apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: name: {{ template "common.names.fullname" . }} namespace: {{ template "zookeeper.namespace" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} test: "{{ .Release.IsUpgrade }}" version: "{{ .Release.Revision }}" testinstall: "{{.Release.IsInstall}}" app.kubernetes.io/component: zookeeper role: zookeeper {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: serviceName: {{ template "common.names.fullname" . }}-headless replicas: {{ .Values.replicaCount }} podManagementPolicy: {{ .Values.podManagementPolicy }} updateStrategy: type: {{ .Values.updateStrategy }} {{- if (eq "Recreate" .Values.updateStrategy) }} rollingUpdate: null {{- else if .Values.rollingUpdatePartition }} rollingUpdate: partition: {{ .Values.rollingUpdatePartition }} {{- end }} selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: zookeeper template: metadata: name: {{ template "common.names.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: zookeeper {{- if .Values.podLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} {{- end }} {{- if or .Values.podAnnotations (include "zookeeper.client.createTlsSecret" .) (include "zookeeper.quorum.createTlsSecret" .) }} annotations: {{- if (include "zookeeper.client.createTlsSecret" .) }} checksum/tls-client: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }} {{- end }} {{- if (include "zookeeper.quorum.createTlsSecret" .) }} checksum/tls-quorum: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }} {{- end }} {{- if .Values.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} {{- end }} {{- end }} spec: {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} {{- end }} {{- include "zookeeper.imagePullSecrets" . | nindent 6 }} serviceAccountName: {{ template "zookeeper.serviceAccountName" . }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "zookeeper" "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "zookeeper" "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (or .Values.tls.client.enabled .Values.tls.quorum.enabled) }} initContainers: {{- if .Values.initContainers }} {{ include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | trim | nindent 8 }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - name: volume-permissions image: {{ template "zookeeper.volumePermissions.image" . }} imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} command: - chown args: - -R - {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - /bitnami/zookeeper {{- if .Values.dataLogDir }} - {{ .Values.dataLogDir }} {{- end }} securityContext: runAsUser: 0 {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} {{- end }} volumeMounts: - name: data mountPath: /bitnami/zookeeper {{- if .Values.dataLogDir }} - name: data-log mountPath: {{ .Values.dataLogDir }} {{- end }} {{- end }} {{- if or .Values.tls.client.enabled .Values.tls.quorum.enabled }} - name: init-certs image: {{ include "zookeeper.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.securityContext.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} command: - /bin/bash - -ec - |- {{- if .Values.tls.client.enabled }} {{- if .Values.tls.client.autoGenerated }} if [[ -f "/certs/client/tls.key" ]] && [[ -f "/certs/client/tls.crt" ]] && [[ -f "/certs/client/ca.crt" ]]; then openssl pkcs12 -export -in "/certs/client/tls.crt" \ -passout pass:"${ZOO_TLS_CLIENT_KEYSTORE_PASSWORD}" \ -inkey "/certs/client/tls.key" \ -out "/tmp/keystore.p12" keytool -importkeystore -srckeystore "/tmp/keystore.p12" \ -srcstoretype PKCS12 \ -srcstorepass "${ZOO_TLS_CLIENT_KEYSTORE_PASSWORD}" \ -deststorepass "${ZOO_TLS_CLIENT_KEYSTORE_PASSWORD}" \ -destkeystore "/opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks" rm "/tmp/keystore.p12" keytool -import -file "/certs/client/ca.crt" \ -keystore "/opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks" \ -storepass "${ZOO_TLS_CLIENT_TRUSTSTORE_PASSWORD}" \ -noprompt else echo "Couldn't find the expected PEM certificates! They are mandatory when Client encryption via TLS is enabled." exit 1 fi {{- else }} if [[ -f "/certs/client/zookeeper.truststore.jks" ]] && [[ -f "/certs/client/zookeeper.keystore.jks" ]]; then cp "/certs/client/zookeeper.truststore.jks" "/opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks" cp "/certs/client/zookeeper.keystore.jks" "/opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks" else echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when Client encryption via TLS is enabled." exit 1 fi {{- end }} {{- end }} {{- if .Values.tls.quorum.enabled }} {{- if .Values.tls.quorum.autoGenerated }} if [[ -f "/certs/quorum/tls.key" ]] && [[ -f "/certs/quorum/tls.crt" ]] && [[ -f "/certs/quorum/ca.crt" ]]; then openssl pkcs12 -export -in "/certs/quorum/tls.crt" \ -passout pass:"${ZOO_TLS_QUORUM_KEYSTORE_PASSWORD}" \ -inkey "/certs/quorum/tls.key" \ -out "/tmp/keystore.p12" keytool -importkeystore -srckeystore "/tmp/keystore.p12" \ -srcstoretype PKCS12 \ -srcstorepass "${ZOO_TLS_QUORUM_KEYSTORE_PASSWORD}" \ -deststorepass "${ZOO_TLS_QUORUM_KEYSTORE_PASSWORD}" \ -destkeystore "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks" rm "/tmp/keystore.p12" keytool -import -file "/certs/quorum/ca.crt" \ -keystore "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks" \ -storepass "${ZOO_TLS_QUORUM_TRUSTSTORE_PASSWORD}" \ -noprompt else echo "Couldn't find the expected PEM certificates! They are mandatory when encryption Quorum via TLS is enabled." exit 1 fi {{- else }} if [[ -f "/certs/quorum/zookeeper.truststore.jks" ]] && [[ -f "/certs/quorum/zookeeper.keystore.jks" ]]; then cp "/certs/quorum/zookeeper.truststore.jks" "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks" cp "/certs/quorum/zookeeper.keystore.jks" "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks" else echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when Quorum encryption via TLS is enabled." exit 1 fi {{- end }} {{- end }} env: - name: MY_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name {{- if or .Values.tls.client.keystorePassword .Values.tls.client.passwordsSecretName .Values.tls.client.autoGenerated }} - name: ZOO_TLS_CLIENT_KEYSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.client.tlsPasswordsSecret" . }} key: "keystore-password" {{- end }} {{- if or .Values.tls.client.truststorePassword .Values.tls.client.passwordsSecretName .Values.tls.client.autoGenerated }} - name: ZOO_TLS_CLIENT_TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.client.tlsPasswordsSecret" . }} key: "truststore-password" {{- end }} {{- if or .Values.tls.quorum.keystorePassword .Values.tls.quorum.passwordsSecretName .Values.tls.quorum.autoGenerated }} - name: ZOO_TLS_QUORUM_KEYSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }} key: "keystore-password" {{- end }} {{- if or .Values.tls.quorum.truststorePassword .Values.tls.quorum.passwordsSecretName .Values.tls.quorum.autoGenerated }} - name: ZOO_TLS_QUORUM_TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }} key: "truststore-password" {{- end }} {{- if .Values.tls.resources }} resources: {{- toYaml .Values.tls.resources | nindent 12 }} {{- end }} volumeMounts: {{- if or .Values.tls.client.enabled }} - name: client-certificates mountPath: /certs/client - name: client-shared-certs mountPath: /opt/bitnami/zookeeper/config/certs/client {{- end }} {{- if or .Values.tls.quorum.enabled }} - name: quorum-certificates mountPath: /certs/quorum - name: quorum-shared-certs mountPath: /opt/bitnami/zookeeper/config/certs/quorum {{- end }} {{- end }} {{- end }} containers: - name: zookeeper image: {{ template "zookeeper.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.securityContext.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} command: - bash - -ec - | # Execute entrypoint as usual after obtaining ZOO_SERVER_ID # check ZOO_SERVER_ID in persistent volume via myid # if not present, set based on POD hostname if [[ -f "/bitnami/zookeeper/data/myid" ]]; then export ZOO_SERVER_ID="$(cat /bitnami/zookeeper/data/myid)" else HOSTNAME=`hostname -s` if [[ $HOSTNAME =~ (.*)-([0-9]+)$ ]]; then ORD=${BASH_REMATCH[2]} export ZOO_SERVER_ID=$((ORD + {{ .Values.minServerId }} )) else echo "Failed to get index from hostname $HOST" exit 1 fi fi exec /entrypoint.sh /run.sh {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} env: - name: ZOO_DATA_LOG_DIR value: {{ .Values.dataLogDir | quote }} - name: ZOO_PORT_NUMBER value: {{ .Values.service.port | quote }} - name: ZOO_TICK_TIME value: {{ .Values.tickTime | quote }} - name: ZOO_INIT_LIMIT value: {{ .Values.initLimit | quote }} - name: ZOO_SYNC_LIMIT value: {{ .Values.syncLimit | quote }} - name: ZOO_MAX_CLIENT_CNXNS value: {{ .Values.maxClientCnxns | quote }} - name: ZOO_4LW_COMMANDS_WHITELIST value: {{ .Values.fourlwCommandsWhitelist | quote }} - name: ZOO_LISTEN_ALLIPS_ENABLED value: {{ ternary "yes" "no" .Values.listenOnAllIPs | quote }} - name: ZOO_AUTOPURGE_INTERVAL value: {{ .Values.autopurge.purgeInterval | quote }} - name: ZOO_AUTOPURGE_RETAIN_COUNT value: {{ .Values.autopurge.snapRetainCount | quote }} - name: ZOO_MAX_SESSION_TIMEOUT value: {{ .Values.maxSessionTimeout | quote }} - name: ZOO_SERVERS {{- $replicaCount := int .Values.replicaCount }} {{- $minServerId := int .Values.minServerId }} {{- $followerPort := int .Values.service.followerPort }} {{- $electionPort := int .Values.service.electionPort }} {{- $releaseNamespace := include "zookeeper.namespace" . }} {{- $zookeeperFullname := include "common.names.fullname" . }} {{- $zookeeperHeadlessServiceName := printf "%s-%s" $zookeeperFullname "headless" | trunc 63 }} {{- $clusterDomain := .Values.clusterDomain }} value: {{ range $i, $e := until $replicaCount }}{{ $zookeeperFullname }}-{{ $e }}.{{ $zookeeperHeadlessServiceName }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $followerPort }}:{{ $electionPort }}::{{ add $e $minServerId }} {{ end }} - name: ZOO_ENABLE_AUTH value: {{ ternary "yes" "no" .Values.auth.enabled | quote }} {{- if .Values.auth.enabled }} - name: ZOO_CLIENT_USER value: {{ .Values.auth.clientUser | quote }} - name: ZOO_CLIENT_PASSWORD valueFrom: secretKeyRef: name: {{ if .Values.auth.existingSecret }}{{ .Values.auth.existingSecret }}{{ else }}{{ template "common.names.fullname" . }}{{ end }} key: client-password - name: ZOO_SERVER_USERS value: {{ .Values.auth.serverUsers | quote }} - name: ZOO_SERVER_PASSWORDS valueFrom: secretKeyRef: name: {{ if .Values.auth.existingSecret }}{{ .Values.auth.existingSecret }}{{ else }}{{ template "common.names.fullname" . }}{{ end }} key: server-password {{- end }} - name: ZOO_HEAP_SIZE value: {{ .Values.heapSize | quote }} - name: ZOO_LOG_LEVEL value: {{ .Values.logLevel | quote }} - name: ALLOW_ANONYMOUS_LOGIN value: {{ ternary "yes" "no" .Values.allowAnonymousLogin | quote }} {{- if .Values.jvmFlags }} - name: JVMFLAGS value: {{ .Values.jvmFlags | quote }} {{- end }} {{- if .Values.metrics.enabled }} - name: ZOO_ENABLE_PROMETHEUS_METRICS value: "yes" - name: ZOO_PROMETHEUS_METRICS_PORT_NUMBER value: {{ .Values.metrics.containerPort | quote }} {{- end }} {{- if .Values.tls.client.enabled }} - name: ZOO_TLS_CLIENT_ENABLE value: {{ .Values.tls.client.enabled | quote }} - name: ZOO_TLS_CLIENT_KEYSTORE_FILE value: {{ .Values.tls.client.keystorePath | quote }} - name: ZOO_TLS_CLIENT_TRUSTSTORE_FILE value: {{ .Values.tls.client.truststorePath | quote }} {{- if or .Values.tls.client.keystorePassword .Values.tls.client.passwordsSecretName .Values.tls.client.autoGenerated }} - name: ZOO_TLS_CLIENT_KEYSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.client.tlsPasswordsSecret" . }} key: "keystore-password" {{- end }} {{- if or .Values.tls.client.truststorePassword .Values.tls.client.passwordsSecretName .Values.tls.client.autoGenerated }} - name: ZOO_TLS_CLIENT_TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.client.tlsPasswordsSecret" . }} key: "truststore-password" {{- end }} {{- end }} {{- if .Values.tls.quorum.enabled }} - name: ZOO_TLS_QUORUM_ENABLE value: {{ .Values.tls.quorum.enabled | quote }} - name: ZOO_TLS_QUORUM_KEYSTORE_FILE value: {{ .Values.tls.quorum.keystorePath | quote }} - name: ZOO_TLS_QUORUM_TRUSTSTORE_FILE value: {{ .Values.tls.quorum.truststorePath | quote }} {{- if or .Values.tls.quorum.keystorePassword .Values.tls.quorum.passwordsSecretName .Values.tls.quorum.autoGenerated }} - name: ZOO_TLS_QUORUM_KEYSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }} key: "keystore-password" {{- end }} {{- if or .Values.tls.quorum.truststorePassword .Values.tls.quorum.passwordsSecretName .Values.tls.quorum.autoGenerated }} - name: ZOO_TLS_QUORUM_TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }} key: "truststore-password" {{- end }} {{- end }} - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name {{- if .Values.extraEnvVars }} {{- toYaml .Values.extraEnvVars | nindent 12 }} {{- end }} ports: {{- if not .Values.service.disableBaseClientPort }} - name: client containerPort: {{ .Values.service.port }} {{- end }} {{- if .Values.tls.client.enabled }} - name: client-tls containerPort: {{ .Values.service.tlsClientPort }} {{- end }} - name: follower containerPort: {{ .Values.service.followerPort }} - name: election containerPort: {{ .Values.service.electionPort }} {{- if .Values.metrics.enabled }} - name: metrics containerPort: {{ .Values.metrics.containerPort }} {{- end }} {{- if .Values.livenessProbe.enabled }} livenessProbe: exec: {{- if not .Values.service.disableBaseClientPort }} command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} nc -w {{ .Values.livenessProbe.probeCommandTimeout }} localhost {{ .Values.service.port }} | grep imok'] {{- else }} {{- if not .Values.tls.client.enabled }} command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.service.tlsClientPort }} | grep imok'] {{- else }} command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.service.tlsClientPort }} -cert {{ .Values.service.tls.client_cert_pem_path }} -key {{ .Values.service.tls.client_key_pem_path }} | grep imok'] {{- end }} {{- end }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} {{- else if .Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: exec: {{- if not .Values.service.disableBaseClientPort }} command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.readinessProbe.probeCommandTimeout }} nc -w {{ .Values.readinessProbe.probeCommandTimeout }} localhost {{ .Values.service.port }} | grep imok'] {{- else }} {{- if not .Values.tls.client.enabled }} command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.service.tlsClientPort }} | grep imok'] {{- else }} command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.service.tlsClientPort }} -cert {{ .Values.service.tls.client_cert_pem_path }} -key {{ .Values.service.tls.client_key_pem_path }} | grep imok'] {{- end }} {{- end }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- else if .Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: data mountPath: /bitnami/zookeeper {{- if .Values.dataLogDir }} - name: data-log mountPath: {{ .Values.dataLogDir }} {{- end }} {{- if .Values.config }} - name: config mountPath: /opt/bitnami/zookeeper/conf/zoo.cfg subPath: zoo.cfg {{- end }} {{- if .Values.tls.client.enabled }} - name: client-shared-certs mountPath: /opt/bitnami/zookeeper/config/certs/client readOnly: true {{- end }} {{- if .Values.tls.quorum.enabled }} - name: quorum-shared-certs mountPath: /opt/bitnami/zookeeper/config/certs/quorum readOnly: true {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} volumes: {{- if .Values.config }} - name: config configMap: name: {{ template "common.names.fullname" . }} {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.dataLogDir.existingClaim }} - name: data-log persistentVolumeClaim: claimName: {{ printf "%s" (tpl .Values.persistence.dataLogDir.existingClaim .) }} {{- else if and ( not .Values.persistence.enabled ) .Values.dataLogDir }} - name: data-log emptyDir: {} {{- end }} {{- if .Values.tls.client.enabled }} - name: client-certificates secret: secretName: {{ include "zookeeper.client.tlsSecretName" . }} defaultMode: 256 - name: client-shared-certs emptyDir: {} {{- end }} {{- if .Values.tls.quorum.enabled }} - name: quorum-certificates secret: secretName: {{ include "zookeeper.quorum.tlsSecretName" . }} defaultMode: 256 - name: quorum-shared-certs emptyDir: {} {{- end }} {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} {{- if and .Values.persistence.enabled (not (and .Values.persistence.existingClaim .Values.persistence.dataLogDir.existingClaim) )}} volumeClaimTemplates: {{- if not .Values.persistence.existingClaim }} - metadata: name: data annotations: {{- range $key, $value := .Values.persistence.annotations }} {{ $key }}: {{ $value }} {{- end }} spec: accessModes: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} {{- if .Values.persistence.selector }} selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} {{- end }} {{- end }} {{- if and (not .Values.persistence.dataLogDir.existingClaim) .Values.dataLogDir }} - metadata: name: data-log annotations: {{- range $key, $value := .Values.persistence.annotations }} {{ $key }}: {{ $value }} {{- end }} spec: accessModes: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.persistence.dataLogDir.size | quote }} {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} {{- if .Values.persistence.dataLogDir.selector }} selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataLogDir.selector "context" $) | nindent 10 }} {{- end }} {{- end }} {{- end }}