-
Notifications
You must be signed in to change notification settings - Fork 175
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cockroach-labs/cockroachdb: - 14.0.5 jfrog/artifactory-ha: - 107.90.15 jfrog/artifactory-jcr: - 107.90.15 kuma/kuma: - 2.9.0 nats/nats: - 1.2.6 speedscale/speedscale-operator: - 2.2.567
- Loading branch information
1 parent
529c6f6
commit 24c8600
Showing
488 changed files
with
64,502 additions
and
1 deletion.
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Contributing | ||
|
||
Contributions are welcome! | ||
|
||
For every change, please increment the `version` contained in | ||
[Chart.yaml](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/Chart.yaml). | ||
The `version` roughly follows the [SEMVER](https://semver.org/) versioning | ||
pattern. For changes which do not affect backwards compatibility, the PATCH or | ||
MINOR version must be incremented, e.g. `4.1.3` -> `4.1.4`. For changes which | ||
affect the backwards compatibility of the chart, the major version must be | ||
incremented, e.g. `4.1.3` -> `5.0.0`. Examples of changes which affect backwards | ||
compatibility include any major version releases of CockroachDB, as well as any | ||
breaking changes to the CockroachDB chart templates. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
annotations: | ||
catalog.cattle.io/certified: partner | ||
catalog.cattle.io/display-name: CockroachDB | ||
catalog.cattle.io/kube-version: '>=1.8-0' | ||
catalog.cattle.io/release-name: cockroachdb | ||
apiVersion: v1 | ||
appVersion: 24.2.4 | ||
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. | ||
home: https://www.cockroachlabs.com | ||
icon: file://assets/icons/cockroachdb.png | ||
kubeVersion: '>=1.8-0' | ||
maintainers: | ||
- email: [email protected] | ||
name: cockroachlabs | ||
name: cockroachdb | ||
sources: | ||
- https://github.com/cockroachdb/cockroach | ||
version: 14.0.5 |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# CockroachDB Chart | ||
|
||
CockroachDB is a Distributed SQL database that runs natively in Kubernetes. It gives you resilient, horizontal scale across multiple clouds with always-on availability and data partitioned by location. | ||
|
||
CockroachDB scales horizontally without reconfiguration or need for a massive architectural overhaul. Simply add a new node to the cluster and CockroachDB takes care of the underlying complexity. | ||
|
||
- Scale by simply adding new nodes to a CockroachDB cluster | ||
- Automate balancing and distribution of ranges, not shards | ||
- Optimize server utilization evenly across all nodes |
50 changes: 50 additions & 0 deletions
50
charts/cockroach-labs/cockroachdb/14.0.5/templates/NOTES.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
CockroachDB can be accessed via port {{ .Values.service.ports.grpc.external.port }} at the | ||
following DNS name from within your cluster: | ||
|
||
{{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }}.svc.cluster.local | ||
|
||
Because CockroachDB supports the PostgreSQL wire protocol, you can connect to | ||
the cluster using any available PostgreSQL client. | ||
|
||
{{- if not .Values.tls.enabled }} | ||
|
||
For example, you can open up a SQL shell to the cluster by running: | ||
|
||
kubectl run -it --rm cockroach-client \ | ||
--image=cockroachdb/cockroach \ | ||
--restart=Never \ | ||
{{- if .Values.networkPolicy.enabled }} | ||
--labels="{{ template "cockroachdb.fullname" . }}-client=true" \ | ||
{{- end }} | ||
--command -- \ | ||
./cockroach sql --insecure --host={{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} | ||
|
||
From there, you can interact with the SQL shell as you would any other SQL | ||
shell, confident that any data you write will be safe and available even if | ||
parts of your cluster fail. | ||
{{- else }} | ||
|
||
Note that because the cluster is running in secure mode, any client application | ||
that you attempt to connect will either need to have a valid client certificate | ||
or a valid username and password. | ||
{{- end }} | ||
|
||
{{- if and (.Values.networkPolicy.enabled) (not (empty .Values.networkPolicy.ingress.grpc)) }} | ||
|
||
Note: Since NetworkPolicy is enabled, the only Pods allowed to connect to this | ||
CockroachDB cluster are: | ||
|
||
1. Having the label: "{{ template "cockroachdb.fullname" . }}-client=true" | ||
|
||
2. Matching the following rules: {{- toYaml .Values.networkPolicy.ingress.grpc | nindent 0 }} | ||
{{- end }} | ||
|
||
Finally, to open up the CockroachDB admin UI, you can port-forward from your | ||
local machine into one of the instances in the cluster: | ||
|
||
kubectl port-forward -n {{ .Release.Namespace }} {{ template "cockroachdb.fullname" . }}-0 {{ index .Values.conf `http-port` | int64 }} | ||
|
||
Then you can access the admin UI at http{{ if .Values.tls.enabled }}s{{ end }}://localhost:{{ index .Values.conf `http-port` | int64 }}/ in your web browser. | ||
|
||
For more information on using CockroachDB, please see the project's docs at: | ||
https://www.cockroachlabs.com/docs/ |
291 changes: 291 additions & 0 deletions
291
charts/cockroach-labs/cockroachdb/14.0.5/templates/_helpers.tpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,291 @@ | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "cockroachdb.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 56 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "cockroachdb.fullname" -}} | ||
{{- if .Values.fullnameOverride -}} | ||
{{- .Values.fullnameOverride | trunc 56 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- $name := default .Chart.Name .Values.nameOverride -}} | ||
{{- if contains $name .Release.Name -}} | ||
{{- .Release.Name | trunc 56 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 56 | trimSuffix "-" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create a default fully qualified app name for cluster scope resource. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name with release namespace appended at the end. | ||
*/}} | ||
{{- define "cockroachdb.clusterfullname" -}} | ||
{{- if .Values.fullnameOverride -}} | ||
{{- printf "%s-%s" .Values.fullnameOverride .Release.Namespace | trunc 56 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- $name := default .Chart.Name .Values.nameOverride -}} | ||
{{- if contains $name .Release.Name -}} | ||
{{- printf "%s-%s" .Release.Name .Release.Namespace | trunc 56 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- printf "%s-%s-%s" .Release.Name $name .Release.Namespace | trunc 56 | trimSuffix "-" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "cockroachdb.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 56 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create the name of the ServiceAccount to use. | ||
*/}} | ||
{{- define "cockroachdb.serviceAccount.name" -}} | ||
{{- if .Values.statefulset.serviceAccount.create -}} | ||
{{- default (include "cockroachdb.fullname" .) .Values.statefulset.serviceAccount.name -}} | ||
{{- else -}} | ||
{{- default "default" .Values.statefulset.serviceAccount.name -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the appropriate apiVersion for NetworkPolicy. | ||
*/}} | ||
{{- define "cockroachdb.networkPolicy.apiVersion" -}} | ||
{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.Version -}} | ||
{{- print "extensions/v1beta1" -}} | ||
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.Version -}} | ||
{{- print "networking.k8s.io/v1" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the appropriate apiVersion for StatefulSets | ||
*/}} | ||
{{- define "cockroachdb.statefulset.apiVersion" -}} | ||
{{- if semverCompare "<1.12-0" .Capabilities.KubeVersion.Version -}} | ||
{{- print "apps/v1beta1" -}} | ||
{{- else -}} | ||
{{- print "apps/v1" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return CockroachDB store expression | ||
*/}} | ||
{{- define "cockroachdb.conf.store" -}} | ||
{{- $isInMemory := eq (.Values.conf.store.type | toString) "mem" -}} | ||
{{- $persistentSize := empty .Values.conf.store.size | ternary .Values.storage.persistentVolume.size .Values.conf.store.size -}} | ||
|
||
{{- $store := dict -}} | ||
{{- $_ := set $store "type" ($isInMemory | ternary "type=mem" "") -}} | ||
{{- $_ := set $store "path" ($isInMemory | ternary "" (print "path=" .Values.conf.path)) -}} | ||
{{- $_ := set $store "size" (print "size=" ($isInMemory | ternary .Values.conf.store.size $persistentSize)) -}} | ||
{{- $_ := set $store "attrs" (empty .Values.conf.store.attrs | ternary "" (print "attrs=" .Values.conf.store.attrs)) -}} | ||
|
||
{{ compact (values $store) | join "," }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Define the default values for the certificate selfSigner inputs | ||
*/}} | ||
{{- define "selfcerts.fullname" -}} | ||
{{- printf "%s-%s" (include "cockroachdb.fullname" .) "self-signer" | trunc 56 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{- define "rotatecerts.fullname" -}} | ||
{{- printf "%s-%s" (include "cockroachdb.fullname" .) "rotate-self-signer" | trunc 56 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{- define "selfcerts.minimumCertDuration" -}} | ||
{{- if .Values.tls.certs.selfSigner.minimumCertDuration -}} | ||
{{- print (.Values.tls.certs.selfSigner.minimumCertDuration | trimSuffix "h") -}} | ||
{{- else }} | ||
{{- $minCertDuration := min (sub (.Values.tls.certs.selfSigner.clientCertDuration | trimSuffix "h" ) (.Values.tls.certs.selfSigner.clientCertExpiryWindow | trimSuffix "h")) (sub (.Values.tls.certs.selfSigner.nodeCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.nodeCertExpiryWindow | trimSuffix "h")) -}} | ||
{{- print $minCertDuration -}} | ||
{{- end }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Define the cron schedules for certificate rotate jobs and converting from hours to valid cron string. | ||
We assume that each month has 31 days, hence the cron job may run few days earlier in a year. In a cron schedule, | ||
we can not set a cron of more than a year, hence we try to run the cron in such a way that the cron run comes to | ||
as close possible to the expiry window. However, it is possible that cron may run earlier than the expiry window. | ||
*/}} | ||
{{- define "selfcerts.caRotateSchedule" -}} | ||
{{- $tempHours := sub (.Values.tls.certs.selfSigner.caCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.caCertExpiryWindow | trimSuffix "h") -}} | ||
{{- $days := "*" -}} | ||
{{- $months := "*" -}} | ||
{{- $hours := mod $tempHours 24 -}} | ||
{{- if not (eq $hours $tempHours) -}} | ||
{{- $tempDays := div $tempHours 24 -}} | ||
{{- $days = mod $tempDays 31 -}} | ||
{{- if not (eq $days $tempDays) -}} | ||
{{- $days = add $days 1 -}} | ||
{{- $tempMonths := div $tempDays 31 -}} | ||
{{- $months = mod $tempMonths 12 -}} | ||
{{- if not (eq $months $tempMonths) -}} | ||
{{- $months = add $months 1 -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- if ne (toString $months) "*" -}} | ||
{{- $months = printf "*/%s" (toString $months) -}} | ||
{{- else -}} | ||
{{- if ne (toString $days) "*" -}} | ||
{{- $days = printf "*/%s" (toString $days) -}} | ||
{{- else -}} | ||
{{- if ne $hours 0 -}} | ||
{{- $hours = printf "*/%s" (toString $hours) -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- printf "0 %s %s %s *" (toString $hours) (toString $days) (toString $months) -}} | ||
{{- end -}} | ||
|
||
{{- define "selfcerts.clientRotateSchedule" -}} | ||
{{- $tempHours := int64 (include "selfcerts.minimumCertDuration" .) -}} | ||
{{- $days := "*" -}} | ||
{{- $months := "*" -}} | ||
{{- $hours := mod $tempHours 24 -}} | ||
{{- if not (eq $hours $tempHours) -}} | ||
{{- $tempDays := div $tempHours 24 -}} | ||
{{- $days = mod $tempDays 31 -}} | ||
{{- if not (eq $days $tempDays) -}} | ||
{{- $days = add $days 1 -}} | ||
{{- $tempMonths := div $tempDays 31 -}} | ||
{{- $months = mod $tempMonths 12 -}} | ||
{{- if not (eq $months $tempMonths) -}} | ||
{{- $months = add $months 1 -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- if ne (toString $months) "*" -}} | ||
{{- $months = printf "*/%s" (toString $months) -}} | ||
{{- else -}} | ||
{{- if ne (toString $days) "*" -}} | ||
{{- $days = printf "*/%s" (toString $days) -}} | ||
{{- else -}} | ||
{{- if ne $hours 0 -}} | ||
{{- $hours = printf "*/%s" (toString $hours) -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- printf "0 %s %s %s *" (toString $hours) (toString $days) (toString $months) -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Define the appropriate validations for the certificate selfSigner inputs | ||
*/}} | ||
|
||
{{/* | ||
Validate that if caProvided is true, then the caSecret must not be empty and secret must be present in the namespace. | ||
*/}} | ||
{{- define "cockroachdb.tls.certs.selfSigner.caProvidedValidation" -}} | ||
{{- if .Values.tls.certs.selfSigner.caProvided -}} | ||
{{- if eq "" .Values.tls.certs.selfSigner.caSecret -}} | ||
{{ fail "CA secret can't be empty if caProvided is set to true" }} | ||
{{- else -}} | ||
{{- if not (lookup "v1" "Secret" .Release.Namespace .Values.tls.certs.selfSigner.caSecret) }} | ||
{{ fail "CA secret is not present in the release namespace" }} | ||
{{- end }} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Validate that if caCertDuration or caCertExpiryWindow must not be empty and caCertExpiryWindow must be greater than | ||
minimumCertDuration. | ||
*/}} | ||
{{- define "cockroachdb.tls.certs.selfSigner.caCertValidation" -}} | ||
{{- if not .Values.tls.certs.selfSigner.caProvided -}} | ||
{{- if or (not .Values.tls.certs.selfSigner.caCertDuration) (not .Values.tls.certs.selfSigner.caCertExpiryWindow) }} | ||
{{ fail "CA cert duration or CA cert expiry window can not be empty" }} | ||
{{- else }} | ||
{{- if gt (int64 (include "selfcerts.minimumCertDuration" .)) (int64 (.Values.tls.certs.selfSigner.caCertExpiryWindow | trimSuffix "h")) -}} | ||
{{ fail "CA cert expiration window should not be less than minimum Cert duration" }} | ||
{{- end -}} | ||
{{- if gt (int64 (include "selfcerts.minimumCertDuration" .)) (sub (.Values.tls.certs.selfSigner.caCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.caCertExpiryWindow | trimSuffix "h")) -}} | ||
{{ fail "CA cert Duration minus CA cert expiration window should not be less than minimum Cert duration" }} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Validate that if clientCertDuration must not be empty and it must be greater than minimumCertDuration. | ||
*/}} | ||
{{- define "cockroachdb.tls.certs.selfSigner.clientCertValidation" -}} | ||
{{- if or (not .Values.tls.certs.selfSigner.clientCertDuration) (not .Values.tls.certs.selfSigner.clientCertExpiryWindow) }} | ||
{{ fail "Client cert duration can not be empty" }} | ||
{{- else }} | ||
{{- if lt (sub (.Values.tls.certs.selfSigner.clientCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.clientCertExpiryWindow | trimSuffix "h")) (int64 (include "selfcerts.minimumCertDuration" .)) }} | ||
{{ fail "Client cert duration minus client cert expiry window should not be less than minimum Cert duration" }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Validate that nodeCertDuration must not be empty and nodeCertDuration minus nodeCertExpiryWindow must be greater than minimumCertDuration. | ||
*/}} | ||
{{- define "cockroachdb.tls.certs.selfSigner.nodeCertValidation" -}} | ||
{{- if or (not .Values.tls.certs.selfSigner.nodeCertDuration) (not .Values.tls.certs.selfSigner.nodeCertExpiryWindow) }} | ||
{{ fail "Node cert duration can not be empty" }} | ||
{{- else }} | ||
{{- if lt (sub (.Values.tls.certs.selfSigner.nodeCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.nodeCertExpiryWindow | trimSuffix "h")) (int64 (include "selfcerts.minimumCertDuration" .))}} | ||
{{ fail "Node cert duration minus node cert expiry window should not be less than minimum Cert duration" }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Validate that if user enabled tls, then either self-signed certificates or certificate manager is enabled | ||
*/}} | ||
{{- define "cockroachdb.tlsValidation" -}} | ||
{{- if .Values.tls.enabled -}} | ||
{{- if and .Values.tls.certs.selfSigner.enabled .Values.tls.certs.certManager -}} | ||
{{ fail "Can not enable the self signed certificates and certificate manager at the same time" }} | ||
{{- end -}} | ||
{{- if and (not .Values.tls.certs.selfSigner.enabled) (not .Values.tls.certs.certManager) -}} | ||
{{- if not .Values.tls.certs.provided -}} | ||
{{ fail "You have to enable either self signed certificates or certificate manager, if you have enabled tls" }} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
|
||
{{- define "cockroachdb.tls.certs.selfSigner.validation" -}} | ||
{{ include "cockroachdb.tls.certs.selfSigner.caProvidedValidation" . }} | ||
{{ include "cockroachdb.tls.certs.selfSigner.caCertValidation" . }} | ||
{{ include "cockroachdb.tls.certs.selfSigner.clientCertValidation" . }} | ||
{{ include "cockroachdb.tls.certs.selfSigner.nodeCertValidation" . }} | ||
{{- end -}} | ||
|
||
{{- define "cockroachdb.securityContext.versionValidation" }} | ||
{{- /* Allow using `securityContext` for custom images. */}} | ||
{{- if ne "cockroachdb/cockroach" .Values.image.repository -}} | ||
{{ print true }} | ||
{{- else -}} | ||
{{- if semverCompare ">=22.1.2" .Values.image.tag -}} | ||
{{ print true }} | ||
{{- else -}} | ||
{{- if semverCompare ">=21.2.13, <22.1.0" .Values.image.tag -}} | ||
{{ print true }} | ||
{{- else -}} | ||
{{ print false }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} |
Oops, something went wrong.