UNCLASSIFIED - NO CUI

Skip to content
Commits on Source (6)
Expand all Hide whitespace changes
Inline Side-by-side
CHANGELOG.md
View file @ 2fefacb2
......@@ -3,11 +3,19 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
## [20.6.0-bb.0] - 2024-12-18
### Changed
- Updated ironbank/bitnami/analytics/redis-exporter: v1.66.0 -> v1.67.0
- Updated chart to 20.6.0
## [20.2.1-bb.4] - 2024-11-01
### Changed
- Updated ironbank/bitnami/analytics/redis-exporter: v1.65.0 -> v1.66.0
- Added the maintenance track annotation and badge
## [20.2.1-bb.3] - 2024-10-29
......
CODEOWNERS
View file @ 2fefacb2
* @dchen @michaelmartin @chris.oconnell @akesterson @kershaw.jacob @samvongsay @benjamin.starks
\ No newline at end of file
* @dchen @chukwuka.c.akagbusi @chris.oconnell @akesterson @benjamin.starks @michaelmartin @kershaw.jacob @justinguidry11 @samvongsay
\ No newline at end of file
README.md
View file @ 2fefacb2
This diff is collapsed.
chart/CHANGELOG.md
View file @ 2fefacb2
# Changelog
## 20.2.1 (2024-10-15)
## 20.6.0 (2024-12-16)
* [bitnami/redis] Fix preExecCmds parameter ([#29898](https://github.com/bitnami/charts/pull/29898))
* [bitname/redis] Add support for master and replicas resources to be annotated ([#31034](https://github.com/bitnami/charts/pull/31034))
## 20.5.0 (2024-12-10)
* [bitnami/*] Add Bitnami Premium to NOTES.txt (#30854) ([3dfc003](https://github.com/bitnami/charts/commit/3dfc00376df6631f0ce54b8d440d477f6caa6186)), closes [#30854](https://github.com/bitnami/charts/issues/30854)
* [bitnami/redis] Detect non-standard images (#30942) ([f06f8db](https://github.com/bitnami/charts/commit/f06f8dbafe5eb3b22f689168d7ac9fb2fb0f707d)), closes [#30942](https://github.com/bitnami/charts/issues/30942)
## <small>20.4.1 (2024-12-10)</small>
* [bitnami/redis] CA shouldn't be mandatory when TLS is enabled (#30520) ([85219eb](https://github.com/bitnami/charts/commit/85219eb721efa640075325a1812d9ca8316a0a1a)), closes [#30520](https://github.com/bitnami/charts/issues/30520)
## 20.4.0 (2024-12-02)
* [bitnami/*] docs: :memo: Add "Prometheus metrics" (batch 5) (#30674) ([ed2a546](https://github.com/bitnami/charts/commit/ed2a54617faf763169e6b01a89100b9db32e1000)), closes [#30674](https://github.com/bitnami/charts/issues/30674)
* [bitnami/redis] add extraPortsEnabled (#30607) ([77a98fa](https://github.com/bitnami/charts/commit/77a98fa631f21a49b0c013d856cfb21ba090a0a6)), closes [#30607](https://github.com/bitnami/charts/issues/30607)
## 20.3.0 (2024-11-14)
* [bitnami/redis] feat: :sparkles: Allow updating credentials via values.yaml (#30452) ([d6a3118](https://github.com/bitnami/charts/commit/d6a3118e42a9a481d4429defbd628015a3b8f755)), closes [#30452](https://github.com/bitnami/charts/issues/30452)
## <small>20.2.2 (2024-11-11)</small>
* [bitnami/*] Remove wrong comment about imagePullPolicy (#30107) ([a51f9e4](https://github.com/bitnami/charts/commit/a51f9e4bb0fbf77199512d35de7ac8abe055d026)), closes [#30107](https://github.com/bitnami/charts/issues/30107)
* [bitnami/redis] Release 20.2.2 (#30407) ([ae54e98](https://github.com/bitnami/charts/commit/ae54e980494b5431d98d72a672532fc36b7a21c4)), closes [#30407](https://github.com/bitnami/charts/issues/30407)
* Update documentation links to techdocs.broadcom.com (#29931) ([f0d9ad7](https://github.com/bitnami/charts/commit/f0d9ad78f39f633d275fc576d32eae78ded4d0b8)), closes [#29931](https://github.com/bitnami/charts/issues/29931)
## <small>20.2.1 (2024-10-15)</small>
* [bitnami/redis] Fix preExecCmds parameter (#29898) ([6db8a2e](https://github.com/bitnami/charts/commit/6db8a2e736e2a60be2d3848d85f49d236a43136c)), closes [#29898](https://github.com/bitnami/charts/issues/29898)
## 20.2.0 (2024-10-09)
......
chart/Chart.lock
View file @ 2fefacb2
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.24.0
digest: sha256:46b36e150d694a13f14e342c1f73c1609d8e7d2adae517b0ace596d0b27c1c77
generated: "2024-10-07T07:08:07.178940463-07:00"
version: 2.28.0
digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74
generated: "2024-12-10T17:25:56.439817+01:00"
chart/Chart.yaml
View file @ 2fefacb2
......@@ -2,6 +2,7 @@
# SPDX-License-Identifier: APACHE-2.0
annotations:
bigbang.dev/maintenanceTrack: bb_maintained
category: Database
licenses: Apache-2.0
bigbang.dev/applicationVersions: |
......@@ -10,7 +11,7 @@ annotations:
- name: redis
image: registry1.dso.mil/ironbank/bitnami/redis:7.4.1
- name: exporter
image: registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.66.0
image: registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.67.0
apiVersion: v2
appVersion: 7.4.1
dependencies:
......@@ -32,4 +33,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 20.2.1-bb.4
version: 20.6.0-bb.0
chart/Kptfile
View file @ 2fefacb2
......@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6db8a2e736e2a60be2d3848d85f49d236a43136c
commit: 5111fa5201b1cec4bf3c9aab8806bee45d07e4c6
repo: https://github.com/bitnami/charts
directory: bitnami/redis
ref: redis/20.2.1
ref: redis/20.6.0
chart/README.md
View file @ 2fefacb2
......@@ -63,9 +63,27 @@ The command deploys Redis&reg; on the Kubernetes cluster in the default configur
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html)
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will deploy a sidecar container with [redis_exporter](https://github.com/oliver006/redis_exporter) in all pods and a `metrics` service, which can be configured under the `metrics.service` section. This `metrics` service will have the necessary annotations to be automatically scraped by Prometheus.
#### Prometheus requirements
It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Bitnami Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/prometheus) or the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) to easily have a working Prometheus in your cluster.
#### Integration with Prometheus Operator
The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error:
```text
no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
```
Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) for having the necessary CRDs and the Prometheus Operator.
### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
......@@ -173,6 +191,13 @@ One way of achieving this is by setting `master.service.internalTrafficPolicy=Lo
It's recommended to only change `master.count` if you know what you are doing.
`master.count` greater than `1` is not designed for use when `sentinel.enabled=true`.
### Update credentials
The Bitnami Redis chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `auth.existingSecret`. To update credentials, use one of the following:
- Run `helm upgrade` specifying a new password in `auth.password`
- Run `helm upgrade` specifying a new secret in `auth.existingSecret`
### Using a password file
To use a password file for Redis&reg; you need to create a secret containing the password and then deploy the chart using that secret. Follow these instructions:
......@@ -187,7 +212,7 @@ kubectl create secret generic redis-password-secret --from-file=redis-password.y
```text
usePassword=true
usePasswordFile=true
usePasswordFiles=true
existingSecret=redis-password-secret
sentinels.enabled=true
metrics.enabled=true
......@@ -433,14 +458,15 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
| `global.redis.password` | Global Redis&reg; password (overrides `auth.password`) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
| `global.redis.password` | Global Redis&reg; password (overrides `auth.password`) | `""` |
| `global.security.allowInsecureImages` | Allows skipping image verification | `false` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
......@@ -609,6 +635,7 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE
| `master.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` |
| `master.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `master.pdb.minAvailable` and `master.pdb.maxUnavailable` are empty. | `{}` |
| `master.extraPodSpec` | Optionally specify extra PodSpec for the Redis&reg; master pod(s) | `{}` |
| `master.annotations` | Additional custom annotations for Redis&reg; Master resource | `{}` |
### Redis&reg; replicas configuration parameters
......@@ -738,6 +765,7 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE
| `replica.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` |
| `replica.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. | `{}` |
| `replica.extraPodSpec` | Optionally specify extra PodSpec for the Redis&reg; replicas pod(s) | `{}` |
| `replica.annotations` | Additional custom annotations for Redis&reg; replicas resource | `{}` |
### Redis&reg; Sentinel configuration parameters
......@@ -835,6 +863,7 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE
| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `sentinel.service.headless.annotations` | Annotations for the headless service. | `{}` |
| `sentinel.service.headless.extraPorts` | Optionally specify extra ports to expose for the headless service. | `[]` |
| `sentinel.masterService.enabled` | Enable master service pointing to the current master (experimental) | `false` |
| `sentinel.masterService.type` | Redis&reg; Sentinel master service type | `ClusterIP` |
| `sentinel.masterService.ports.redis` | Redis&reg; service port for Redis&reg; | `6379` |
......@@ -1058,6 +1087,10 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading
### To 20.5.0
This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850).
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
### RDB compatibility
......@@ -1175,7 +1208,7 @@ This version also introduces `bitnami/common`, a [library chart](https://helm.sh
#### Useful links
- <https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-resolve-helm2-helm3-post-migration-issues-index.html>
- <https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-resolve-helm2-helm3-post-migration-issues-index.html>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
......@@ -1285,4 +1318,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
\ No newline at end of file
limitations under the License.
chart/templates/NOTES.txt
View file @ 2fefacb2
......@@ -2,6 +2,8 @@ CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
......@@ -210,4 +212,5 @@ YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED
{{- $resourceSections = append $resourceSections "master" -}}
{{- end }}
{{- include "common.warnings.resources" (dict "sections" $resourceSections "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }}
\ No newline at end of file
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }}
chart/templates/_helpers.tpl
View file @ 2fefacb2
......@@ -125,8 +125,8 @@ Return the path to the CA cert file.
{{- define "redis.tlsCACert" -}}
{{- if (include "redis.createTlsSecret" . ) -}}
{{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}}
{{- else -}}
{{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}}
{{- else }}
{{- ternary "" (printf "/opt/bitnami/redis/certs/%s" .Values.tls.certCAFilename) (empty .Values.tls.certCAFilename) }}
{{- end -}}
{{- end -}}
......@@ -227,7 +227,7 @@ Return Redis&reg; password
*/}}
{{- define "redis.password" -}}
{{- if or .Values.auth.enabled .Values.global.redis.password -}}
{{- include "common.secrets.passwords.manage" (dict "secret" (include "redis.secretName" .) "key" (include "redis.secretPasswordKey" .) "providedValues" (list "global.redis.password" "auth.password") "length" 10 "skipB64enc" true "skipQuote" true "context" $) -}}
{{- include "common.secrets.passwords.manage" (dict "secret" (include "redis.secretName" .) "key" (include "redis.secretPasswordKey" .) "providedValues" (list "global.redis.password" "auth.password") "length" 10 "skipB64enc" true "skipQuote" true "honorProvidedValues" true "context" $) -}}
{{- end }}
{{- end }}
......
chart/templates/headless-svc.yaml
View file @ 2fefacb2
......@@ -32,4 +32,7 @@ spec:
port: {{ .Values.sentinel.service.ports.sentinel }}
targetPort: redis-sentinel
{{- end }}
{{- if .Values.sentinel.service.headless.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.headless.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
chart/templates/health-configmap.yaml
View file @ 2fefacb2
......@@ -25,11 +25,13 @@ data:
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
{{- if not (empty (include "redis.tlsCACert" .)) }}
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_PORT \
{{- end }}
......@@ -55,11 +57,13 @@ data:
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
{{- if not (empty (include "redis.tlsCACert" .)) }}
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_PORT \
{{- end }}
......@@ -89,11 +93,13 @@ data:
{{- if .Values.tls.enabled }}
-p $REDIS_SENTINEL_TLS_PORT_NUMBER \
--tls \
{{- if not (empty (include "redis.tlsCACert" .)) }}
--cacert "$REDIS_SENTINEL_TLS_CA_FILE" \
{{- if .Values.tls.authClients }}
--cert "$REDIS_SENTINEL_TLS_CERT_FILE" \
--key "$REDIS_SENTINEL_TLS_KEY_FILE" \
{{- end }}
{{- end }}
{{- if .Values.tls.authClients }}
--cert "$REDIS_SENTINEL_TLS_CERT_FILE" \
--key "$REDIS_SENTINEL_TLS_KEY_FILE" \
{{- end }}
{{- else }}
-p $REDIS_SENTINEL_PORT \
{{- end }}
......@@ -135,11 +141,13 @@ data:
-p $REDIS_MASTER_PORT_NUMBER \
{{- if .Values.tls.enabled }}
--tls \
{{- if not (empty (include "redis.tlsCACert" .)) }}
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
ping
)
......@@ -163,11 +171,13 @@ data:
-p $REDIS_MASTER_PORT_NUMBER \
{{- if .Values.tls.enabled }}
--tls \
{{- if not (empty (include "redis.tlsCACert" .)) }}
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
ping
)
......
chart/templates/master/application.yaml
View file @ 2fefacb2
......@@ -12,8 +12,9 @@ metadata:
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- if or .Values.commonAnnotations .Values.master.annotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
{{- if not (eq .Values.master.kind "DaemonSet") }}
......@@ -161,8 +162,10 @@ spec:
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
......@@ -308,15 +311,17 @@ spec:
{{- if .Values.tls.enabled }}
- name: REDIS_ADDR
value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.master.containerPorts.redis }}
{{- if .Values.tls.authClients }}
{{- if .Values.tls.authClients }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
{{- end }}
{{- end }}
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- end }}
{{- if .Values.metrics.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
......
chart/templates/replicas/application.yaml
View file @ 2fefacb2
......@@ -11,8 +11,9 @@ metadata:
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- if or .Values.commonAnnotations .Values.replica.annotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
{{- if and (not (eq .Values.replica.kind "DaemonSet")) (not .Values.replica.autoscaling.enabled) }}
......@@ -182,8 +183,10 @@ spec:
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
......@@ -328,15 +331,17 @@ spec:
{{- if .Values.tls.enabled }}
- name: REDIS_ADDR
value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }}
{{- if .Values.tls.authClients }}
{{- if .Values.tls.authClients }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
{{- end }}
{{- end }}
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- end }}
{{- if .Values.metrics.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
......
chart/templates/scripts-configmap.yaml
View file @ 2fefacb2
......@@ -80,34 +80,37 @@ data:
fi
SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL")
validate_quorum() {
redis_cli_command() {
local timeout="${1:-0}"
local args=("-h" "$REDIS_SERVICE" "-p" "$SENTINEL_SERVICE_PORT")
local command="redis-cli"
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel master {{ .Values.sentinel.masterSet }}"
else
quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel master {{ .Values.sentinel.masterSet }}"
args+=("--tls" "--cert" "$REDIS_TLS_CERT_FILE" "--key" "$REDIS_TLS_KEY_FILE")
[ -n "$REDIS_TLS_CA_FILE" ] && args+=("--cacert" "$REDIS_TLS_CA_FILE")
fi
if [ "$timeout" -gt 0 ]; then
command="timeout $timeout $command"
fi
echo "{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }} $command ${args[*]}"
}
validate_quorum() {
quorum_info_command="$(redis_cli_command) sentinel master {{ .Values.sentinel.masterSet }}"
info "about to run the command: $quorum_info_command"
eval $quorum_info_command | grep -Fq "s_down"
}
trigger_manual_failover() {
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.masterSet }}"
else
failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.masterSet }}"
fi
failover_command="$(redis_cli_command) sentinel failover {{ .Values.sentinel.masterSet }}"
info "about to run the command: $failover_command"
eval $failover_command
}
get_sentinel_master_info() {
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
sentinel_info_command="$(redis_cli_command {{ .Values.sentinel.getMasterTimeout }}) sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
info "about to run the command: $sentinel_info_command"
retry_while "eval $sentinel_info_command" 2 5
}
......@@ -203,7 +206,9 @@ data:
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
{{- if not (empty (include "redis.tlsCACert" .)) }}
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
{{- end }}
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
......@@ -523,11 +528,14 @@ data:
. /opt/bitnami/scripts/libos.sh
run_redis_command() {
local args=("-h" "127.0.0.1")
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
redis-cli -h 127.0.0.1 -p "$REDIS_TLS_PORT" --tls --cert "$REDIS_TLS_CERT_FILE" --key "$REDIS_TLS_KEY_FILE" --cacert "$REDIS_TLS_CA_FILE" "$@"
args+=("-p" "$REDIS_TLS_PORT" "--tls" "--cert" "$REDIS_TLS_CERT_FILE" "--key" "$REDIS_TLS_KEY_FILE")
[ -n "$REDIS_TLS_CA_FILE" ] && args+=("--cacert" "$REDIS_TLS_CA_FILE")
else
redis-cli -h 127.0.0.1 -p "$REDIS_PORT" "$@"
args+=("-p" "$REDIS_PORT")
fi
redis-cli "${args[@]}" "$@"
}
is_master() {
REDIS_ROLE=$(run_redis_command role | head -1)
......@@ -628,7 +636,9 @@ data:
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
{{- if not (empty (include "redis.tlsCACert" .)) }}
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
{{- end }}
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
......@@ -736,7 +746,9 @@ data:
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
{{- if not (empty (include "redis.tlsCACert" .)) }}
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
{{- end }}
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
......
chart/templates/sentinel/statefulset.yaml
View file @ 2fefacb2
......@@ -177,8 +177,10 @@ spec:
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
......@@ -198,8 +200,10 @@ spec:
value: {{ template "redis.tlsCert" . }}
- name: REDIS_SENTINEL_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_SENTINEL_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
......@@ -379,8 +383,10 @@ spec:
value: {{ template "redis.tlsCert" . }}
- name: REDIS_SENTINEL_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_SENTINEL_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
......@@ -543,9 +549,11 @@ spec:
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
{{- end }}
{{- if not (empty (include "redis.tlsCACert" .)) }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
{{- end }}
{{- if .Values.metrics.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
......
chart/values.schema.json
View file @ 2fefacb2
......@@ -2209,6 +2209,12 @@
"type": "object",
"description": "Annotations for the headless service.",
"default": {}
},
"extraPorts": {
"type": "array",
"description": "Extra ports to expose for the headless service",
"default": [],
"items": {}
}
}
}
......
chart/values.yaml
View file @ 2fefacb2
......@@ -78,6 +78,11 @@ global:
imagePullSecrets:
- private-registry
storageClass: ""
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
redis:
password: ""
## Compatibility adaptations for Kubernetes platforms
......@@ -161,7 +166,6 @@ image:
tag: 7.4.1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
......@@ -699,6 +703,9 @@ master:
## @param master.extraPodSpec Optionally specify extra PodSpec for the Redis&reg; master pod(s)
##
extraPodSpec: {}
## @param master.annotations Additional custom annotations for Redis&reg; Master resource
##
annotations: {}
## @section Redis&reg; replicas configuration parameters
##
replica:
......@@ -1198,6 +1205,9 @@ replica:
## @param replica.extraPodSpec Optionally specify extra PodSpec for the Redis&reg; replicas pod(s)
##
extraPodSpec: {}
## @param replica.annotations Additional custom annotations for Redis&reg; replicas resource
##
annotations: {}
## @section Redis&reg; Sentinel configuration parameters
##
......@@ -1220,10 +1230,9 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
tag: 7.4.1-debian-12-r0
tag: 7.4.1-debian-12-r2
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
......@@ -1542,7 +1551,15 @@ sentinel:
## @param sentinel.service.headless.annotations Annotations for the headless service.
##
annotations: {}
## @param sentinel.service.headless.extraPorts Optionally specify extra ports to expose for the headless service.
## Example:
## extraPorts:
## - name: my-custom-port
## port: 12345
## protocol: TCP
## targetPort: 12345
##
extraPorts: []
## Redis&reg; master service parameters
##
masterService:
......@@ -1781,7 +1798,7 @@ metrics:
image:
registry: registry1.dso.mil
repository: ironbank/bitnami/analytics/redis-exporter
tag: v1.66.0
tag: v1.67.0
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
......@@ -2164,7 +2181,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r30
tag: 12-debian-12-r33
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
......@@ -2242,7 +2259,6 @@ kubectl:
tag: 1.31.2-debian-12-r3
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
......@@ -2314,7 +2330,7 @@ sysctl:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r30
tag: 12-debian-12-r33
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
......

UNCLASSIFIED - NO CUI