-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathredis.jsonnet
84 lines (76 loc) · 2.29 KB
/
redis.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
local kap = import 'lib/kapitan.libjsonnet';
local kube = import 'lib/kube.libjsonnet';
local inv = kap.inventory();
local params = inv.parameters.argocd;
local image = params.images.redis.image + ':' + params.images.redis.tag;
local deployment = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-deployment.yaml'));
local role = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-role.yaml'));
local role_binding = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-rolebinding.yaml'));
local serviceaccount = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-sa.yaml'));
local service = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-service.yaml'));
local strContains(s, substr) = std.findSubstr(substr, s) != [];
local isBitnamiImage = strContains(image, 'bitnami');
local isOnOpenshift = std.startsWith(inv.parameters.facts.distribution, 'openshift');
local redisSpec(image) =
local volumeMounts(path) = [ {
name: 'data',
mountPath: path,
} ];
{
image: image,
imagePullPolicy: 'IfNotPresent',
} +
if isBitnamiImage then
{
env+: [
{ name: 'ALLOW_EMPTY_PASSWORD', value: 'yes' },
{ name: 'REDIS_AOF_ENABLED', value: 'no' },
{ name: 'REDIS_EXTRA_FLAGS', value: "--save ''" },
],
args: [],
volumeMounts: volumeMounts('/bitnami/redis/data'),
}
else
{
volumeMounts: volumeMounts('/data'),
};
local securityContext = if isOnOpenshift then
{ securityContext:: {} }
else if isBitnamiImage then
{ securityContext+: {
runAsUser: 1001,
runAsGroup: 1001,
fsGroup: 1001,
runAsNonRoot: true,
} }
else
{};
local objects = [
deployment {
spec+: {
template+: {
spec+: securityContext {
volumes: [ {
name: 'data',
emptyDir: {},
} ],
containers: [
deployment.spec.template.spec.containers[0] + redisSpec(image),
],
},
},
},
},
role,
role_binding,
serviceaccount,
service,
];
{
['%s' % [ std.asciiLower(obj.kind) ]]: obj {
metadata+: {
namespace: params.namespace,
},
}
for obj in objects
}