apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "falkordb.fullname" . }} labels: {{- include "falkordb.labels" . | nindent 4 }} spec: serviceName: {{ include "falkordb.fullname" . }}-headless replicas: 1 selector: matchLabels: {{- include "falkordb.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "falkordb.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "falkordb.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/sh - -c - | redis-server \ --loadmodule /var/lib/falkordb/bin/falkordb.so \ {{- if .Values.auth.enabled }} --requirepass "$REDIS_PASSWORD" {{- end }} env: {{- if .Values.auth.enabled }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.auth.existingSecret | default (printf "%s-password" (include "falkordb.fullname" .)) }} key: {{ .Values.auth.existingSecretPasswordKey }} - name: REDISCLI_AUTH valueFrom: secretKeyRef: name: {{ .Values.auth.existingSecret | default (printf "%s-password" (include "falkordb.fullname" .)) }} key: {{ .Values.auth.existingSecretPasswordKey }} {{- end }} ports: - name: redis containerPort: 6379 protocol: TCP livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: data mountPath: /var/lib/falkordb/data {{- if .Values.metrics.enabled }} - name: metrics image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" imagePullPolicy: {{ .Values.metrics.image.pullPolicy }} securityContext: runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault capabilities: drop: - ALL env: {{- if .Values.auth.enabled }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.auth.existingSecret | default (printf "%s-password" (include "falkordb.fullname" .)) }} key: {{ .Values.auth.existingSecretPasswordKey }} {{- end }} args: - "--redis.addr=redis://localhost:6379" {{- if .Values.auth.enabled }} - "--redis.password=$(REDIS_PASSWORD)" {{- end }} ports: - name: metrics containerPort: 9121 protocol: TCP resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - metadata: name: data labels: {{- include "falkordb.labels" . | nindent 10 }} spec: accessModes: {{- toYaml .Values.persistence.accessModes | nindent 10 }} {{- if .Values.persistence.storageClass }} storageClassName: {{ .Values.persistence.storageClass }} {{- end }} resources: requests: storage: {{ .Values.persistence.size }} {{- end }}