From 67fba56184c88f56bae06ebc033beca68179f92b Mon Sep 17 00:00:00 2001 From: zyy17 Date: Mon, 11 Nov 2024 17:23:45 +0800 Subject: [PATCH] refactor(greptimedb-cluster): add SecurityContext (#196) --- charts/greptimedb-cluster/Chart.yaml | 2 +- charts/greptimedb-cluster/README.md | 42 ++++++++++++------- .../greptimedb-cluster/templates/cluster.yaml | 30 +++++++++++++ charts/greptimedb-cluster/values.yaml | 31 +++++++++++++- 4 files changed, 87 insertions(+), 18 deletions(-) diff --git a/charts/greptimedb-cluster/Chart.yaml b/charts/greptimedb-cluster/Chart.yaml index 4f45849..5f4ef98 100644 --- a/charts/greptimedb-cluster/Chart.yaml +++ b/charts/greptimedb-cluster/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: greptimedb-cluster description: A Helm chart for deploying GreptimeDB cluster in Kubernetes. type: application -version: 0.2.28 +version: 0.2.29 appVersion: 0.9.5 home: https://github.com/GreptimeTeam/greptimedb sources: diff --git a/charts/greptimedb-cluster/README.md b/charts/greptimedb-cluster/README.md index f1aa941..e5694e9 100644 --- a/charts/greptimedb-cluster/README.md +++ b/charts/greptimedb-cluster/README.md @@ -2,7 +2,7 @@ A Helm chart for deploying GreptimeDB cluster in Kubernetes. -![Version: 0.2.28](https://img.shields.io/badge/Version-0.2.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.5](https://img.shields.io/badge/AppVersion-0.9.5-informational?style=flat-square) +![Version: 0.2.29](https://img.shields.io/badge/Version-0.2.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.5](https://img.shields.io/badge/AppVersion-0.9.5-informational?style=flat-square) ## Source Code @@ -84,11 +84,11 @@ helm uninstall mycluster -n default | auth.fileName | string | `"passwd"` | The auth file name, the full path is `${mountPath}/${fileName}` | | auth.mountPath | string | `"/etc/greptimedb/auth"` | The auth file path to store the auth info | | auth.users | list | `[{"password":"admin","username":"admin"}]` | The users to be created in the auth file | -| base.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{}},"nodeSelector":{},"serviceAccountName":"","tolerations":[]}` | The pod template for base | +| base.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{}},"nodeSelector":{},"securityContext":{},"serviceAccountName":"","tolerations":[]}` | The pod template for base | | base.podTemplate.affinity | object | `{}` | The pod affinity | | base.podTemplate.annotations | object | `{}` | The annotations to be created to the pod. | | base.podTemplate.labels | object | `{}` | The labels to be created to the pod. | -| base.podTemplate.main | object | `{"args":[],"command":[],"env":[],"livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{}}` | The base spec of main container | +| base.podTemplate.main | object | `{"args":[],"command":[],"env":[],"livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{}}` | The base spec of main container | | base.podTemplate.main.args | list | `[]` | The arguments to be passed to the command | | base.podTemplate.main.command | list | `[]` | The command to be executed in the container | | base.podTemplate.main.env | list | `[]` | The environment variables for the container | @@ -96,19 +96,21 @@ helm uninstall mycluster -n default | base.podTemplate.main.readinessProbe | object | `{}` | The config for readiness probe of the main container | | base.podTemplate.main.resources.limits | object | `{}` | The resources limits for the container | | base.podTemplate.main.resources.requests | object | `{}` | The requested resources for the container | +| base.podTemplate.main.securityContext | object | `{}` | The configurations for security context of main container. | | base.podTemplate.main.startupProbe | object | `{}` | The config for startup probe of the main container | | base.podTemplate.nodeSelector | object | `{}` | The pod node selector | +| base.podTemplate.securityContext | object | `{}` | The configurations for pod security context. | | base.podTemplate.serviceAccountName | string | `""` | The global service account | | base.podTemplate.tolerations | list | `[]` | The pod tolerations | -| datanode | object | `{"configData":"","configFile":"","logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1,"storage":{"dataHome":"/data/greptimedb","mountPath":"/data/greptimedb","storageClassName":null,"storageRetainPolicy":"Retain","storageSize":"10Gi","walDir":"/data/greptimedb/wal"}}` | Datanode configure | +| datanode | object | `{"configData":"","configFile":"","logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1,"storage":{"dataHome":"/data/greptimedb","mountPath":"/data/greptimedb","storageClassName":null,"storageRetainPolicy":"Retain","storageSize":"10Gi","walDir":"/data/greptimedb/wal"}}` | Datanode configure | | datanode.configData | string | `""` | Extra raw toml config data of datanode. Skip if the `configFile` is used. | | datanode.configFile | string | `""` | Extra toml file of datanode. | | datanode.logging | object | `{}` | Logging configuration for datanode, if not set, it will use the global logging configuration. | -| datanode.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for datanode | +| datanode.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for datanode | | datanode.podTemplate.affinity | object | `{}` | The pod affinity | | datanode.podTemplate.annotations | object | `{}` | The annotations to be created to the pod. | | datanode.podTemplate.labels | object | `{}` | The labels to be created to the pod. | -| datanode.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | +| datanode.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | | datanode.podTemplate.main.args | list | `[]` | The arguments to be passed to the command | | datanode.podTemplate.main.command | list | `[]` | The command to be executed in the container | | datanode.podTemplate.main.env | list | `[]` | The environment variables for the container | @@ -117,9 +119,11 @@ helm uninstall mycluster -n default | datanode.podTemplate.main.readinessProbe | object | `{}` | The config for readiness probe of the main container | | datanode.podTemplate.main.resources.limits | object | `{}` | The resources limits for the container | | datanode.podTemplate.main.resources.requests | object | `{}` | The requested resources for the container | +| datanode.podTemplate.main.securityContext | object | `{}` | The configurations for datanode security context. | | datanode.podTemplate.main.startupProbe | object | `{}` | The config for startup probe of the main container | | datanode.podTemplate.main.volumeMounts | list | `[]` | The pod volumeMounts | | datanode.podTemplate.nodeSelector | object | `{}` | The pod node selector | +| datanode.podTemplate.securityContext | object | `{}` | The configurations for datanode security context. | | datanode.podTemplate.serviceAccount.annotations | object | `{}` | The annotations for datanode serviceaccount | | datanode.podTemplate.serviceAccount.create | bool | `false` | Create a service account | | datanode.podTemplate.tolerations | list | `[]` | The pod tolerations | @@ -134,16 +138,16 @@ helm uninstall mycluster -n default | debugPod.enabled | bool | `false` | Enable debug pod | | debugPod.image | object | `{"registry":"docker.io","repository":"greptime/greptime-tool","tag":"20240905-67eaa147"}` | The debug pod image | | debugPod.resources | object | `{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | The debug pod resource | -| flownode | object | `{"configData":"","configFile":"","enabled":false,"logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1}` | Flownode configure. **It's NOT READY YET** | +| flownode | object | `{"configData":"","configFile":"","enabled":false,"logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1}` | Flownode configure. **It's NOT READY YET** | | flownode.configData | string | `""` | Extra raw toml config data of flownode. Skip if the `configFile` is used. | | flownode.configFile | string | `""` | Extra toml file of flownode. | | flownode.enabled | bool | `false` | Enable flownode | | flownode.logging | object | `{}` | Logging configuration for flownode, if not set, it will use the global logging configuration. | -| flownode.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for frontend | +| flownode.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for frontend | | flownode.podTemplate.affinity | object | `{}` | The pod affinity | | flownode.podTemplate.annotations | object | `{}` | The annotations to be created to the pod. | | flownode.podTemplate.labels | object | `{}` | The labels to be created to the pod. | -| flownode.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | +| flownode.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | | flownode.podTemplate.main.args | list | `[]` | The arguments to be passed to the command | | flownode.podTemplate.main.command | list | `[]` | The command to be executed in the container | | flownode.podTemplate.main.env | list | `[]` | The environment variables for the container | @@ -152,23 +156,25 @@ helm uninstall mycluster -n default | flownode.podTemplate.main.readinessProbe | object | `{}` | The config for readiness probe of the main container | | flownode.podTemplate.main.resources.limits | object | `{}` | The resources limits for the container | | flownode.podTemplate.main.resources.requests | object | `{}` | The requested resources for the container | +| flownode.podTemplate.main.securityContext | object | `{}` | The configurations for flownode security context. | | flownode.podTemplate.main.startupProbe | object | `{}` | The config for startup probe of the main container | | flownode.podTemplate.main.volumeMounts | list | `[]` | The pod volumeMounts | | flownode.podTemplate.nodeSelector | object | `{}` | The pod node selector | +| flownode.podTemplate.securityContext | object | `{}` | The configurations for flownode security context. | | flownode.podTemplate.serviceAccount.annotations | object | `{}` | The annotations for flownode serviceaccount | | flownode.podTemplate.serviceAccount.create | bool | `false` | Create a service account | | flownode.podTemplate.tolerations | list | `[]` | The pod tolerations | | flownode.podTemplate.volumes | list | `[]` | The pod volumes | | flownode.replicas | int | `1` | Flownode replicas | -| frontend | object | `{"configData":"","configFile":"","logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1,"service":{},"tls":{}}` | Frontend configure | +| frontend | object | `{"configData":"","configFile":"","logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1,"service":{},"tls":{}}` | Frontend configure | | frontend.configData | string | `""` | Extra raw toml config data of frontend. Skip if the `configFile` is used. | | frontend.configFile | string | `""` | Extra toml file of frontend. | | frontend.logging | object | `{}` | Logging configuration for frontend, if not set, it will use the global logging configuration. | -| frontend.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for frontend | +| frontend.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for frontend | | frontend.podTemplate.affinity | object | `{}` | The pod affinity | | frontend.podTemplate.annotations | object | `{}` | The annotations to be created to the pod. | | frontend.podTemplate.labels | object | `{}` | The labels to be created to the pod. | -| frontend.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | +| frontend.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | | frontend.podTemplate.main.args | list | `[]` | The arguments to be passed to the command | | frontend.podTemplate.main.command | list | `[]` | The command to be executed in the container | | frontend.podTemplate.main.env | list | `[]` | The environment variables for the container | @@ -177,9 +183,11 @@ helm uninstall mycluster -n default | frontend.podTemplate.main.readinessProbe | object | `{}` | The config for readiness probe of the main container | | frontend.podTemplate.main.resources.limits | object | `{}` | The resources limits for the container | | frontend.podTemplate.main.resources.requests | object | `{}` | The requested resources for the container | +| frontend.podTemplate.main.securityContext | object | `{}` | The configurations for frontend container. | | frontend.podTemplate.main.startupProbe | object | `{}` | The config for startup probe of the main container | | frontend.podTemplate.main.volumeMounts | list | `[]` | The pod volumeMounts | | frontend.podTemplate.nodeSelector | object | `{}` | The pod node selector | +| frontend.podTemplate.securityContext | object | `{}` | The configurations for frontend security context. | | frontend.podTemplate.serviceAccount.annotations | object | `{}` | The annotations for frontend serviceaccount | | frontend.podTemplate.serviceAccount.create | bool | `false` | Create a service account | | frontend.podTemplate.tolerations | list | `[]` | The pod tolerations | @@ -216,7 +224,7 @@ helm uninstall mycluster -n default | image.tag | string | `"v0.9.5"` | The image tag | | initializer.registry | string | `"docker.io"` | Initializer image registry | | initializer.repository | string | `"greptime/greptimedb-initializer"` | Initializer image repository | -| initializer.tag | string | `"v0.1.3-alpha.3"` | Initializer image tag | +| initializer.tag | string | `"v0.1.3-alpha.6"` | Initializer image tag | | logging | object | `{"filters":[],"format":"text","level":"info","logsDir":"/data/greptimedb/logs","onlyLogToStdout":false,"persistentWithData":false,"slowQuery":{"enabled":false,"sampleRatio":"1.0","threshold":"10s"}}` | Global logging configuration | | logging.filters | list | `[]` | The log filters, use the syntax of `target[span\{field=value\}]=level` to filter the logs. | | logging.format | string | `"text"` | The log format for greptimedb, only support "json" and "text" | @@ -228,17 +236,17 @@ helm uninstall mycluster -n default | logging.slowQuery.enabled | bool | `false` | Enable slow query log. | | logging.slowQuery.sampleRatio | string | `"1.0"` | Sample ratio of slow query log. | | logging.slowQuery.threshold | string | `"10s"` | The threshold of slow query log in seconds. | -| meta | object | `{"configData":"","configFile":"","enableRegionFailover":false,"etcdEndpoints":"etcd.etcd-cluster.svc.cluster.local:2379","logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1,"storeKeyPrefix":""}` | Meta configure | +| meta | object | `{"configData":"","configFile":"","enableRegionFailover":false,"etcdEndpoints":"etcd.etcd-cluster.svc.cluster.local:2379","logging":{},"podTemplate":{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]},"replicas":1,"storeKeyPrefix":""}` | Meta configure | | meta.configData | string | `""` | Extra raw toml config data of meta. Skip if the `configFile` is used. | | meta.configFile | string | `""` | Extra toml file of meta. | | meta.enableRegionFailover | bool | `false` | Whether to enable region failover | | meta.etcdEndpoints | string | `"etcd.etcd-cluster.svc.cluster.local:2379"` | Meta etcd endpoints | | meta.logging | object | `{}` | Logging configuration for meta, if not set, it will use the global logging configuration. | -| meta.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for meta | +| meta.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]},"nodeSelector":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":false},"tolerations":[],"volumes":[]}` | The pod template for meta | | meta.podTemplate.affinity | object | `{}` | The pod affinity | | meta.podTemplate.annotations | object | `{}` | The annotations to be created to the pod. | | meta.podTemplate.labels | object | `{}` | The labels to be created to the pod. | -| meta.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | +| meta.podTemplate.main | object | `{"args":[],"command":[],"env":[],"image":"","livenessProbe":{},"readinessProbe":{},"resources":{"limits":{},"requests":{}},"securityContext":{},"startupProbe":{},"volumeMounts":[]}` | The spec of main container | | meta.podTemplate.main.args | list | `[]` | The arguments to be passed to the command | | meta.podTemplate.main.command | list | `[]` | The command to be executed in the container | | meta.podTemplate.main.env | list | `[]` | The environment variables for the container | @@ -247,9 +255,11 @@ helm uninstall mycluster -n default | meta.podTemplate.main.readinessProbe | object | `{}` | The config for readiness probe of the main container | | meta.podTemplate.main.resources.limits | object | `{}` | The resources limits for the container | | meta.podTemplate.main.resources.requests | object | `{}` | The requested resources for the container | +| meta.podTemplate.main.securityContext | object | `{}` | The configurations for meta security context. | | meta.podTemplate.main.startupProbe | object | `{}` | The config for startup probe of the main container | | meta.podTemplate.main.volumeMounts | list | `[]` | The pod volumeMounts | | meta.podTemplate.nodeSelector | object | `{}` | The pod node selector | +| meta.podTemplate.securityContext | object | `{}` | The configurations for meta security context. | | meta.podTemplate.serviceAccount.annotations | object | `{}` | The annotations for meta serviceaccount | | meta.podTemplate.serviceAccount.create | bool | `false` | Create a service account | | meta.podTemplate.tolerations | list | `[]` | The pod tolerations | diff --git a/charts/greptimedb-cluster/templates/cluster.yaml b/charts/greptimedb-cluster/templates/cluster.yaml index 2314873..ce4ca6c 100644 --- a/charts/greptimedb-cluster/templates/cluster.yaml +++ b/charts/greptimedb-cluster/templates/cluster.yaml @@ -28,6 +28,9 @@ spec: {{- if .Values.base.podTemplate.main.livenessProbe }} livenessProbe: {{- toYaml .Values.base.podTemplate.main.livenessProbe | nindent 8 }} {{- end }} + {{- if .Values.base.podTemplate.main.securityContext }} + securityContext: {{ .Values.base.podTemplate.main.securityContext | toYaml | nindent 8 }} + {{- end }} {{- if .Values.base.podTemplate.annotations }} annotations: {{ .Values.base.podTemplate.annotations | toYaml | nindent 6 }} {{- end }} @@ -52,6 +55,9 @@ spec: - name: {{ . }} {{- end }} {{- end }} + {{- if .Values.base.podTemplate.securityContext }} + securityContext: {{ .Values.base.podTemplate.securityContext | toYaml | nindent 6 }} + {{- end }} frontend: replicas: {{ .Values.frontend.replicas }} {{- if or .Values.frontend.configFile .Values.frontend.configData }} @@ -112,6 +118,9 @@ spec: {{- if .Values.frontend.podTemplate.main.livenessProbe }} livenessProbe: {{- toYaml .Values.frontend.podTemplate.main.livenessProbe | nindent 10 }} {{- end }} + {{- if .Values.frontend.podTemplate.main.securityContext }} + securityContext: {{ .Values.frontend.podTemplate.main.securityContext | toYaml | nindent 10 }} + {{- end }} {{- if .Values.frontend.podTemplate.annotations }} annotations: {{ .Values.frontend.podTemplate.annotations | toYaml | nindent 8 }} {{- end }} @@ -141,6 +150,9 @@ spec: secretName: {{ .Release.Name }}-users-auth {{- end }} {{- end }} + {{- if .Values.frontend.podTemplate.securityContext }} + securityContext: {{ .Values.frontend.podTemplate.securityContext | toYaml | nindent 8 }} + {{- end }} {{- if .Values.frontend.logging }} logging: {{- if .Values.frontend.logging.level }} @@ -232,6 +244,9 @@ spec: {{- if .Values.meta.podTemplate.main.livenessProbe }} livenessProbe: {{- toYaml .Values.meta.podTemplate.main.livenessProbe | nindent 10 }} {{- end }} + {{- if .Values.meta.podTemplate.main.securityContext }} + securityContext: {{ .Values.meta.podTemplate.main.securityContext | toYaml | nindent 10 }} + {{- end }} {{- if .Values.meta.podTemplate.annotations }} annotations: {{ .Values.meta.podTemplate.annotations | toYaml | nindent 8 }} {{- end }} @@ -253,6 +268,9 @@ spec: {{- if .Values.meta.podTemplate.volumes}} volumes: {{ .Values.meta.podTemplate.volumes | toYaml | nindent 8 }} {{- end }} + {{- if .Values.meta.podTemplate.securityContext }} + securityContext: {{ .Values.meta.podTemplate.securityContext | toYaml | nindent 8 }} + {{- end }} datanode: replicas: {{ .Values.datanode.replicas }} {{- if or .Values.datanode.configFile .Values.datanode.configData }} @@ -292,6 +310,9 @@ spec: {{- if .Values.datanode.podTemplate.main.livenessProbe }} livenessProbe: {{- toYaml .Values.datanode.podTemplate.main.livenessProbe | nindent 10 }} {{- end }} + {{- if .Values.datanode.podTemplate.main.securityContext }} + securityContext: {{ .Values.datanode.podTemplate.main.securityContext | toYaml | nindent 10 }} + {{- end }} {{- if .Values.datanode.podTemplate.annotations }} annotations: {{ .Values.datanode.podTemplate.annotations | toYaml | nindent 8 }} {{- end }} @@ -313,6 +334,9 @@ spec: {{- if .Values.datanode.podTemplate.volumes}} volumes: {{ .Values.datanode.podTemplate.volumes | toYaml | nindent 8 }} {{- end }} + {{- if .Values.datanode.podTemplate.securityContext }} + securityContext: {{ .Values.datanode.podTemplate.securityContext | toYaml | nindent 8 }} + {{- end }} {{- if .Values.datanode.logging }} logging: {{- if .Values.datanode.logging.level }} @@ -381,6 +405,9 @@ spec: {{- if .Values.flownode.podTemplate.main.livenessProbe }} livenessProbe: {{- toYaml .Values.flownode.podTemplate.main.livenessProbe | nindent 10 }} {{- end }} + {{- if .Values.flownode.podTemplate.main.securityContext }} + securityContext: {{ .Values.flownode.podTemplate.main.securityContext | toYaml | nindent 10 }} + {{- end }} {{- if .Values.flownode.podTemplate.annotations }} annotations: {{ .Values.flownode.podTemplate.annotations | toYaml | nindent 8 }} {{- end }} @@ -402,6 +429,9 @@ spec: {{- if .Values.flownode.podTemplate.volumes }} volumes: {{ .Values.flownode.podTemplate.volumes | toYaml | nindent 8 }} {{- end }} + {{- if .Values.flownode.podTemplate.securityContext }} + securityContext: {{ .Values.flownode.podTemplate.securityContext | toYaml | nindent 8 }} + {{- end }} {{- if .Values.flownode.logging }} logging: {{- if .Values.flownode.logging.level }} diff --git a/charts/greptimedb-cluster/values.yaml b/charts/greptimedb-cluster/values.yaml index 5527036..f0a913c 100644 --- a/charts/greptimedb-cluster/values.yaml +++ b/charts/greptimedb-cluster/values.yaml @@ -14,7 +14,7 @@ initializer: # -- Initializer image repository repository: greptime/greptimedb-initializer # -- Initializer image tag - tag: v0.1.3-alpha.3 + tag: v0.1.3-alpha.6 base: # -- The pod template for base @@ -95,6 +95,9 @@ base: # # -- The failure threshold for the readiness probe # failureThreshold: 3 + # -- The configurations for security context of main container. + securityContext: {} + # -- The annotations to be created to the pod. annotations: {} # -- The labels to be created to the pod. @@ -107,6 +110,8 @@ base: affinity: {} # -- The global service account serviceAccountName: "" + # -- The configurations for pod security context. + securityContext: {} # -- Frontend configure frontend: @@ -203,6 +208,9 @@ frontend: # # -- The failure threshold for the readiness probe # failureThreshold: 3 + # -- The configurations for frontend container. + securityContext: {} + # -- The annotations to be created to the pod. annotations: {} # -- The labels to be created to the pod. @@ -222,6 +230,9 @@ frontend: # -- The annotations for frontend serviceaccount annotations: {} + # -- The configurations for frontend security context. + securityContext: {} + # -- Frontend service service: {} @@ -344,6 +355,9 @@ meta: # # -- The failure threshold for the readiness probe # failureThreshold: 3 + # -- The configurations for meta security context. + securityContext: {} + # -- The annotations to be created to the pod. annotations: {} # -- The labels to be created to the pod. @@ -363,6 +377,9 @@ meta: # -- The annotations for meta serviceaccount annotations: {} + # -- The configurations for meta security context. + securityContext: {} + # -- Meta etcd endpoints etcdEndpoints: "etcd.etcd-cluster.svc.cluster.local:2379" @@ -486,6 +503,9 @@ datanode: # # -- The failure threshold for the readiness probe # failureThreshold: 3 + # -- The configurations for datanode security context. + securityContext: {} + # -- The annotations to be created to the pod. annotations: {} # -- The labels to be created to the pod. @@ -505,6 +525,9 @@ datanode: # -- The annotations for datanode serviceaccount annotations: {} + # -- The configurations for datanode security context. + securityContext: {} + storage: # -- Storage class for datanode persistent volume storageClassName: null @@ -658,6 +681,9 @@ flownode: # # -- The failure threshold for the readiness probe # failureThreshold: 3 + # -- The configurations for flownode security context. + securityContext: {} + # -- The annotations to be created to the pod. annotations: {} # -- The labels to be created to the pod. @@ -677,6 +703,9 @@ flownode: # -- The annotations for flownode serviceaccount annotations: {} + # -- The configurations for flownode security context. + securityContext: {} + # -- GreptimeDB http service port httpServicePort: 4000 # -- GreptimeDB grpc service port