diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4a3c2a9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# Ignore env files +.env +.envrc + +# Ignore editors +.DS_Store +.idea/ diff --git a/charts/chart-name/README.md b/charts/chart-name/README.md deleted file mode 100644 index 3d1d626..0000000 --- a/charts/chart-name/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# chart-name - -chart-description - -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) - -## About -<$chart-name> Helm chart - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| exampleValue | bool | `true` | exampleValue description | - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Labyrinth Labs | | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/chart-name/templates/helm-template.yaml b/charts/chart-name/templates/helm-template.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/charts/chart-name/values.yaml b/charts/chart-name/values.yaml deleted file mode 100644 index fceda65..0000000 --- a/charts/chart-name/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# -- exampleValue description -exampleValue: true diff --git a/charts/chart-name/.helmignore b/charts/dragonflydb-instance/.helmignore similarity index 100% rename from charts/chart-name/.helmignore rename to charts/dragonflydb-instance/.helmignore diff --git a/charts/chart-name/Chart.yaml b/charts/dragonflydb-instance/Chart.yaml similarity index 50% rename from charts/chart-name/Chart.yaml rename to charts/dragonflydb-instance/Chart.yaml index 78fd9db..2c57df7 100644 --- a/charts/chart-name/Chart.yaml +++ b/charts/dragonflydb-instance/Chart.yaml @@ -1,13 +1,9 @@ apiVersion: v2 -name: chart-name -description: chart-description - -type: application - +name: dragonflydb-instance +description: A Helm chart for deploying DragonflyDB databases using the DragonflyDB Operator CRD. version: 0.1.0 - -# Set appVersion if relevant for your chart -appVersion: "0.1.0" +appVersion: "1.0.0" +type: application maintainers: - name: Labyrinth Labs diff --git a/charts/dragonflydb-instance/README.md b/charts/dragonflydb-instance/README.md new file mode 100644 index 0000000..2903f5c --- /dev/null +++ b/charts/dragonflydb-instance/README.md @@ -0,0 +1,68 @@ +# dragonflydb-instance + +A Helm chart for deploying DragonflyDB databases using the DragonflyDB Operator CRD. + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +## About +dragonflydb-instance Helm chart + +## Requirements +- **cert-manager**: Required for managing TLS certificates. + - Repository: [https://charts.jetstack.io](https://charts.jetstack.io) + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| acl | object | `{"enabled":true,"existingSecret":"","key":"","optional":false,"rules":""}` | Access Control List (ACL) configuration | +| acl.enabled | bool | `true` | Enable ACL | +| acl.rules | string | `""` | The ACL rules to apply to the database if existingSecret is empty @see https://www.dragonflydb.io/docs/managing-dragonfly/acl Example: rules: | user user on >pass ~* &* +@string +@fast -@slow +set user rouser on >ropass ~* &* +@read | +| affinity | object | `{}` | Affinity rules for pod assignment @see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | +| args | list | `[]` | DragonflyDB configuration flags @see https://www.dragonflydb.io/docs/managing-dragonfly/flags | +| authentication | object | `{"password":{"enabled":false,"existingSecret":"","key":"","optional":false,"password":""},"tls":{"enabled":false,"optional":false}}` | Authentication configuration for DragonflyDB Only one type of authentication can be enabled at a time. If both password.enabled and tls.enabled are set to true, the deployment will fail. | +| authentication.password | object | `{"enabled":false,"existingSecret":"","key":"","optional":false,"password":""}` | Password-based authentication configuration | +| authentication.password.enabled | bool | `false` | Enable password authentication | +| authentication.password.existingSecret | string | `""` | Name of existing secret containing the password If empty, a new secret will be created | +| authentication.password.key | string | `""` | The key to use for the password in the secret | +| authentication.password.optional | bool | `false` | Optional password authentication | +| authentication.password.password | string | `""` | Password to use when existingSecret is empty | +| authentication.tls | object | `{"enabled":false,"optional":false}` | TLS-based client authentication configuration | +| authentication.tls.enabled | bool | `false` | Enable TLS client authentication | +| authentication.tls.optional | bool | `false` | Optional TLS client authentication | +| fullnameOverride | string | `""` | String to fully override app.fullname template | +| labels | object | `{}` | Additional labels to add to all resources XXX | +| nameOverride | string | `""` | String to partially override app.fullname template | +| nodeSelector | object | `{}` | Node selector for pod assignment @see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | +| pdb | object | `{"enabled":false,"maxUnavailable":0,"minAvailable":0}` | Pod disruption budget configuration @see https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | +| pdb.enabled | bool | `false` | Enable pod disruption budget | +| pdb.maxUnavailable | int | `0` | Maximum number of pods that can be unavailable | +| pdb.minAvailable | int | `0` | Minimum number of pods that must be available | +| podMonitor | object | `{"enabled":false,"endpoints":[{"port":"admin"}]}` | Prometheus PodMonitor configuration | +| podMonitor.enabled | bool | `false` | Enable Prometheus PodMonitor | +| podMonitor.endpoints | list | `[{"port":"admin"}]` | Define how to scrape metrics from the selected pod | +| priorityClassName | string | `""` | Priority class name for pods @see https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ | +| replicas | int | `1` | Number of DragonflyDB replicas to deploy | +| resources | object | `{}` | Resource requests and limits for the DragonflyDB pods | +| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Service account configuration | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use If not set and create is true, a name is generated using the fullname template | +| snapshot | object | `{"cron":"* * * * *","dir":"","enabled":false}` | Configuration for snapshot functionality | +| snapshot.cron | string | `"* * * * *"` | Cron expression to define the schedule for taking snapshots | +| snapshot.dir | string | `""` | Destination directory for storing snapshots This can be an S3 bucket URL `s3:///` or a local directory path. | +| snapshot.enabled | bool | `false` | Enable or disable periodic snapshots | +| tls | object | `{"enabled":false,"existingSecret":""}` | TLS configuration for the server | +| tls.enabled | bool | `false` | Enable TLS for the server. Note: If TLS is enabled, at least one authentication method (password or TLS) must be configured. | +| tls.existingSecret | string | `""` | Name of existing secret containing the TLS certificates The secret should contain: - tls.crt: The server certificate - tls.key: The private key - ca.crt: The CA certificate | +| tolerations | list | `[]` | Tolerations for pod assignment @see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | +| topologySpreadConstraints | list | `[]` | Pod topology spread constraints @see https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Labyrinth Labs | | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/chart-name/README.md.gotmpl b/charts/dragonflydb-instance/README.md.gotmpl similarity index 67% rename from charts/chart-name/README.md.gotmpl rename to charts/dragonflydb-instance/README.md.gotmpl index 9d16447..62a63ce 100644 --- a/charts/chart-name/README.md.gotmpl +++ b/charts/dragonflydb-instance/README.md.gotmpl @@ -5,7 +5,11 @@ {{ template "chart.badgesSection" . }} ## About -<$chart-name> Helm chart +dragonflydb-instance Helm chart + +## Requirements +- **cert-manager**: Required for managing TLS certificates. + - Repository: [https://charts.jetstack.io](https://charts.jetstack.io) {{ template "chart.valuesSection" . }} diff --git a/charts/chart-name/ci/enable-categories-values.yaml b/charts/dragonflydb-instance/ci/enable-categories-values.yaml similarity index 100% rename from charts/chart-name/ci/enable-categories-values.yaml rename to charts/dragonflydb-instance/ci/enable-categories-values.yaml diff --git a/charts/dragonflydb-instance/templates/_helpers.tpl b/charts/dragonflydb-instance/templates/_helpers.tpl new file mode 100644 index 0000000..6f9bdb9 --- /dev/null +++ b/charts/dragonflydb-instance/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "base.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "base.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "base.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "base.labels" -}} +helm.sh/chart: {{ include "base.chart" . }} +{{ include "base.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: dragonfly +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "base.selectorLabels" -}} +app.kubernetes.io/name: {{ include "base.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the app service account to use +*/}} +{{- define "base.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (printf "%s-sa" (include "base.fullname" .)) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/acl-secret.yaml b/charts/dragonflydb-instance/templates/acl-secret.yaml new file mode 100644 index 0000000..c8054f2 --- /dev/null +++ b/charts/dragonflydb-instance/templates/acl-secret.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.acl.enabled (not .Values.acl.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "base.fullname" . }}-acl + labels: + {{- include "base.labels" . | nindent 4 }} +type: Opaque +data: + {{ .Values.acl.key | default "rules" }}: {{ .Values.acl.rules | b64enc }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/auth-certificate.yaml b/charts/dragonflydb-instance/templates/auth-certificate.yaml new file mode 100644 index 0000000..8ddfea7 --- /dev/null +++ b/charts/dragonflydb-instance/templates/auth-certificate.yaml @@ -0,0 +1,29 @@ +{{- if .Values.authentication.tls.enabled }} + {{- if .Capabilities.APIVersions.Has "cert-manager.io/v1/Certificate" }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "base.fullname" . }}-cert-auth + labels: + {{- include "base.labels" . | nindent 4 }} +spec: + secretName: {{ include "base.fullname" . }}-cert-auth + commonName: {{ include "base.fullname" . }} + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + dnsNames: + - {{ include "base.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + - {{ include "base.fullname" . }}.{{ .Release.Namespace }} + - {{ include "base.fullname" . }} + usages: + - client auth + issuerRef: + name: {{ include "base.fullname" . }}-issuer + kind: Issuer + group: cert-manager.io + {{- else }} + {{- fail "cert-manager.io/v1/Certificate API version is not available in this cluster" }} + {{- end }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/auth-password.yaml b/charts/dragonflydb-instance/templates/auth-password.yaml new file mode 100644 index 0000000..546bba3 --- /dev/null +++ b/charts/dragonflydb-instance/templates/auth-password.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.authentication.password.enabled (not .Values.authentication.password.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "base.fullname" . }}-password-auth + labels: + {{- include "base.labels" . | nindent 4 }} +type: Opaque +data: + password: {{ default (randAlphaNum 32) .Values.authentication.password.password | b64enc }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/certificate.yaml b/charts/dragonflydb-instance/templates/certificate.yaml new file mode 100644 index 0000000..c5725ef --- /dev/null +++ b/charts/dragonflydb-instance/templates/certificate.yaml @@ -0,0 +1,27 @@ +{{- if or .Values.tls.enabled .Values.authentication.tls.enabled }} + {{- if .Capabilities.APIVersions.Has "cert-manager.io/v1/Certificate" }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "base.fullname" . }}-tls + labels: + {{- include "base.labels" . | nindent 4 }} +spec: + secretName: {{ include "base.fullname" . }}-tls + commonName: {{ include "base.fullname" . }} + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + dnsNames: + - {{ include "base.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + - {{ include "base.fullname" . }}.{{ .Release.Namespace }} + - {{ include "base.fullname" . }} + issuerRef: + name: {{ include "base.fullname" . }}-issuer + kind: Issuer + group: cert-manager.io + {{- else }} + {{- fail "cert-manager.io/v1/Certificate API version is not available in this cluster" }} + {{- end }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/dragonflydb.yaml b/charts/dragonflydb-instance/templates/dragonflydb.yaml new file mode 100644 index 0000000..1f4b6a2 --- /dev/null +++ b/charts/dragonflydb-instance/templates/dragonflydb.yaml @@ -0,0 +1,86 @@ +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly +metadata: + name: {{ include "base.fullname" . }} + labels: + {{- include "base.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicas }} + labels: + {{- include "base.selectorLabels" . | nindent 4 }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- if .Values.resources }} + resources: + {{- toYaml .Values.resources | nindent 4 }} + {{- end }} + + {{- if .Values.acl.enabled }} + aclFromSecret: + name: {{ .Values.acl.existingSecret | default (printf "%s-acl" (include "base.fullname" .)) }} + key: {{ .Values.acl.key | default "rules" }} + optional: {{ .Values.acl.optional }} + {{- end }} + + {{- if .Values.args }} + args: + {{- toYaml .Values.args | nindent 4 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- if or .Values.tls.enabled .Values.authentication.tls.enabled }} + tlsSecretRef: + name: {{ include "base.fullname" . }}-tls + {{- end }} + + {{- if and .Values.authentication.password.enabled .Values.authentication.tls.enabled }} + {{- fail "Only one type of authentication can be enabled at a time. Please disable either password or TLS authentication." }} + {{- end }} + + {{- if .Values.authentication.password.enabled }} + authentication: + passwordFromSecret: + name: {{ .Values.authentication.password.existingSecret | default (printf "%s-password-auth" (include "base.fullname" .)) }} + key: {{ .Values.authentication.password.key | default "password" }} + optional: {{ .Values.authentication.password.optional }} + {{- end }} + + {{- if .Values.authentication.tls.enabled }} + authentication: + clientCaCertSecret: + name: {{ include "base.fullname" . }}-cert-auth + key: ca.crt + optional: {{ .Values.authentication.tls.optional }} + {{- end }} + + {{- if .Values.snapshot.enabled }} + snapshot: + cron: {{ .Values.snapshot.cron | quote }} + dir: {{ .Values.snapshot.dir | quote }} + {{- end }} + + serviceAccountName: {{ include "base.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} diff --git a/charts/dragonflydb-instance/templates/issuer.yaml b/charts/dragonflydb-instance/templates/issuer.yaml new file mode 100644 index 0000000..d156c12 --- /dev/null +++ b/charts/dragonflydb-instance/templates/issuer.yaml @@ -0,0 +1,14 @@ +{{- if or .Values.tls.enabled .Values.authentication.tls.enabled }} + {{- if .Capabilities.APIVersions.Has "cert-manager.io/v1/Issuer" }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "base.fullname" . }}-issuer + labels: + {{- include "base.labels" . | nindent 4 }} +spec: + selfSigned: {} + {{- else }} + {{- fail "cert-manager.io/v1/Issuer API version is not available in this cluster" }} + {{- end }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/pdb.yaml b/charts/dragonflydb-instance/templates/pdb.yaml new file mode 100644 index 0000000..16b010d --- /dev/null +++ b/charts/dragonflydb-instance/templates/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "base.fullname" . }}-pdb + labels: + {{- include "base.labels" . | nindent 4 }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "base.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/podmonitor.yaml b/charts/dragonflydb-instance/templates/podmonitor.yaml new file mode 100644 index 0000000..ad33644 --- /dev/null +++ b/charts/dragonflydb-instance/templates/podmonitor.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "base.fullname" . }}-monitor + labels: + {{- include "base.labels" . | nindent 4 }} +spec: + jobLabel: dragonfly + podTargetLabels: + - app.kubernetes.io/name + - app.kubernetes.io/instance + selector: + matchLabels: + {{- include "base.selectorLabels" . | nindent 6 }} + podMetricsEndpoints: + {{- toYaml .Values.podMonitor.endpoints | nindent 4 }} +{{- end }} diff --git a/charts/dragonflydb-instance/templates/serviceaccount.yaml b/charts/dragonflydb-instance/templates/serviceaccount.yaml new file mode 100644 index 0000000..e19a40b --- /dev/null +++ b/charts/dragonflydb-instance/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "base.serviceAccountName" . }} + labels: + {{- include "base.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/dragonflydb-instance/values.yaml b/charts/dragonflydb-instance/values.yaml new file mode 100644 index 0000000..5cf9e9c --- /dev/null +++ b/charts/dragonflydb-instance/values.yaml @@ -0,0 +1,130 @@ +# -- String to partially override app.fullname template +nameOverride: "" +# -- String to fully override app.fullname template +fullnameOverride: "" + +# -- Additional labels to add to all resources XXX +labels: {} + +# -- Number of DragonflyDB replicas to deploy +replicas: 1 + +# -- Resource requests and limits for the DragonflyDB pods +resources: {} + +# -- DragonflyDB configuration flags +# @see https://www.dragonflydb.io/docs/managing-dragonfly/flags +args: [] + +# -- Authentication configuration for DragonflyDB +# Only one type of authentication can be enabled at a time. +# If both password.enabled and tls.enabled are set to true, the deployment will fail. +authentication: + # -- Password-based authentication configuration + password: + # -- Enable password authentication + enabled: false + # -- Name of existing secret containing the password + # If empty, a new secret will be created + existingSecret: "" + # -- Password to use when existingSecret is empty + password: "" + # -- Optional password authentication + optional: false + # -- The key to use for the password in the secret + key: "" + + # -- TLS-based client authentication configuration + tls: + # -- Enable TLS client authentication + enabled: false + # -- Optional TLS client authentication + optional: false + +# -- TLS configuration for the server +tls: + # -- Enable TLS for the server. + # Note: If TLS is enabled, at least one authentication method (password or TLS) must be configured. + enabled: false + # -- Name of existing secret containing the TLS certificates + # The secret should contain: + # - tls.crt: The server certificate + # - tls.key: The private key + # - ca.crt: The CA certificate + existingSecret: "" + +# -- Configuration for snapshot functionality +snapshot: + # -- Enable or disable periodic snapshots + enabled: false + # -- Cron expression to define the schedule for taking snapshots + cron: "* * * * *" + # -- Destination directory for storing snapshots + # This can be an S3 bucket URL `s3:///` or a local directory path. + dir: "" + +# -- Node selector for pod assignment +# @see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +nodeSelector: {} + +# -- Tolerations for pod assignment +# @see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +tolerations: [] + +# -- Affinity rules for pod assignment +# @see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + +# -- Pod topology spread constraints +# @see https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +topologySpreadConstraints: [] + +# -- Prometheus PodMonitor configuration +podMonitor: + # -- Enable Prometheus PodMonitor + enabled: false + # -- Define how to scrape metrics from the selected pod + endpoints: + - port: admin + +# -- Priority class name for pods +# @see https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ +priorityClassName: "" + +# -- Service account configuration +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- Pod disruption budget configuration +# @see https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +pdb: + # -- Enable pod disruption budget + enabled: false + # -- Minimum number of pods that must be available + minAvailable: 0 + # -- Maximum number of pods that can be unavailable + maxUnavailable: 0 + +# -- Access Control List (ACL) configuration +acl: + # -- Enable ACL + enabled: true + # If empty, a new secret will be created + existingSecret: "" + # If true, the ACL rules will be optional + optional: false + # The key to use for the ACL rules in the secret + key: "" + # -- The ACL rules to apply to the database if existingSecret is empty + # @see https://www.dragonflydb.io/docs/managing-dragonfly/acl + # Example: + # rules: | + # user user on >pass ~* &* +@string +@fast -@slow +set + # user rouser on >ropass ~* &* +@read + rules: ""