--- # Source: tubearchivist/charts/redis/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: true metadata: name: tubearchivist-redis namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm --- # Source: tubearchivist/charts/elasticsearch/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: tubearchivist-elasticsearch namespace: "tubearchivist" labels: app.kubernetes.io/name: elasticsearch helm.sh/chart: elasticsearch-19.5.12 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm data: my_elasticsearch.yml: |- path: repo: /usr/share/elasticsearch/data/snapshot --- # Source: tubearchivist/charts/redis/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: tubearchivist-redis-configuration namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm data: redis.conf: |- # User-supplied common configuration: # Enable AOF https://redis.io/topics/persistence#append-only-file appendonly yes # Disable RDB persistence, AOF persistence already enabled. save "" # Enable Redis Json module loadmodule /opt/redis-stack/lib/rejson.so # End of common configuration master.conf: |- dir /data # User-supplied master configuration: rename-command FLUSHDB "" rename-command FLUSHALL "" # End of master configuration replica.conf: |- dir /data # User-supplied replica configuration: rename-command FLUSHDB "" rename-command FLUSHALL "" # End of replica configuration --- # Source: tubearchivist/charts/redis/templates/health-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: tubearchivist-redis-health namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm data: ping_readiness_local.sh: |- #!/bin/bash [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_local.sh: |- #!/bin/bash [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then echo "$response" exit 1 fi ping_readiness_master.sh: |- #!/bin/bash [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_master.sh: |- #!/bin/bash [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then echo "$response" exit 1 fi ping_readiness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? exit $exit_status ping_liveness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? exit $exit_status --- # Source: tubearchivist/charts/redis/templates/scripts-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: tubearchivist-redis-scripts namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm data: start-master.sh: | #!/bin/bash [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf fi if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf fi ARGS=("--port" "${REDIS_PORT}") ARGS+=("--protected-mode" "no") ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") exec redis-server "${ARGS[@]}" start-replica.sh: | #!/bin/bash get_port() { hostname="$1" type="$2" port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") port=${!port_var} if [ -z "$port" ]; then case $type in "SENTINEL") echo 26379 ;; "REDIS") echo 6379 ;; esac else echo $port fi } get_full_hostname() { hostname="$1" full_hostname="${hostname}.${HEADLESS_SERVICE}" echo "${full_hostname}" } REDISPORT=$(get_port "$HOSTNAME" "REDIS") [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf fi if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf fi echo "" >> /opt/bitnami/redis/etc/replica.conf echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf ARGS=("--port" "${REDIS_PORT}") ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") ARGS+=("--protected-mode" "no") ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") exec redis-server "${ARGS[@]}" --- # Source: tubearchivist/charts/elasticsearch/templates/master/svc-headless.yaml apiVersion: v1 kind: Service metadata: name: tubearchivist-elasticsearch-master-hl namespace: "tubearchivist" labels: app.kubernetes.io/name: elasticsearch helm.sh/chart: elasticsearch-19.5.12 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: master spec: type: ClusterIP publishNotReadyAddresses: true ports: - name: tcp-rest-api port: 9200 targetPort: rest-api - name: tcp-transport port: 9300 targetPort: transport selector: app.kubernetes.io/name: elasticsearch app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: master --- # Source: tubearchivist/charts/elasticsearch/templates/service.yaml apiVersion: v1 kind: Service metadata: name: tubearchivist-elasticsearch namespace: "tubearchivist" labels: app.kubernetes.io/name: elasticsearch helm.sh/chart: elasticsearch-19.5.12 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: master annotations: spec: type: ClusterIP sessionAffinity: None ports: - name: tcp-rest-api port: 9200 targetPort: rest-api nodePort: null - name: tcp-transport port: 9300 nodePort: null selector: app.kubernetes.io/name: elasticsearch app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: master --- # Source: tubearchivist/charts/redis/templates/headless-svc.yaml apiVersion: v1 kind: Service metadata: name: tubearchivist-redis-headless namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm annotations: spec: type: ClusterIP clusterIP: None ports: - name: tcp-redis port: 6379 targetPort: redis selector: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist --- # Source: tubearchivist/charts/redis/templates/master/service.yaml apiVersion: v1 kind: Service metadata: name: tubearchivist-redis-master namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: master spec: type: ClusterIP internalTrafficPolicy: Cluster sessionAffinity: None ports: - name: tcp-redis port: 6379 targetPort: redis nodePort: null selector: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: master --- # Source: tubearchivist/charts/redis/templates/replicas/service.yaml apiVersion: v1 kind: Service metadata: name: tubearchivist-redis-replicas namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: replica spec: type: ClusterIP internalTrafficPolicy: Cluster sessionAffinity: None ports: - name: tcp-redis port: 6379 targetPort: redis nodePort: null selector: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: replica --- # Source: tubearchivist/templates/common.yaml apiVersion: v1 kind: Service metadata: name: tubearchivist labels: app.kubernetes.io/service: tubearchivist app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: tubearchivist app.kubernetes.io/version: v0.3.4 helm.sh/chart: tubearchivist-0.8.6 annotations: spec: type: ClusterIP ports: - port: 4180 targetPort: 4180 protocol: TCP name: http selector: app.kubernetes.io/instance: tubearchivist app.kubernetes.io/name: tubearchivist --- # Source: tubearchivist/templates/common.yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: tubearchivist labels: app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: tubearchivist app.kubernetes.io/version: v0.3.4 helm.sh/chart: tubearchivist-0.8.6 spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: tubearchivist app.kubernetes.io/instance: tubearchivist template: metadata: labels: app.kubernetes.io/name: tubearchivist app.kubernetes.io/instance: tubearchivist spec: serviceAccountName: default automountServiceAccountToken: true dnsPolicy: ClusterFirst enableServiceLinks: true securityContext: sysctls: - name: net.ipv4.tcp_rmem value: "4096 87380 33554432" - name: net.ipv4.tcp_wmem value: "4096 65536 33554432" initContainers: - name: killswitch image: xjasonlyu/tun2socks:latest command: ["sh","-c"] args: - | iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT iptables -t mangle -A POSTROUTING -o eth0 -j DROP securityContext: capabilities: add: ["NET_ADMIN","SYS_TIME"] containers: - name: tubearchivist image: "bbilly1/tubearchivist:v0.4.5" imagePullPolicy: IfNotPresent env: - name: ELASTIC_PASSWORD value: changeme - name: ES_URL value: http://tubearchivist-elasticsearch:9200 - name: HOST_GID value: "100" - name: HOST_UID value: "1029" - name: REDIS_HOST value: tubearchivist-redis-master - name: TA_AUTH_PROXY_LOGOUT_URL value: https://tubearchivist.strudelline.net/oauth2/sign_out - name: TA_AUTH_PROXY_USERNAME_HEADER value: HTTP_X_FORWARDED_PREFERRED_USERNAME - name: TA_ENABLE_AUTH_PROXY value: "true" - name: TA_HOST value: tubearchivist.strudelline.net - name: TA_PASSWORD value: changeme - name: TA_USERNAME value: james - name: TA_MEDIA_DIR value: /youtube ports: - name: http-insecure containerPort: 8000 protocol: TCP volumeMounts: - name: cache mountPath: /cache - name: import mountPath: /cache/import - name: youtube mountPath: /youtube livenessProbe: failureThreshold: 3 initialDelaySeconds: 0 periodSeconds: 10 tcpSocket: port: 8000 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 initialDelaySeconds: 0 periodSeconds: 10 tcpSocket: port: 8000 timeoutSeconds: 1 startupProbe: failureThreshold: 30 initialDelaySeconds: 0 periodSeconds: 5 tcpSocket: port: 8000 timeoutSeconds: 1 - name: vpn image: xjasonlyu/tun2socks:latest command: ["sh","-c"] args: - | mkdir -p /dev/net mknod /dev/net/tun c 10 200 exec /entrypoint.sh env: - name: TUN value: tun0 - name: PROXY value: socks5://172.16.17.180:1080 - name: TUN_EXCLUDED_ROUTES value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 securityContext: capabilities: add: ["NET_ADMIN","SYS_TIME"] - name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 imagePullPolicy: IfNotPresent env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: oidc-client key: client_id - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: oidc-client key: client_secret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy key: cookie_secret - name: OAUTH2_PROXY_UPSTREAMS value: http://localhost:8000 args: - --http-address=0.0.0.0:4180 - --whitelist-domain=strudelline.net:* - --whitelist-domain=.strudelline.net:* - --cookie-domain=strudelline.net - --email-domain=werts.us - --email-domain=strudelline.net - --email-domain=andariese.net - --skip-auth-route=GET=^/api/ - --skip-auth-route=OPTIONS=^/api/ - --cookie-secure - --skip-provider-button - --set-xauthrequest - --pass-user-headers - --provider=oidc - --oidc-issuer-url=https://auth.werts.us/realms/werts - --cookie-csrf-per-request livenessProbe: failureThreshold: 3 httpGet: path: /ping port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 ports: - containerPort: 4180 name: http protocol: TCP volumes: - name: cache nfs: server: 172.16.18.1 path: /volume1/youtube/tubearchivist-cache - name: import nfs: server: 172.16.18.1 path: /volume1/youtube/.src - name: youtube nfs: server: 172.16.18.1 path: /volume1/youtube --- # Source: tubearchivist/charts/elasticsearch/templates/master/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: tubearchivist-elasticsearch-master namespace: "tubearchivist" labels: app.kubernetes.io/name: elasticsearch helm.sh/chart: elasticsearch-19.5.12 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: master ## Istio Labels: https://istio.io/docs/ops/deployment/requirements/ app: master spec: replicas: 1 podManagementPolicy: Parallel selector: matchLabels: app.kubernetes.io/name: elasticsearch app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: master serviceName: tubearchivist-elasticsearch-master-hl updateStrategy: type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: elasticsearch helm.sh/chart: elasticsearch-19.5.12 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: master ## Istio Labels: https://istio.io/docs/ops/deployment/requirements/ app: master annotations: spec: serviceAccountName: default affinity: podAffinity: podAntiAffinity: nodeAffinity: securityContext: fsGroup: 1001 initContainers: ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl image: docker.io/bitnami/bitnami-shell:11-debian-11-r87 imagePullPolicy: "IfNotPresent" command: - /bin/bash - -ec - | CURRENT=`sysctl -n vm.max_map_count`; DESIRED="262144"; if [ "$DESIRED" -gt "$CURRENT" ]; then sysctl -w vm.max_map_count=262144; fi; CURRENT=`sysctl -n fs.file-max`; DESIRED="65536"; if [ "$DESIRED" -gt "$CURRENT" ]; then sysctl -w fs.file-max=65536; fi; securityContext: privileged: true runAsUser: 0 resources: limits: {} requests: {} containers: - name: elasticsearch image: docker.io/bitnami/elasticsearch:8.6.0 imagePullPolicy: "IfNotPresent" securityContext: runAsNonRoot: true runAsUser: 1001 env: - name: BITNAMI_DEBUG value: "false" - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ELASTICSEARCH_IS_DEDICATED_NODE value: "no" - name: ELASTICSEARCH_NODE_ROLES value: "master" - name: ELASTICSEARCH_TRANSPORT_PORT_NUMBER value: "9300" - name: ELASTICSEARCH_HTTP_PORT_NUMBER value: "9200" - name: ELASTICSEARCH_CLUSTER_NAME value: "elastic" - name: ELASTICSEARCH_CLUSTER_HOSTS value: "tubearchivist-elasticsearch-master-hl.tubearchivist.svc.cluster.local," - name: ELASTICSEARCH_TOTAL_NODES value: "1" - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS value: tubearchivist-elasticsearch-master-0 - name: ELASTICSEARCH_MINIMUM_MASTER_NODES value: "1" - name: ELASTICSEARCH_ADVERTISED_HOSTNAME value: "$(MY_POD_NAME).tubearchivist-elasticsearch-master-hl.tubearchivist.svc.cluster.local" - name: ELASTICSEARCH_HEAP_SIZE value: "128m" - name: discovery.type value: single-node - name: xpack.security.enabled value: "true" - name: ELASTIC_PASSWORD value: changeme ports: - name: rest-api containerPort: 9200 - name: transport containerPort: 9300 livenessProbe: failureThreshold: 5 initialDelaySeconds: 90 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 exec: command: - /opt/bitnami/scripts/elasticsearch/healthcheck.sh readinessProbe: failureThreshold: 5 initialDelaySeconds: 90 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 exec: command: - /opt/bitnami/scripts/elasticsearch/healthcheck.sh resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 1000m memory: 1Gi volumeMounts: - name: data mountPath: /bitnami/elasticsearch/data - mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml name: config subPath: my_elasticsearch.yml - mountPath: /usr/share/elasticsearch/data/snapshot name: snapshot volumes: - name: config configMap: name: tubearchivist-elasticsearch - emptyDir: {} name: snapshot volumeClaimTemplates: - metadata: name: "data" annotations: spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" --- # Source: tubearchivist/charts/redis/templates/master/application.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: tubearchivist-redis-master namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: master spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: master serviceName: tubearchivist-redis-headless updateStrategy: type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: master annotations: checksum/configmap: 6a77e4814a2ada8d778312f1dbb23d2bc70b3c58426f248621921d7e1d399cc5 checksum/health: dcc4f80ad839504f4e0a945663bae8a4d4cbcb10b20f7dc02a2018d3f89cb4df checksum/scripts: 88b6fade24db5b2cf1750b4ef7faee863ae3eb70c54c2caaa39770511845c95d checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 spec: securityContext: fsGroup: 1001 serviceAccountName: tubearchivist-redis affinity: podAffinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: master topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: terminationGracePeriodSeconds: 30 containers: - name: redis image: docker.io/redis/redis-stack-server:6.2.6-v3 imagePullPolicy: "IfNotPresent" securityContext: runAsUser: 1001 command: - /bin/bash args: - -c - /opt/bitnami/scripts/start-scripts/start-master.sh env: - name: BITNAMI_DEBUG value: "false" - name: REDIS_REPLICATION_MODE value: master - name: ALLOW_EMPTY_PASSWORD value: "yes" - name: REDIS_TLS_ENABLED value: "no" - name: REDIS_PORT value: "6379" ports: - name: redis containerPort: 6379 livenessProbe: initialDelaySeconds: 20 periodSeconds: 5 # One second longer than command timeout should prevent generation of zombie processes. timeoutSeconds: 6 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_liveness_local.sh 5 readinessProbe: initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 2 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_readiness_local.sh 1 resources: limits: {} requests: {} volumeMounts: - name: start-scripts mountPath: /opt/bitnami/scripts/start-scripts - name: health mountPath: /health - name: redis-data mountPath: /data - name: config mountPath: /opt/bitnami/redis/mounted-etc - name: redis-tmp-conf mountPath: /opt/bitnami/redis/etc/ - name: tmp mountPath: /tmp volumes: - name: start-scripts configMap: name: tubearchivist-redis-scripts defaultMode: 0755 - name: health configMap: name: tubearchivist-redis-health defaultMode: 0755 - name: config configMap: name: tubearchivist-redis-configuration - name: redis-tmp-conf emptyDir: {} - name: tmp emptyDir: {} volumeClaimTemplates: - metadata: name: redis-data labels: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: master spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" --- # Source: tubearchivist/charts/redis/templates/replicas/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: tubearchivist-redis-replicas namespace: "tubearchivist" labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: replica spec: replicas: 0 selector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: replica serviceName: tubearchivist-redis-headless updateStrategy: type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: redis helm.sh/chart: redis-17.7.3 app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: replica annotations: checksum/configmap: 6a77e4814a2ada8d778312f1dbb23d2bc70b3c58426f248621921d7e1d399cc5 checksum/health: dcc4f80ad839504f4e0a945663bae8a4d4cbcb10b20f7dc02a2018d3f89cb4df checksum/scripts: 88b6fade24db5b2cf1750b4ef7faee863ae3eb70c54c2caaa39770511845c95d checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 spec: securityContext: fsGroup: 1001 serviceAccountName: tubearchivist-redis affinity: podAffinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: replica topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: terminationGracePeriodSeconds: 30 containers: - name: redis image: docker.io/redis/redis-stack-server:6.2.6-v3 imagePullPolicy: "IfNotPresent" securityContext: runAsUser: 1001 command: - /bin/bash args: - -c - /opt/bitnami/scripts/start-scripts/start-replica.sh env: - name: BITNAMI_DEBUG value: "false" - name: REDIS_REPLICATION_MODE value: replica - name: REDIS_MASTER_HOST value: tubearchivist-redis-master-0.tubearchivist-redis-headless.tubearchivist.svc.cluster.local - name: REDIS_MASTER_PORT_NUMBER value: "6379" - name: ALLOW_EMPTY_PASSWORD value: "yes" - name: REDIS_TLS_ENABLED value: "no" - name: REDIS_PORT value: "6379" ports: - name: redis containerPort: 6379 startupProbe: failureThreshold: 22 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 tcpSocket: port: redis livenessProbe: initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 6 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_liveness_local_and_master.sh 5 readinessProbe: initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 2 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_readiness_local_and_master.sh 1 resources: limits: {} requests: {} volumeMounts: - name: start-scripts mountPath: /opt/bitnami/scripts/start-scripts - name: health mountPath: /health - name: redis-data mountPath: /data - name: config mountPath: /opt/bitnami/redis/mounted-etc - name: redis-tmp-conf mountPath: /opt/bitnami/redis/etc volumes: - name: start-scripts configMap: name: tubearchivist-redis-scripts defaultMode: 0755 - name: health configMap: name: tubearchivist-redis-health defaultMode: 0755 - name: config configMap: name: tubearchivist-redis-configuration - name: redis-tmp-conf emptyDir: {} volumeClaimTemplates: - metadata: name: redis-data labels: app.kubernetes.io/name: redis app.kubernetes.io/instance: tubearchivist app.kubernetes.io/component: replica spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi"