: {{ include "influxdb.image" . | quote }} + env: + - name: INFLUXDB_ADMIN_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "influxdb.secretName" . }} + key: admin-user-password + - name: INFLUXDB_ADMIN_USER_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "influxdb.secretName" . }} + key: admin-user-token + command: + - "/tmp/backup.sh" + {{- if .Values.backup.cronjob.resources }} + resources: {{- toYaml .Values.backup.cronjob.resources | nindent 16 }} + {{- else if ne .Values.backup.cronjob.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.backup.cronjob.resourcesPreset) | nindent 16 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: {{ include "common.names.fullname" . }}-backups + mountPath: {{ .Values.backup.directory | quote }} + - name: backup-scripts + mountPath: /tmp/backup.sh + subPath: backup.sh + {{- if .Values.backup.cronjob.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + containers: + - name: influxdb-backup-dummy-container + image: {{ include "influxdb.image" . | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }} + {{- else }} + command: + - "/bin/true" + {{- end }} + {{- if .Values.backup.cronjob.resources }} + resources: {{- toYaml .Values.backup.cronjob.resources | nindent 16 }} + {{- else if ne .Values.backup.cronjob.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.backup.cronjob.resourcesPreset) | nindent 16 }} + {{- end }} + {{- if .Values.backup.cronjob.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + {{- if .Values.backup.uploadProviders.google.enabled }} + - name: gsutil-cp + image: {{ include "gcloudSdk.image" . }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }} + {{- else }} + command: + - "/tmp/upload-google.sh" + {{- end }} + {{- if .Values.backup.uploadProviders.google.resources }} + resources: {{- toYaml .Values.backup.uploadProviders.google.resources | nindent 16 }} + {{- else if ne .Values.backup.uploadProviders.google.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.backup.uploadProviders.google.resourcesPreset) | nindent 16 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: {{ include "common.names.fullname" . }}-backups + mountPath: {{ .Values.backup.directory | quote }} + - name: backup-scripts + mountPath: /tmp/upload-google.sh + subPath: upload-google.sh + - name: google-cloud-key + mountPath: /var/secrets/google/ + {{- if .Values.backup.cronjob.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + {{- end }} + {{- if .Values.backup.uploadProviders.azure.enabled }} + - name: azure-cli + image: {{ include "azureCli.image" . }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }} + {{- else }} + command: + - "/tmp/upload-azure.sh" + {{- end }} + {{- if .Values.backup.uploadProviders.azure.resources }} + resources: {{- toYaml .Values.backup.uploadProviders.azure.resources | nindent 16 }} + {{- else if ne .Values.backup.uploadProviders.azure.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.backup.uploadProviders.azure.resourcesPreset) | nindent 16 }} + {{- end }} + env: + - name: AZURE_STORAGE_CONNECTION_STRING + valueFrom: + secretKeyRef: + {{- if .Values.backup.uploadProviders.azure.existingSecret }} + name: {{ .Values.backup.uploadProviders.azure.existingSecret | quote }} + {{- else }} + name: {{ include "common.names.fullname" . }}-backup-azure + {{- end }} + key: {{ .Values.backup.uploadProviders.azure.secretKey }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: {{ include "common.names.fullname" . }}-backups + mountPath: {{ .Values.backup.directory | quote }} + - name: backup-scripts + mountPath: /tmp/upload-azure.sh + subPath: upload-azure.sh + {{- if .Values.backup.cronjob.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + {{- end }} + {{- if .Values.backup.uploadProviders.aws.enabled }} + - name: aws-cli + image: {{ include "awsCli.image" . }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }} + {{- else }} + command: + - "/tmp/upload-aws.sh" + {{- end }} + {{- if .Values.backup.uploadProviders.aws.resources }} + resources: {{- toYaml .Values.backup.uploadProviders.aws.resources | nindent 16 }} + {{- else if ne .Values.backup.uploadProviders.aws.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.backup.uploadProviders.aws.resourcesPreset) | nindent 16 }} + {{- end }} + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + {{- if .Values.backup.uploadProviders.aws.existingSecret }} + name: {{ .Values.backup.uploadProviders.aws.existingSecret | quote }} + {{- else }} + name: {{ include "common.names.fullname" . }}-backup-aws + {{- end }} + key: accessKeyID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + {{- if .Values.backup.uploadProviders.aws.existingSecret }} + name: {{ .Values.backup.uploadProviders.aws.existingSecret | quote }} + {{- else }} + name: {{ include "common.names.fullname" . }}-backup-aws + {{- end }} + key: secretAccessKey + - name: AWS_DEFAULT_REGION + valueFrom: + secretKeyRef: + {{- if .Values.backup.uploadProviders.aws.existingSecret }} + name: {{ .Values.backup.uploadProviders.aws.existingSecret | quote }} + {{- else }} + name: {{ include "common.names.fullname" . }}-backup-aws + {{- end }} + key: region + - name: AWS_ENDPOINT_URL_S3 + valueFrom: + secretKeyRef: + {{- if .Values.backup.uploadProviders.aws.existingSecret }} + name: {{ .Values.backup.uploadProviders.aws.existingSecret | quote }} + {{- else }} + name: {{ include "common.names.fullname" . }}-backup-aws + {{- end }} + key: endpoint + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /.aws + subPath: aws-dir + - name: {{ include "common.names.fullname" . }}-backups + mountPath: {{ .Values.backup.directory | quote }} + - name: backup-scripts + mountPath: /tmp/upload-aws.sh + subPath: upload-aws.sh + {{- if .Values.backup.cronjob.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/deployment.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/deployment.yaml new file mode 100644 index 00000000..3879eb59 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/deployment.yaml @@ -0,0 +1,366 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.influxdb.updateStrategy }} + strategy: {{- toYaml .Values.influxdb.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.influxdb.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: influxdb + template: + metadata: + {{- if .Values.influxdb.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: influxdb + spec: + {{- include "influxdb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.influxdb.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.influxdb.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.influxdb.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.influxdb.podAffinityPreset "component" "influxdb" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.influxdb.podAntiAffinityPreset "component" "influxdb" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.influxdb.nodeAffinityPreset.type "key" .Values.influxdb.nodeAffinityPreset.key "values" .Values.influxdb.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.influxdb.schedulerName }} + schedulerName: {{ .Values.influxdb.schedulerName }} + {{- end }} + {{- if .Values.influxdb.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + priorityClassName: {{ .Values.influxdb.priorityClassName | quote }} + {{- if .Values.influxdb.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.influxdb.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.influxdb.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.influxdb.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: init-chmod-data + image: {{ include "influxdb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -c + - | + mkdir -p /bitnami/influxdb/{data,meta,wal} + chmod 700 /bitnami/influxdb/{data,meta,wal} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /bitnami/influxdb + {{- else }} + chown -R {{ .Values.influxdb.containerSecurityContext.runAsUser }}:{{ .Values.influxdb.podSecurityContext.fsGroup }} /bitnami/influxdb + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/influxdb + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- end }} + {{- if .Values.influxdb.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.initContainers "context" $) | trim | nindent 8 }} + {{- end }} + containers: + - name: influxdb + image: {{ include "influxdb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.influxdb.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.influxdb.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.influxdb.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.influxdb.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.influxdb.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: INFLUXDB_HTTP_AUTH_ENABLED + value: {{ .Values.auth.enabled | quote }} + - name: INFLUXDB_CREATE_USER_TOKEN + value: {{ ternary "yes" "no" .Values.auth.createUserToken | quote }} + {{- if .Values.auth.admin.username }} + - name: INFLUXDB_ADMIN_USER + value: {{ .Values.auth.admin.username | quote }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: INFLUXDB_ADMIN_USER_PASSWORD_FILE + value: "/opt/bitnami/influxdb/secrets/admin-user-password" + {{- else }} + - name: INFLUXDB_ADMIN_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "influxdb.secretName" . }} + key: admin-user-password + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: INFLUXDB_ADMIN_USER_TOKEN_FILE + value: "/opt/bitnami/influxdb/secrets/admin-user-token" + {{- else }} + - name: INFLUXDB_ADMIN_USER_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "influxdb.secretName" . }} + key: admin-user-token + {{- end }} + - name: INFLUXDB_ADMIN_BUCKET + value: {{ .Values.auth.admin.bucket | quote }} + - name: INFLUXDB_ADMIN_ORG + value: {{ .Values.auth.admin.org | quote }} + {{- if .Values.auth.admin.retention }} + - name: INFLUXDB_ADMIN_RETENTION + value: {{ .Values.auth.admin.retention | quote }} + {{- end }} + {{- if .Values.auth.user.username }} + - name: INFLUXDB_USER + value: {{ .Values.auth.user.username | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: INFLUXDB_USER_PASSWORD_FILE + value: "/opt/bitnami/influxdb/secrets/user-password" + {{- else }} + - name: INFLUXDB_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "influxdb.secretName" . }} + key: user-password + {{- end }} + {{- end }} + {{- if .Values.auth.user.bucket }} + - name: INFLUXDB_USER_BUCKET + value: {{ .Values.auth.user.bucket | quote }} + {{- end }} + {{- if .Values.auth.user.org }} + - name: INFLUXDB_USER_ORG + value: {{ .Values.auth.user.org | quote }} + {{- end }} + {{- if .Values.auth.readUser.username }} + - name: INFLUXDB_READ_USER + value: {{ .Values.auth.readUser.username | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: INFLUXDB_READ_USER_PASSWORD_FILE + value: "/opt/bitnami/influxdb/secrets/read-user-password" + {{- else }} + - name: INFLUXDB_READ_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "influxdb.secretName" . }} + key: read-user-password + {{- end }} + {{- end }} + {{- if .Values.auth.writeUser.username }} + - name: INFLUXDB_WRITE_USER + value: {{ .Values.auth.writeUser.username | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: INFLUXDB_WRITE_USER_PASSWORD_FILE + value: "/opt/bitnami/influxdb/secrets/write-user-password" + {{- else }} + - name: INFLUXDB_WRITE_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "influxdb.secretName" . }} + key: write-user-password + {{- end }} + {{- end }} + {{- if .Values.auth.user.bucket }} + - name: INFLUXDB_DB + value: {{ .Values.auth.user.bucket | quote }} + {{- end }} + {{- if .Values.influxdb.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.influxdb.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.influxdb.extraEnvVarsCM }} + {{- end }} + {{- if .Values.influxdb.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.influxdb.extraEnvVarsSecret }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.influxdb.containerPorts.http }} + protocol: TCP + - name: rpc + containerPort: {{ .Values.influxdb.containerPorts.rpc }} + protocol: TCP + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.influxdb.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.influxdb.startupProbe.enabled }} + {{- $startupTimeout := sub (int .Values.influxdb.startupProbe.timeoutSeconds) 1 }} + startupProbe: {{- omit .Values.influxdb.startupProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - bash + - -c + - | + . /opt/bitnami/scripts/libinfluxdb.sh + + influxdb_env + + {{- if .Values.auth.enabled }} + export INFLUX_USERNAME="$INFLUXDB_ADMIN_USER" + export INFLUX_PASSWORD="$INFLUXDB_ADMIN_USER_PASSWORD" + {{- end }} + + timeout {{ $startupTimeout }}s influx --host http://$POD_IP:{{ .Values.influxdb.containerPorts.http }} ping + {{- end }} + {{- if .Values.influxdb.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.influxdb.livenessProbe.enabled }} + {{- $livenessTimeout := sub (int .Values.influxdb.livenessProbe.timeoutSeconds) 1 }} + livenessProbe: {{- omit .Values.influxdb.livenessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - bash + - -c + - | + . /opt/bitnami/scripts/libinfluxdb.sh + + influxdb_env + + {{- if .Values.auth.enabled }} + export INFLUX_USERNAME="$INFLUXDB_ADMIN_USER" + export INFLUX_PASSWORD="$INFLUXDB_ADMIN_USER_PASSWORD" + {{- end }} + + timeout {{ $livenessTimeout }}s influx ping --host http://$POD_IP:{{ .Values.influxdb.containerPorts.http }} + {{- end }} + {{- if .Values.influxdb.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.influxdb.readinessProbe.enabled }} + {{- $readinessTimeout := sub (int .Values.influxdb.readinessProbe.timeoutSeconds) 1 }} + readinessProbe: {{- omit .Values.influxdb.readinessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - bash + - -c + - | + . /opt/bitnami/scripts/libinfluxdb.sh + + influxdb_env + + {{- if .Values.auth.enabled }} + export INFLUX_USERNAME="$INFLUXDB_ADMIN_USER" + export INFLUX_PASSWORD="$INFLUXDB_ADMIN_USER_PASSWORD" + {{- end }} + + timeout {{ $readinessTimeout }}s influx ping --host http://$POD_IP:{{ .Values.influxdb.containerPorts.http }} + {{- end }} + {{- end }} + {{- if .Values.influxdb.resources }} + resources: {{- toYaml .Values.influxdb.resources | nindent 12 }} + {{- else if ne .Values.influxdb.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.influxdb.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if or .Values.influxdb.configuration .Values.influxdb.existingConfiguration }} + - name: influxdb-config + mountPath: /opt/bitnami/influxdb/etc + {{- else }} + - name: empty-dir + mountPath: /opt/bitnami/influxdb/etc + subPath: app-conf-dir + {{- end }} + {{- if or .Values.influxdb.initdbScripts .Values.influxdb.initdbScriptsCM }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.influxdb.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: influxdb-credentials + mountPath: /opt/bitnami/influxdb/secrets/ + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: /bitnami/influxdb + {{- end }} + {{- if .Values.influxdb.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.influxdb.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.sidecars "context" $) | trim | nindent 8 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + {{- if or .Values.influxdb.configuration .Values.influxdb.existingConfiguration }} + - name: influxdb-config + configMap: + name: {{ include "influxdb.configmapName" . }} + {{- end }} + {{- if or .Values.influxdb.initdbScripts .Values.influxdb.initdbScriptsCM }} + - name: custom-init-scripts + configMap: + name: {{ include "influxdb.initdbScriptsConfigmapName" . }} + {{- end }} + {{- if .Values.influxdb.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "influxdb.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: influxdb-credentials + secret: + secretName: {{ include "influxdb.secretName" . }} + {{- end }} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "influxdb.claimName" . }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.influxdb.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/extra-list.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/extra-list.yaml new file mode 100644 index 00000000..2d35a580 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/ingress.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/ingress.yaml new file mode 100644 index 00000000..5b0336a0 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/ingress.yaml @@ -0,0 +1,69 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ (tpl .Values.ingress.hostname .) }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ default "/" .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ (tpl .name $) | quote }} + http: + paths: + {{- if $.Values.ingress.extraPaths }} + {{- toYaml $.Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.ingress.tls .Values.ingress.extraTls }} + tls: + {{- if .Values.ingress.tls }} + - hosts: + - {{ (tpl .Values.ingress.hostname .) | quote }} + secretName: {{ printf "%s-tls" (tpl .Values.ingress.hostname .) }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/networkpolicy.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/networkpolicy.yaml new file mode 100644 index 00000000..8eb5af3c --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/networkpolicy.yaml @@ -0,0 +1,86 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.influxdb.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: influxdb + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to other agent pods + - ports: + - port: {{ .Values.influxdb.containerPorts.http }} + protocol: TCP + - port: {{ .Values.influxdb.containerPorts.rpc }} + protocol: TCP + {{- if .Values.collectd.enabled }} + - port: {{ .Values.collectd.service.port }} + protocol: UDP + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: influxdb + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.influxdb.containerPorts.http }} + protocol: TCP + - port: {{ .Values.influxdb.containerPorts.rpc }} + protocol: TCP + {{- if .Values.collectd.enabled }} + - port: {{ .Values.collectd.service.port }} + protocol: UDP + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-role.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-role.yaml new file mode 100644 index 00000000..db5ad445 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-role.yaml @@ -0,0 +1,22 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.rbac.create .Values.psp.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ include "common.names.namespace" . | quote }} +rules: + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ template "common.names.fullname" . }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-rolebinding.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-rolebinding.yaml new file mode 100644 index 00000000..de34049d --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp-rolebinding.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.rbac.create .Values.psp.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ include "common.names.namespace" . | quote }} +roleRef: + kind: Role + name: {{ template "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "influxdb.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp.yaml new file mode 100644 index 00000000..42fdc38e --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/psp.yaml @@ -0,0 +1,44 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.psp.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ include "common.names.namespace" . | quote }} +spec: + privileged: false + allowedCapabilities: + - CHOWN + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc-backup.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc-backup.yaml new file mode 100644 index 00000000..eaccc6c4 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc-backup.yaml @@ -0,0 +1,27 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.backup.enabled .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }}-backups + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" ( dict "persistence" .Values.persistence "global" $) | nindent 2 }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc.yaml new file mode 100644 index 00000000..9956eb90 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets-backup.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets-backup.yaml new file mode 100644 index 00000000..e2c78fd4 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets-backup.yaml @@ -0,0 +1,54 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.backup.enabled }} +{{- if and (.Values.backup.uploadProviders.google.enabled) (not .Values.backup.uploadProviders.google.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-backup-gcloud + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ .Values.backup.uploadProviders.google.secretKey }}: {{ .Values.backup.uploadProviders.google.secret | b64enc | quote }} +{{- end }} +{{ if and (.Values.backup.uploadProviders.azure.enabled) (not .Values.backup.uploadProviders.azure.existingSecret) -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-backup-azure + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ .Values.backup.uploadProviders.azure.secretKey }}: {{ .Values.backup.uploadProviders.azure.secret | b64enc | quote }} +{{- end }} +{{ if and (.Values.backup.uploadProviders.aws.enabled) (not .Values.backup.uploadProviders.aws.existingSecret) -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-backup-aws + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + accessKeyID: {{ .Values.backup.uploadProviders.aws.accessKeyID | b64enc | quote }} + secretAccessKey: {{ .Values.backup.uploadProviders.aws.secretAccessKey | b64enc | quote }} + region: {{ .Values.backup.uploadProviders.aws.region | b64enc | quote }} + endpoint: {{ .Values.backup.uploadProviders.aws.endpoint | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets.yaml new file mode 100644 index 00000000..30c89dfe --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/secrets.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (not .Values.auth.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + admin-user-password: {{ ternary (randAlphaNum 10) .Values.auth.admin.password (empty .Values.auth.admin.password) | b64enc | quote }} + admin-user-token: {{ ternary (randAlphaNum 20) .Values.auth.admin.token (empty .Values.auth.admin.token) | b64enc | quote }} + {{- if .Values.auth.user.username }} + user-password: {{ ternary (randAlphaNum 10) .Values.auth.user.password (empty .Values.auth.user.password) | b64enc | quote }} + {{- end }} + {{- if .Values.auth.readUser.username }} + read-user-password: {{ ternary (randAlphaNum 10) .Values.auth.readUser.password (empty .Values.auth.readUser.password) | b64enc | quote }} + {{- end }} + {{- if .Values.auth.writeUser.username }} + write-user-password: {{ ternary (randAlphaNum 10) .Values.auth.writeUser.password (empty .Values.auth.writeUser.password) | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-collectd.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-collectd.yaml new file mode 100644 index 00000000..4914ca87 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-collectd.yaml @@ -0,0 +1,54 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.collectd.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-collectd + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if or .Values.collectd.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.collectd.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.collectd.service.type }} + {{- if and .Values.collectd.service.clusterIP (eq .Values.collectd.service.type "ClusterIP") }} + clusterIP: {{ .Values.collectd.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.collectd.service.type "LoadBalancer") (eq .Values.collectd.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.collectd.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.collectd.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.collectd.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.collectd.service.type "LoadBalancer") (not (empty .Values.collectd.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.collectd.service.loadBalancerIP }} + {{- end }} + {{- if .Values.collectd.service.sessionAffinity }} + sessionAffinity: {{ .Values.collectd.service.sessionAffinity }} + {{- end }} + {{- if .Values.collectd.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.collectd.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.collectd.service.port }} + targetPort: {{ .Values.collectd.service.port }} + protocol: UDP + name: udp + {{- if (and (or (eq .Values.collectd.service.type "NodePort") (eq .Values.collectd.service.type "LoadBalancer")) (not (empty .Values.collectd.service.nodePort))) }} + nodePort: {{ .Values.collectd.service.nodePort }} + {{- else if eq .Values.collectd.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.collectd.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.collectd.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.influxdb.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-metrics.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-metrics.yaml new file mode 100644 index 00000000..39bc5147 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service-metrics.yaml @@ -0,0 +1,54 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-metrics + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb-metrics + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.metrics.service.type "LoadBalancer") (eq .Values.metrics.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if eq .Values.metrics.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.metrics.service.loadBalancerSourceRanges }} + {{- end }} + {{- if (and (eq .Values.metrics.service.type "LoadBalancer") (not (empty .Values.metrics.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + {{- if .Values.metrics.service.sessionAffinity }} + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- end }} + {{- if .Values.metrics.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.metrics.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if (and (or (eq .Values.metrics.service.type "NodePort") (eq .Values.metrics.service.type "LoadBalancer")) (not (empty .Values.metrics.service.nodePort))) }} + nodePort: {{ .Values.metrics.service.nodePort }} + {{- else if eq .Values.metrics.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.influxdb.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service.yaml new file mode 100644 index 00000000..bfc5c403 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/service.yaml @@ -0,0 +1,61 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if or .Values.influxdb.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.influxdb.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.influxdb.service.type }} + {{- if and .Values.influxdb.service.clusterIP (eq .Values.influxdb.service.type "ClusterIP") }} + clusterIP: {{ .Values.influxdb.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.influxdb.service.type "LoadBalancer") (eq .Values.influxdb.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.influxdb.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if eq .Values.influxdb.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.influxdb.service.loadBalancerSourceRanges }} + {{- end }} + {{- if (and (eq .Values.influxdb.service.type "LoadBalancer") (not (empty .Values.influxdb.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.influxdb.service.loadBalancerIP }} + {{- end }} + {{- if .Values.influxdb.service.sessionAffinity }} + sessionAffinity: {{ .Values.influxdb.service.sessionAffinity }} + {{- end }} + {{- if .Values.influxdb.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - port: {{ coalesce .Values.influxdb.service.ports.http .Values.influxdb.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if (and (or (eq .Values.influxdb.service.type "NodePort") (eq .Values.influxdb.service.type "LoadBalancer")) (not (empty .Values.influxdb.service.nodePorts.http))) }} + nodePort: {{ .Values.influxdb.service.nodePorts.http }} + {{- else if eq .Values.influxdb.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - port: {{ coalesce .Values.influxdb.service.ports.rpc .Values.influxdb.service.rpcPort }} + targetPort: rpc + protocol: TCP + name: rpc + {{- if (and (or (eq .Values.influxdb.service.type "NodePort") (eq .Values.influxdb.service.type "LoadBalancer")) (not (empty .Values.influxdb.service.nodePorts.rpc))) }} + nodePort: {{ .Values.influxdb.service.nodePorts.rpc }} + {{- else if eq .Values.influxdb.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.influxdb.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.influxdb.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.influxdb.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/serviceaccount.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/serviceaccount.yaml new file mode 100644 index 00000000..a640d460 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or .Values.serviceAccount.create .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "influxdb.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/servicemonitor.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/servicemonitor.yaml new file mode 100644 index 00000000..e51401c1 --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/templates/servicemonitor.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: influxdb-metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: influxdb-metrics + endpoints: + - port: http + path: "/metrics" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/values.yaml b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/values.yaml new file mode 100644 index 00000000..4f0dedcb --- /dev/null +++ b/.helm-charts/oci_registry-1.docker.io/bitnamicharts/influxdb/6.0.8/values.yaml @@ -0,0 +1,1203 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global storage class for dynamic provisioning +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override influxdb.fullname template with a string (will prepend the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override influxdb.fullname template with a string +## +fullnameOverride: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity +## @section InfluxDB™ parameters + +## Bitnami InfluxDB™ image +## ref: https://hub.docker.com/r/bitnami/influxdb/tags/ +## @param image.registry [default: REGISTRY_NAME] InfluxDB™ image registry +## @param image.repository [default: REPOSITORY_NAME/influxdb] InfluxDB™ image repository +## @skip image.tag InfluxDB™ image tag (immutable tags are recommended) +## @param image.digest InfluxDB™ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy InfluxDB™ image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/influxdb + tag: 2.7.6-debian-12-r2 + digest: "" + ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Authentication parameters +## +auth: + ## @param auth.enabled Enable/disable authentication (Variable to keep compatibility with InfluxDB™ v1, in v2 it will be ignored) + ## + enabled: true + ## @param auth.usePasswordFiles Whether to use files to provide secrets instead of env vars. + ## + usePasswordFiles: false + ## InfluxDB™ admin credentials + ## + admin: + ## @param auth.admin.username InfluxDB™ admin user name + ## + username: admin + ## @param auth.admin.password InfluxDB™ admin user's password + ## + password: "" + ## @param auth.admin.token InfluxDB™ admin user's token. Only valid with InfluxDB™ v2 + ## + token: "" + ## @param auth.admin.org InfluxDB™ admin user's org. Only valid with InfluxDB™ v2 + ## + org: primary + ## @param auth.admin.bucket InfluxDB™ admin user's bucket. Only valid with InfluxDB™ v2 + ## + bucket: primary + ## @param auth.admin.retention InfluxDB™ admin user's bucket retention. Only valid with InfluxDB™ v2 + ## + retention: "" + ## @param auth.createUserToken Whether to create tokens for the different users. Take into account these tokens are going to be created by CLI randomly and they will not be accessible from a secret. See more influxdb 2.0 [auth ref](https://docs.influxdata.com/influxdb/v2.0/security/tokens/) + ## You should take into account these tokens are going to be created by CLI + ## so it is not possible to get them by k8s secrets nor to provide them though + ## values + ## See more influxdb 2.0 auth ref: https://docs.influxdata.com/influxdb/v2.0/security/tokens/ + ## + createUserToken: false + ## InfluxDB™ credentials for user with 'admin' privileges on the db specified at 'database' parameter + ## + user: + ## @param auth.user.username Name for InfluxDB™ user with 'admin' privileges on the bucket specified at `auth.user.bucket` and `auth.user.org` or `auth.admin.org` + ## + username: "" + ## @param auth.user.password InfluxDB™ password for `user.name` user + ## + password: "" + ## @param auth.user.org Org to be created on first run + ## + org: "" + ## @param auth.user.bucket Bucket to be created on first run + ## already create. If it is not null a new bucket will be created. + ## + bucket: "" + ## InfluxDB™ credentials for user with 'read' privileges on the db specified at 'database' parameter + ## @param auth.readUser.username Name for InfluxDB™ user with 'read' privileges on the bucket specified at `auth.user.bucket` + ## @param auth.readUser.password InfluxDB™ password for `auth.readUser.username` user + ## + readUser: + username: "" + password: "" + ## InfluxDB™ credentials for user with 'write' privileges on the db specified at 'database' parameter + ## @param auth.writeUser.username Name for InfluxDB™ user with 'read' privileges on the bucket specified at `auth.user.bucket` + ## @param auth.writeUser.password InfluxDB™ password for `auth.writeUser.username` user + ## + writeUser: + username: "" + password: "" + ## @param auth.existingSecret Name of existing Secret object with InfluxDB™ credentials (`auth.admin.password`, `auth.user.password`, `auth.readUser.password`, and `auth.writeUser.password` will be ignored and picked up from this secret) + ## + existingSecret: "" +## InfluxDB™ backend parameters +## +influxdb: + ## @param influxdb.configuration Specify content for influxdb.conf + ## Alternatively, you can put your influxdb.conf under the files/conf/ directory + ## + ## configuration: |- + ## reporting-disabled = false + ## bind-address = "127.0.0.1:8088" + ## [meta] + ## dir = "/bitnami/influxdb/meta" + ## ... + ## + configuration: "" + ## @param influxdb.existingConfiguration Name of existing ConfigMap object with the InfluxDB™ configuration (`influxdb.configuration` will be ignored). + ## + existingConfiguration: "" + ## @param influxdb.initdbScripts Dictionary of initdb scripts + ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory + ## + ## initdbScripts: + ## my_init_script.sh: | + ## #!/bin/sh + ## echo "Do something." + initdbScripts: {} + ## @param influxdb.initdbScriptsCM Name of existing ConfigMap object with the initdb scripts (`influxdb.initdbScripts` will be ignored). + ## + initdbScriptsCM: "" + ## @param influxdb.initdbScriptsSecret Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`) + ## + initdbScriptsSecret: "" + ## @param influxdb.podAffinityPreset InfluxDB™ Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param influxdb.podAntiAffinityPreset InfluxDB™ Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param influxdb.nodeAffinityPreset.type InfluxDB™ Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + type: "" + ## @param influxdb.nodeAffinityPreset.key InfluxDB™ Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param influxdb.nodeAffinityPreset.values InfluxDB™ Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param influxdb.affinity InfluxDB™ Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param influxdb.nodeSelector InfluxDB™ Node labels for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param influxdb.tolerations InfluxDB™ Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param influxdb.podAnnotations Annotations for InfluxDB™ pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param influxdb.podLabels Extra labels for InfluxDB™ pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param influxdb.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param influxdb.hostAliases InfluxDB™ pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param influxdb.updateStrategy.type InfluxDB™ statefulset/deployment strategy type + ## Statefulset ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## Deployment ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param influxdb.priorityClassName InfluxDB™ pods' priorityClassName + ## + priorityClassName: "" + ## @param influxdb.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param influxdb.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## @param influxdb.podManagementPolicy podManagementPolicy to manage scaling operation of InfluxDB™ pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param influxdb.podSecurityContext.enabled Enabled InfluxDB™ pods' Security Context + ## @param influxdb.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param influxdb.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param influxdb.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param influxdb.podSecurityContext.fsGroup Set InfluxDB™ pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param influxdb.containerSecurityContext.enabled Enabled containers' Security Context + ## @param influxdb.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param influxdb.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param influxdb.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param influxdb.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param influxdb.containerSecurityContext.privileged Set container's Security Context privileged + ## @param influxdb.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param influxdb.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param influxdb.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param influxdb.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## InfluxDB™ pods' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param influxdb.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param influxdb.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param influxdb.command Override default container command (useful when using custom images) + ## + command: [] + ## @param influxdb.args Override default container args (useful when using custom images) + ## + args: [] + ## @param influxdb.lifecycleHooks for the InfluxDB™ container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param influxdb.extraEnvVars Array containing extra env vars to configure InfluxDB™ + ## For example: + ## extraEnvVars: + ## - name: INFLUXDB_DATA_QUERY_LOG_ENABLED + ## value: "true" + ## + extraEnvVars: [] + ## @param influxdb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for InfluxDB™ nodes + ## + extraEnvVarsCM: "" + ## @param influxdb.extraEnvVarsSecret Name of existing Secret containing extra env vars for InfluxDB™ nodes + ## + extraEnvVarsSecret: "" + ## @param influxdb.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting extraVolumeMounts + ## + extraVolumes: [] + ## @param influxdb.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with extraVolumes. + ## + extraVolumeMounts: [] + ## @param influxdb.containerPorts.http InfluxDB™ container HTTP port + ## @param influxdb.containerPorts.rpc InfluxDB™ container RPC port + ## + containerPorts: + http: 8086 + rpc: 8088 + ## Configure extra options for InfluxDB™ containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param influxdb.startupProbe.enabled Enable startupProbe + ## @param influxdb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param influxdb.startupProbe.periodSeconds Period seconds for startupProbe + ## @param influxdb.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param influxdb.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param influxdb.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 180 + periodSeconds: 45 + timeoutSeconds: 30 + successThreshold: 1 + failureThreshold: 6 + ## @param influxdb.livenessProbe.enabled Enable livenessProbe + ## @param influxdb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param influxdb.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param influxdb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param influxdb.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param influxdb.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 180 + periodSeconds: 45 + timeoutSeconds: 30 + successThreshold: 1 + failureThreshold: 6 + ## @param influxdb.readinessProbe.enabled Enable readinessProbe + ## @param influxdb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param influxdb.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param influxdb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param influxdb.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param influxdb.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 45 + timeoutSeconds: 30 + successThreshold: 1 + failureThreshold: 6 + ## @param influxdb.customStartupProbe Override default startup probe + ## + customStartupProbe: {} + ## @param influxdb.customLivenessProbe Override default liveness probe + ## + customLivenessProbe: {} + ## @param influxdb.customReadinessProbe Override default readiness probe + ## + customReadinessProbe: {} + ## @param influxdb.sidecars Add additional sidecar containers to the InfluxDB™ pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param influxdb.initContainers Add additional init containers to the InfluxDB™ pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Service parameters + ## + service: + ## @param influxdb.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) + ## + type: ClusterIP + ## @param influxdb.service.ports.http InfluxDB™ HTTP port + ## @param influxdb.service.ports.rpc InfluxDB™ RPC port + ## + ports: + http: 8086 + rpc: 8088 + ## @param influxdb.service.nodePorts [object] Specify the nodePort(s) value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + rpc: "" + ## @param influxdb.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param influxdb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + loadBalancerSourceRanges: [] + ## @param influxdb.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param influxdb.service.externalTrafficPolicy InfluxDB™ service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param influxdb.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param influxdb.service.annotations Annotations for InfluxDB™ service + ## + annotations: {} + ## @param influxdb.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param influxdb.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + sessionAffinityConfig: {} +## @section InfluxDB Collectd™ parameters +collectd: + ## @param collectd.enabled InfluxDB Collectd™ service enable + ## + enabled: false + service: + ## @param collectd.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) + ## + type: ClusterIP + ## @param collectd.service.port InfluxDB Collectd™ UDP port (should match with corresponding port in influxdb.conf) + ## This requires corresponding configuration in influxdb.conf to enable + ## collectd block + ## + port: 25826 + ## @param collectd.service.nodePort Kubernetes HTTP node port + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param collectd.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param collectd.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + loadBalancerSourceRanges: [] + ## @param collectd.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param collectd.service.externalTrafficPolicy InfluxDB Collectd™ service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param collectd.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param collectd.service.annotations Annotations for InfluxDB Collectd™ service + ## metallb.universe.tf/allow-shared-ip: "true" + ## + annotations: {} + ## @param collectd.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same mongos Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param collectd.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} +## @section Exposing parameters + +## Configure the ingress resource that allows you to access the +## influxdb installation. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress controller resource + ## + enabled: false + ## @param ingress.tls Create TLS Secret + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" (tpl .Values.ingress.hostname .) }} + ## You can use the ingress.secrets parameter to create this TLS secret on cert-manager to create it + ## + tls: false + ## DEPRECATED: Use ingress.annotations instead of ingress.certManager + ## certManager: false + ## + + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress resource (evaluated as template) + ## + hostname: influxdb.local + ## @param ingress.path Ingress path*' in order to use this + ## with ALB ingress controllers. + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: influxdb.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Additional arbitrary path/backend objects + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - influxdb.local + ## secretName: influxdb.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## - name: influxdb.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## @section Metrics parameters + +## Prometheus metrics +## ref: https://docs.influxdata.com/influxdb/v1.7/administration/server_monitoring/#influxdb-metrics-http-endpoint +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + service: + ## @param metrics.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) + ## + type: ClusterIP + ## @param metrics.service.port InfluxDB™ Prometheus port + ## + port: 9122 + ## @param metrics.service.nodePort Kubernetes HTTP node port + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param metrics.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param metrics.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + loadBalancerSourceRanges: [] + ## @param metrics.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param metrics.service.annotations [object] Annotations for the Prometheus metrics service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + prometheus.io/path: "/metrics" + ## @param metrics.service.externalTrafficPolicy Service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same mongos Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## e.g: + ## namespace: monitoring + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false +## Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## Persistence parameters +## +persistence: + ## @param persistence.enabled Enable data persistence + ## + enabled: true + ## @param persistence.existingClaim Use a existing PVC which must be created manually before bound + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template + ## + existingClaim: "" + ## @param persistence.storageClass Specify the `storageClass` used to provision the volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.accessModes Access mode of data volume + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Size of data volume + ## + size: 8Gi + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## @param serviceAccount.create Specifies whether a ServiceAccount should be created +## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. +## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account +## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. +## +serviceAccount: + ## DEPRECATED: serviceAccount.enabled - Use serviceAccount.create instead + ## + #enabled: false + create: true + name: "" + automountServiceAccountToken: false + annotations: {} +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later +## +psp: + create: false +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## @param rbac.create Create Role and RoleBinding (required for PSP to work) +## +rbac: + create: false +## @section Volume permissions parameters + +## Init Container parameters +## Change the owner and group of the persistent volume mountpoint to 'runAsUser:fsGroup' +## values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name + ## @skip volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r18 + digest: "" + ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param volumePermissions.securityContext.runAsUser User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") + ## + securityContext: + seLinuxOptions: {} + runAsUser: 0 +## @section InfluxDB™ backup parameters +backup: + ## @param backup.enabled Enable InfluxDB™ backup + ## + enabled: false + ## @param backup.directory Directory where backups are stored + ## + directory: "/backups" + ## @param backup.retentionDays Retention time in days for backups (older backups are deleted) + ## + retentionDays: 10 + ## Cronjob configuration + ## This cronjob is used to create InfluxDB™ backups + ## + cronjob: + ## @param backup.cronjob.schedule Schedule in Cron format to save snapshots + ## See https://en.wikipedia.org/wiki/Cron + ## + schedule: "0 2 * * *" + ## @param backup.cronjob.historyLimit Number of successful finished jobs to retain + ## + historyLimit: 1 + ## @param backup.cronjob.podAnnotations Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## K8s Security Context for Backup Cronjob pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param backup.cronjob.podSecurityContext.enabled Enable security context for InfluxDB™ backup pods + ## @param backup.cronjob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param backup.cronjob.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param backup.cronjob.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param backup.cronjob.podSecurityContext.fsGroup Group ID for the InfluxDB™ filesystem + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s Security Context for Backup Cronjob containers + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context + ## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged + ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## @param backup.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param backup.cronjob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param backup.podAffinityPreset Backup ™ Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param backup.podAntiAffinityPreset Backup™ Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param backup.nodeAffinityPreset.type Backup™ Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + type: "" + ## @param backup.nodeAffinityPreset.key Backup™ Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param backup.nodeAffinityPreset.values Backup™ Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param backup.affinity Backup™ Affinity for backup pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param backup.nodeSelector Backup™ Node labels for backup pod assignment + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param backup.tolerations Backup™ Tolerations for backup pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Storage providers where to upload backups + ## + uploadProviders: + ## Google Storage Bucket configuration + ## @param backup.uploadProviders.google.enabled enable upload to google storage bucket + ## @param backup.uploadProviders.google.secret json secret with serviceaccount data to access Google storage bucket + ## @param backup.uploadProviders.google.secretKey service account secret key name + ## @param backup.uploadProviders.google.existingSecret Name of existing secret object with Google serviceaccount json credentials + ## @param backup.uploadProviders.google.bucketName google storage bucket name name + ## + google: + enabled: false + secret: "" + secretKey: "key.json" + existingSecret: "" + bucketName: "gs://bucket/influxdb" + ## Bitnami Google Cloud SDK image + ## ref: https://hub.docker.com/r/bitnami/google-cloud-sdk/tags/ + ## @param backup.uploadProviders.google.image.registry [default: REGISTRY_NAME] Google Cloud SDK image registry + ## @param backup.uploadProviders.google.image.repository [default: REPOSITORY_NAME/google-cloud-sdk] Google Cloud SDK image name + ## @skip backup.uploadProviders.google.image.tag Google Cloud SDK image tag + ## @param backup.uploadProviders.google.image.digest Google Cloud SDK image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param backup.uploadProviders.google.image.pullPolicy Google Cloud SDK image pull policy + ## @param backup.uploadProviders.google.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/google-cloud-sdk + tag: 0.471.0-debian-12-r1 + digest: "" + ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param backup.uploadProviders.google.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param backup.uploadProviders.google.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Azure Storage Container configuration + ## + azure: + ## @param backup.uploadProviders.azure.enabled Enable upload to azure storage container + ## @param backup.uploadProviders.azure.secret Secret with credentials to access Azure storage + ## @param backup.uploadProviders.azure.secretKey Service account secret key name + ## @param backup.uploadProviders.azure.existingSecret Name of existing secret object + ## @param backup.uploadProviders.azure.containerName Destination container + enabled: false + secret: "" + secretKey: "connection-string" + existingSecret: "" + containerName: "influxdb-container" + ## Bitnami Azure CLI image + ## ref: https://hub.docker.com/r/bitnami/azure-cli/tags/ + ## @param backup.uploadProviders.azure.image.registry [default: REGISTRY_NAME] Azure CLI image registry + ## @param backup.uploadProviders.azure.image.repository [default: REPOSITORY_NAME/azure-cli] Azure CLI image repository + ## @skip backup.uploadProviders.azure.image.tag Azure CLI image tag (immutable tags are recommended) + ## @param backup.uploadProviders.azure.image.digest Azure CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param backup.uploadProviders.azure.image.pullPolicy Azure CLI image pull policy + ## @param backup.uploadProviders.azure.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/azure-cli + tag: 2.59.0-debian-12-r0 + digest: "" + ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param backup.uploadProviders.azure.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param backup.uploadProviders.azure.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + aws: + ## @param backup.uploadProviders.aws.enabled Enable upload to aws s3 bucket + ## @param backup.uploadProviders.aws.accessKeyID Access Key ID to access aws s3 + ## @param backup.uploadProviders.aws.secretAccessKey Secret Access Key to access aws s3 + ## @param backup.uploadProviders.aws.region Region of aws s3 bucket + ## @param backup.uploadProviders.aws.existingSecret Name of existing secret object + ## @param backup.uploadProviders.aws.bucketName aws s3 bucket name + ## @param backup.uploadProviders.aws.endpoint aws s3 endpoint, no value default public endpoint aws s3 endpoint + enabled: false + accessKeyID: "" + secretAccessKey: "" + region: "us-east-1" + existingSecret: "" + bucketName: "s3://bucket/influxdb" + endpoint: "" + ## Bitnami AWS CLI image + ## ref: https://hub.docker.com/r/bitnami/aws-cli/tags + ## @param backup.uploadProviders.aws.image.registry [default: REGISTRY_NAME] AWS CLI image registry + ## @param backup.uploadProviders.aws.image.repository [default: REPOSITORY_NAME/aws-cli] AWS CLI image repository + ## @skip backup.uploadProviders.aws.image.tag AWS CLI image tag (immutable tags are recommended) + ## @param backup.uploadProviders.aws.image.digest AWS CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param backup.uploadProviders.aws.image.pullPolicy AWS CLI image pull policy + ## @param backup.uploadProviders.aws.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/aws-cli + tag: 2.15.30-debian-12-r1 + digest: "" + ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param backup.uploadProviders.aws.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param backup.uploadProviders.aws.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} diff --git a/dune_daq_services/opmon/influxdb/helm-chart.yml b/dune_daq_services/opmon/influxdb/helm-chart.yml index 51de8d91..482ba70f 100644 --- a/dune_daq_services/opmon/influxdb/helm-chart.yml +++ b/dune_daq_services/opmon/influxdb/helm-chart.yml @@ -1,8 +1,7 @@ helmChart: - chartName: influxdb - chartVersion: 4.12.5 + chartVersion: 6.0.8 namespace: '{{ DUNE_opmon.namespace }}' output: helm-rendered.yaml releaseName: opmon-influxdb - repo: https://helm.influxdata.com/ - updateConstraints: ~4.x + repo: oci://registry-1.docker.io/bitnamicharts/influxdb + updateConstraints: ~6.x diff --git a/dune_daq_services/opmon/influxdb/helm-values.yml b/dune_daq_services/opmon/influxdb/helm-values.yml index 165e4dc4..0362b60d 100644 --- a/dune_daq_services/opmon/influxdb/helm-values.yml +++ b/dune_daq_services/opmon/influxdb/helm-values.yml @@ -1,43 +1,62 @@ --- -setDefaultUser: +auth: enabled: true - user: + admin: username: {{ OPMON_influxdb.admin_username }} password: {{ OPMON_influxdb.admin_password }} + user: + username: {{ OPMON_influxdb.username }} + password: {{ OPMON_influxdb.password }} + org: {{ OPMON_influxdb.influxdb_org }} + bucket: {{ OPMON_influxdb.influxdb_database }} + readUser: + username: {{ OPMON_influxdb.influxdb_ro_username }} + password: {{ OPMON_influxdb.influxdb_ro_password }} + writeUser: + username: {{ OPMON_influxdb.influxdb_rw_username }} + password: {{ OPMON_influxdb.influxdb_rw_password }} -env: {{ OPMON_influxdb.env | tojson }} +influxdb: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ kubernetes_label.worker }} + operator: Exists + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: # try to schedule away from Kafka + - key: "strimzi.io/cluster" + operator: In + values: + - "{{ dunedaq.kafka.name }}" + topologyKey: kubernetes.io/hostname persistence: enabled: true size: 8Gi # this size is guess work storageClass: {{ local_path_provisioner.storage_class_name }} -resources: # this is guess work - requests: - cpu: 10m - memory: 16Mi +{% if with_backups %} +backup: + enabled: true + successfulJobsHistoryLimit: 1 +{% endif %} -securityContext: - runAsUser: 1999 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault +metrics: + enabled: true + serviceMonitor: + enabled: true + labels: + jobLabel: influxdb-opmon + "{{ prometheus_servicemonitor_label_name }}": "{{ prometheus_servicemonitor_labels.influxdb }}" + jobLabel: jobLabel -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ kubernetes_label.worker }} - operator: Exists - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: # try to schedule away from Kafka - - key: "strimzi.io/cluster" - operator: In - values: - - "{{ dunedaq.kafka.name }}" - topologyKey: kubernetes.io/hostname +resources: # this is guess work + requests: + cpu: 50m + memory: 64Mi diff --git a/dune_daq_services/opmon/influxdb/kustomization.yml b/dune_daq_services/opmon/influxdb/kustomization.yml index 741edece..92c757c5 100644 --- a/dune_daq_services/opmon/influxdb/kustomization.yml +++ b/dune_daq_services/opmon/influxdb/kustomization.yml @@ -6,5 +6,4 @@ namespace: {{ DUNE_opmon.namespace }} resources: - helm-rendered.yaml - - influxdb-podmonitor.yml - grafana-datasource.yml diff --git a/dune_daq_services/opmon/variables/influxdb.yaml b/dune_daq_services/opmon/variables/influxdb.yaml index 8753b57d..5888ec94 100644 --- a/dune_daq_services/opmon/variables/influxdb.yaml +++ b/dune_daq_services/opmon/variables/influxdb.yaml @@ -2,18 +2,11 @@ OPMON_influxdb: admin_username: dune admin_password: {{ args.opmon_influxdb_admin_password }} - env: - - name: INFLUXDB_DB - value: {{ DUNE_opmon.influxdb_database }} - - name: INFLUXDB_USER # is this user used? - value: user - - name: INFLUXDB_USER_PASSWORD - value: {{ args.opmon_influxdb_user_influxdb_password }} - - name: INFLUXDB_READ_USER - value: {{ DUNE_opmon.influxdb_ro_username }} - - name: INFLUXDB_READ_USER_PASSWORD - value: {{ DUNE_opmon.influxdb_ro_password }} - - name: INFLUXDB_WRITE_USER - value: {{ OPMON_telegraf.influxdb_username }} - - name: INFLUXDB_WRITE_USER_PASSWORD - value: {{ OPMON_telegraf.influxdb_password }} + username: username # just set so our buckets create + password: {{ args.opmon_influxdb_user_influxdb_password }} + influxdb_org: dune + influxdb_database: {{ DUNE_opmon.influxdb_database }} + influxdb_rw_username: {{ OPMON_telegraf.influxdb_username }} + influxdb_rw_password: {{ OPMON_telegraf.influxdb_password }} + influxdb_ro_username: {{ DUNE_opmon.influxdb_ro_username }} + influxdb_ro_password: {{ DUNE_opmon.influxdb_ro_password }} diff --git a/variables/prometheus_labels.yaml b/variables/prometheus_labels.yaml index a75b878d..8a1c816c 100644 --- a/variables/prometheus_labels.yaml +++ b/variables/prometheus_labels.yaml @@ -6,6 +6,7 @@ prometheus_servicemonitor_label_name: prometheus.io/servicemonitor prometheus_servicemonitor_labels: system: system-metrics extra: extra-metrics + influxdb: influxdb-metrics kafka: kafka-metrics mongodb: mongodb-metrics postgresql: postgresql-metrics