diff --git a/bitnami/etcd/Chart.yaml b/bitnami/etcd/Chart.yaml index 3f6fdca8693cfa..bc0959e02131ee 100644 --- a/bitnami/etcd/Chart.yaml +++ b/bitnami/etcd/Chart.yaml @@ -25,4 +25,4 @@ name: etcd sources: - https://github.com/bitnami/bitnami-docker-etcd - https://coreos.com/etcd/ -version: 5.5.0 +version: 5.5.1 diff --git a/bitnami/etcd/README.md b/bitnami/etcd/README.md index 1f1d3f6153c201..5b89b5a18def5f 100644 --- a/bitnami/etcd/README.md +++ b/bitnami/etcd/README.md @@ -191,48 +191,6 @@ It is strongly recommended to use immutable tags in a production environment. Th Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Number of etcd nodes: -```diff -- statefulset.replicaCount: 1 -+ statefulset.replicaCount: 3 -``` - -- Switch to encrypt client communication using TLS certificates: -```diff -- auth.client.secureTransport: false -+ auth.client.secureTransport: true -``` - -- Switch to enable host authentication using TLS certificates: -```diff -- auth.client.enableAuthentication: false -+ auth.client.enableAuthentication: true -``` - -- Switch to encrypt peer communication using TLS certificates: -```diff -- auth.peer.secureTransport: false -+ auth.peer.secureTransport: true -``` - -- Switch to automatically create the TLS certificates: -```diff -- auth.peer.useAutoTLS: false -+ auth.peer.useAutoTLS: true -``` - -- Enable prometheus to access etcd metrics endpoint: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart once it has been deployed, you can upgrade the deployment using a new value for the `statefulset.replicaCount` parameter. - ### Using custom configuration In order to use custom configuration parameters, two options are available: diff --git a/bitnami/etcd/values-production.yaml b/bitnami/etcd/values-production.yaml deleted file mode 100644 index 6e5b64fadbbec7..00000000000000 --- a/bitnami/etcd/values-production.yaml +++ /dev/null @@ -1,473 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami etcd image version -## ref: https://hub.docker.com/r/bitnami/etcd/tags/ -## -image: - registry: docker.io - repository: bitnami/etcd - tag: 3.4.14-debian-10-r44 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb and in etcd pod scripts - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override etcd.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override etcd.fullname template -## -# fullnameOverride: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 100m - # memory: 128Mi - requests: {} - # cpu: 100m - # memory: 128Mi - -## Statefulset parameters -## -statefulset: - ## Number of replicas - ## - replicaCount: 3 - ## Update strategy, can be set to RollingUpdate or OnDelete by default. - ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets - ## - updateStrategy: RollingUpdate - ## Partition update strategy - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - # rollingUpdatePartition: - ## Pod management policy - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: Parallel - -## ConfigMap that includes the etcd.conf.yml file -## -# configFileConfigMap: - -## ConfigMap that includes extra environment variables -## -# envVarsConfigMap: - -## Allow to use etcd without configuring RBAC authentication -## -allowNoneAuthentication: true - -## Limits the number of operating system threads that can execute user-level -## Go code simultaneously by setting GOMAXPROCS environment variable -## ref: https://golang.org/pkg/runtime -## -# maxProcs: - -## Authentication parameteres -## https://github.com/bitnami/bitnami-docker-etcd#security -## -auth: - rbac: - enabled: true - ## etcd root user password. The root user is always `root` - ## - # rootPassword: - ## Name of the existing secret containing credentials for the root user. - ## - # existingSecret: name-of-existing-secret - - client: - ## Switch to encrypt client communication using TLS certificates - ## - secureTransport: true - ## Switch to automatically create the TLS certificates - ## - useAutoTLS: false - ## Switch to enable host authentication using TLS certificates. Requires existing secret. - ## - enableAuthentication: true - ## Name of the existing secret containing cert files for client communication. - ## - # existingSecret: name-of-existing-secret - ## Name of the file containing the client certificate. - ## - certFilename: cert.pem - ## Name of the file containing the client certificate private key. - ## - certKeyFilename: key.pem - ## Name of the file containing the client CA certificate. - ## If not specified and `enableAuthentication: true` or `rbac.enabled: true`, the default is is `ca.crt`. - ## - caFilename: "" - - peer: - ## Switch to encrypt peer communication using TLS certificates - ## - secureTransport: true - ## Switch to automatically create the TLS certificates - ## - useAutoTLS: true - ## Switch to enable host authentication using TLS certificates. Requires existing secret. - ## - enableAuthentication: false - ## Name of the existing secret containing cert files for peer communication. - ## - # existingSecret: name-of-existing-secret - certFilename: cert.pem - ## Name of the file containing the peer certificate private key. - ## - certKeyFilename: key.pem - ## Name of the file containing the peer CA certificate. - ## If not specified and `enableAuthentication: true` or `rbac.enabled: true`, the default is is `ca.crt`. - ## - caFilename: "" - -## Kubernetes Security Context -## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## etcd variables -## -etcd: - ## Initial cluster state. Allowed values: 'new' or 'existing' - ## If this values is not set, the default values below are set: - ## - 'new': when installing the chart ('helm install ...') - ## - 'existing': when upgrading the chart ('helm upgrade ...') - ## - initialClusterState: "" - -## Service parameters -## -service: - ## K8s service type - ## - type: ClusterIP - ## etcd client port - ## - port: 2379 - ## etcd client port name override - ## - clientPortNameOverride: "" - ## etcd peer port - ## - peerPort: 2380 - ## etcd peer port name override - ## - peerPortNameOverride: "" - ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - clientPort: "" - peerPort: "" - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - # loadBalancerSourceRanges: ["10.0.0.0/8"] - externalIPs: [] - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## If true, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: true - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Persistent Volume Claim annotations - ## - annotations: {} - ## Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## Persistent Volume size - ## - size: 8Gi - ## Persistent Volume selector - ## Can specify a label selector to further filter the set of volumes. - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector - selector: {} - -## Define a disruption budget -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -## -pdb: - enabled: false - # minAvailable: 1 - # maxUnavailable: 1 - -## Etcd containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 500m - # memory: 1Gi - requests: {} - # cpu: 250m - # memory: 256Mi - -## Etcd containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## -livenessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 -readinessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - -## Statefulset labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -statefulsetLabels: {} - -## Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## Pod labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Name of the priority class to be used by etcd pods, priority class needs to be created beforehand -## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: "" - -## Etcd Prometheus exporter configuration -## -metrics: - enabled: true - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "2379" - - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - enabled: false - ## Namespace in which Prometheus is running - ## - # namespace: monitoring - - ## Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - # interval: 10s - - ## MetricRelabelConfigs to apply to samples before ingestion - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint - ## - # metricRelabelings: [] - - ## RelabelConfigs to apply to samples before ingestion - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint - ## - # relabelings: [] - - ## HTTP scheme to use for scraping. - ## - # scheme: "" - - ## Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - # scrapeTimeout: 10s - - ## ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## - - # selector: - # prometheus: my-prometheus - ## TLS configuration for the endpoints to be scraped. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig - # tlsConfig: - # ca: - # secret: - # name: existingSecretName - -## Start a new etcd cluster recovering the data from an existing snaptshot before -## initializing the members -## -startFromSnapshot: - enabled: false - ## Existingn PVC containing the etcd snapshot - ## - # existingClaim - ## Snapshot filename - ## - # snapshotFilename - -## Enable auto disaster recovery by periodically snapshotting the keyspace -## - It creates a cronjob to periodically snapshotting the keyspace -## - It also creates a ReadWriteMany PVC to store the snapshots -## If the cluster permanently loses more than (N-1)/2 members, it tries to recover -## the cluster from a previous snapshot. -## -disasterRecovery: - enabled: false - ## Set to true if you would like to see extra information on logs for snapshotting - debug: false - cronjob: - ## Schedule in Cron format to save snapshots - ## See https://en.wikipedia.org/wiki/Cron - ## - schedule: "*/30 * * * *" - ## Number of successful finished jobs to retain - ## - historyLimit: 1 - ## Number of etcd snapshots to retain, tagged with date - ## - snapshotHistoryLimit: 1 - ## Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## Configure resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - # resources: - pvc: - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## PVC Storage Request - ## - size: 2Gi - ## storageClassName, choose a storageClassName with ReadWriteMany support - ## - storageClassName: nfs