UNCLASSIFIED

Skip to content

GitLab

Commit add69a72 authored by bhearn's avatar bhearn
Browse files

Merge branch 'update-redis-v2' into 'main' 

add ha-redis

See merge request !24
parents 19cb98dc 92554748
Pipeline #197854 passed with stages
in 4 minutes
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 2407 additions and 0 deletions
chart/deps/redis/templates/configmap-scripts.yaml 0 → 100644
View file @ add69a72
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis.fullname" . }}-scripts
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
{{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
start-node.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
not_exists_dns_entry() {
myip=$(hostname -i)
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep "^${myip}" )" ]]; then
warn "$HEADLESS_SERVICE does not contain the IP of this pod: ${myip}"
return 1
fi
info "$HEADLESS_SERVICE has my IP: ${myip}"
return 0
}
HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
# Waits for DNS to add this ip to the service DNS entry
retry_while not_exists_dns_entry
export REDIS_REPLICATION_MODE="slave"
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
export REDIS_REPLICATION_MODE="master"
fi
{{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.slave.persistence.path }}
{{- end }}
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
fi
if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
echo "I am master"
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
else
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
REDIS_SENTINEL_INFO=($($sentinel_info_command))
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
# Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
# or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the redis
# container to be ready and restart the it. By then the new master will likely have been elected
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
if [[ ! ($($sentinel_info_command)) ]]; then
# master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
# and are reporting the old one still. Once this happens the container will get stuck and never see the new
# master. We stop here to allow the container to not pass the liveness check and be restarted.
exit 1
fi
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
if [[ "$REDIS_REPLICATION_MODE" == "slave" ]]; then
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
fi
{{- if .Values.usePassword }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
else
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
fi
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
{{- if .Values.slave.extraFlags }}
{{- range .Values.slave.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.slave.preExecCmds }}
{{ .Values.slave.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.slave.command }}
exec {{ .Values.slave.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
start-sentinel.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libfile.sh
sentinel_conf_set() {
local -r key="${1:?missing key}"
local value="${2:-}"
# Sanitize inputs
value="${value//\\/\\\\}"
value="${value//&/\\&}"
value="${value//\?/\\?}"
[[ "$value" = "" ]] && value="\"$value\""
replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
}
sentinel_conf_add() {
echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf"
}
host_id() {
echo "$1" | openssl sha1 | awk '{print $2}'
}
not_exists_dns_entry() {
myip=$(hostname -i)
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep "^${myip}" )" ]]; then
warn "$HEADLESS_SERVICE does not contain the IP of this pod: ${myip}"
return 1
fi
info "$HEADLESS_SERVICE has my IP: ${myip}"
return 0
}
HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- if .Values.usePassword }}
printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- if .Values.sentinel.usePassword }}
printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- end }}
{{- end }}
{{- if .Values.sentinel.staticID }}
printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- end }}
fi
export REDIS_REPLICATION_MODE="slave"
# Waits for DNS to add this ip to the service DNS entry
retry_while not_exists_dns_entry
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i)")" ]]; then
export REDIS_REPLICATION_MODE="master"
fi
# Clean sentineles from the current sentinel nodes
for node in $( getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i)" | cut -f 1 -d ' ' | uniq ); do
info "Cleaning sentinels in sentinel node: $node"
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $node -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel reset "*"
else
redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $node -p {{ .Values.sentinel.port }} sentinel reset "*"
fi
sleep {{ .Values.sentinel.cleanDelaySeconds }}
done
info "Sentinels clean up done"
if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
REDIS_MASTER_HOST="$(hostname -i)"
REDIS_MASTER_PORT_NUMBER="{{ .Values.redisPort }}"
else
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
REDIS_SENTINEL_INFO=($($sentinel_info_command))
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
# Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
# or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the sentinel
# container to be ready and restart the it. By then the new master will likely have been elected
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
if [[ ! ($($sentinel_info_command)) ]]; then
# master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
# and are reporting the old one still. Once this happens the container will get stuck and never see the new
# master. We stop here to allow the container to not pass the liveness check and be restarted.
exit 1
fi
fi
sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
add_replica() {
if [[ "$1" != "$REDIS_MASTER_HOST" ]]; then
sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $1 {{ .Values.redisPort }}"
fi
}
{{- if .Values.sentinel.staticID }}
# remove generated known sentinels and replicas
tmp="$(sed -e '/^sentinel known-/d' -e '/^$/d' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
echo "$tmp" > /opt/bitnami/redis-sentinel/etc/sentinel.conf
for node in $(seq 0 {{ .Values.cluster.slaveCount }}); do
NAME="{{ template "redis.fullname" . }}-node-$node"
IP="$(getent hosts "$NAME.$HEADLESS_SERVICE" | awk ' {print $1 }')"
if [[ "$NAME" != "$HOSTNAME" && -n "$IP" ]]; then
sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $IP {{ .Values.sentinel.port }} $(host_id "$NAME")"
add_replica "$IP"
fi
done
add_replica "$(hostname -i)"
{{- end }}
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
ARGS+=("--tls-replication" "yes")
ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- end }}
{{- if .Values.sentinel.preExecCmds }}
{{ .Values.sentinel.preExecCmds | nindent 4 }}
{{- end }}
exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
prestop-sentinel.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libvalidations.sh
REDIS_SERVICE="{{ include "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
if [[ -n "$REDIS_PASSWORD_FILE" ]]; then
password_aux=$(cat "$REDIS_PASSWORD_FILE")
export REDIS_PASSWORD="$password_aux"
fi
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
REDIS_SENTINEL_INFO=($($sentinel_info_command))
REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}"
if [[ "$REDIS_MASTER_HOST" == "$(hostname -i)" ]]; then
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel failover mymaster
else
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} sentinel failover mymaster
fi
fi
{{- else }}
start-master.sh: |
#!/bin/bash
{{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.master.persistence.path }}
{{- end }}
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
{{- if .Values.usePassword }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
{{- if .Values.master.extraFlags }}
{{- range .Values.master.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.master.preExecCmds }}
{{ .Values.master.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.master.command }}
exec {{ .Values.master.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
{{- if .Values.cluster.enabled }}
start-slave.sh: |
#!/bin/bash
{{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.slave.persistence.path }}
{{- end }}
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
{{- if .Values.usePassword }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
{{- if .Values.slave.extraFlags }}
{{- range .Values.slave.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.slave.preExecCmds }}
{{ .Values.slave.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.slave.command }}
exec {{ .Values.slave.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
{{- end }}
{{- end -}}
chart/deps/redis/templates/configmap.yaml 0 → 100644
View file @ add69a72
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
redis.conf: |-
{{- if .Values.configmap }}
# User-supplied configuration:
{{- tpl .Values.configmap . | nindent 4 }}
{{- end }}
master.conf: |-
dir {{ .Values.master.persistence.path }}
{{- if .Values.master.configmap }}
# User-supplied master configuration:
{{- tpl .Values.master.configmap . | nindent 4 }}
{{- end }}
{{- if .Values.master.disableCommands }}
{{- range .Values.master.disableCommands }}
rename-command {{ . }} ""
{{- end }}
{{- end }}
replica.conf: |-
dir {{ .Values.slave.persistence.path }}
slave-read-only yes
{{- if .Values.slave.configmap }}
# User-supplied slave configuration:
{{- tpl .Values.slave.configmap . | nindent 4 }}
{{- end }}
{{- if .Values.slave.disableCommands }}
{{- range .Values.slave.disableCommands }}
rename-command {{ . }} ""
{{- end }}
{{- end }}
{{- if .Values.sentinel.enabled }}
sentinel.conf: |-
dir "/tmp"
bind 0.0.0.0
port {{ .Values.sentinel.port }}
sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "redis.fullname" . }}-node-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.redisPort }} {{ .Values.sentinel.quorum }}
sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
{{- if .Values.sentinel.configmap }}
# User-supplied sentinel configuration:
{{- tpl .Values.sentinel.configmap . | nindent 4 }}
{{- end }}
{{- end }}
chart/deps/redis/templates/headless-svc.yaml 0 → 100644
View file @ add69a72
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis.fullname" . }}-headless
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: ClusterIP
clusterIP: None
{{- if .Values.sentinel.enabled }}
publishNotReadyAddresses: true
{{- end }}
ports:
- name: tcp-redis
port: {{ .Values.redisPort }}
targetPort: redis
{{- if .Values.sentinel.enabled }}
- name: tcp-sentinel
port: {{ .Values.sentinel.port }}
targetPort: redis-sentinel
{{- end }}
selector:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
chart/deps/redis/templates/health-configmap.yaml 0 → 100644
View file @ add69a72
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis.fullname" . }}-health
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
ping_readiness_local.sh: |-
#!/bin/bash
{{- if .Values.usePasswordFile }}
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
{{- end }}
export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_PORT \
{{- end }}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
#!/bin/bash
{{- if .Values.usePasswordFile }}
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
{{- end }}
export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_PORT \
{{- end }}
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
{{- if .Values.sentinel.enabled }}
ping_sentinel.sh: |-
#!/bin/bash
{{- if .Values.usePasswordFile }}
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
{{- end }}
export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_SENTINEL_TLS_PORT_NUMBER \
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_SENTINEL_PORT \
{{- end }}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
parse_sentinels.awk: |-
/ip/ {FOUND_IP=1}
/port/ {FOUND_PORT=1}
/runid/ {FOUND_RUNID=1}
!/ip|port|runid/ {
if (FOUND_IP==1) {
IP=$1; FOUND_IP=0;
}
else if (FOUND_PORT==1) {
PORT=$1;
FOUND_PORT=0;
} else if (FOUND_RUNID==1) {
printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0;
}
}
{{- end }}
ping_readiness_master.sh: |-
#!/bin/bash
{{- if .Values.usePasswordFile }}
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
{{- end }}
export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
{{- if .Values.tls.enabled }}
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
#!/bin/bash
{{- if .Values.usePasswordFile }}
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
{{- end }}
export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
{{- if .Values.tls.enabled }}
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
chart/deps/redis/templates/metrics-prometheus.yaml 0 → 100644
View file @ add69a72
{{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "redis.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- range $key, $value := .Values.metrics.serviceMonitor.selector }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
endpoints:
- port: metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
selector:
matchLabels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
app.kubernetes.io/component: "metrics"
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end -}}
chart/deps/redis/templates/metrics-svc.yaml 0 → 100644
View file @ add69a72
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis.fullname" . }}-metrics
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
app.kubernetes.io/component: "metrics"
{{- if .Values.metrics.service.labels -}}
{{- toYaml .Values.metrics.service.labels | nindent 4 }}
{{- end -}}
{{- if .Values.metrics.service.annotations }}
annotations: {{- toYaml .Values.metrics.service.annotations | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
{{ if eq .Values.metrics.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }}
{{- end }}
{{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
{{- end }}
ports:
- name: metrics
port: 9121
targetPort: metrics
selector:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
{{- end }}
chart/deps/redis/templates/networkpolicy.yaml 0 → 100644
View file @ add69a72
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "networkPolicy.apiVersion" . }}
metadata:
name: {{ template "redis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
{{- if .Values.cluster.enabled }}
policyTypes:
- Ingress
- Egress
egress:
# Allow dns resolution
- ports:
- port: 53
protocol: UDP
# Allow outbound connections to other cluster pods
- ports:
- port: {{ .Values.redisPort }}
{{- if .Values.sentinel.enabled }}
- port: {{ .Values.sentinel.port }}
{{- end }}
to:
- podSelector:
matchLabels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
{{- end }}
ingress:
# Allow inbound connections
- ports:
- port: {{ .Values.redisPort }}
{{- if .Values.sentinel.enabled }}
- port: {{ .Values.sentinel.port }}
{{- end }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "redis.fullname" . }}-client: "true"
- podSelector:
matchLabels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: 9121
{{- end }}
{{- end }}
chart/deps/redis/templates/pdb.yaml 0 → 100644
View file @ add69a72
{{- if .Values.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "redis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
{{- end }}
chart/deps/redis/templates/prometheusrule.yaml 0 → 100644
View file @ add69a72
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "redis.fullname" . }}
{{- if .Values.metrics.prometheusRule.namespace }}
namespace: {{ .Values.metrics.prometheusRule.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.metrics.prometheusRule.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.metrics.prometheusRule.rules }}
groups:
- name: {{ template "redis.name" $ }}
rules: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- end }}
chart/deps/redis/templates/psp.yaml 0 → 100644
View file @ add69a72
{{- if .Values.podSecurityPolicy.create }}
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "redis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.securityContext.fsGroup }}
max: {{ .Values.securityContext.fsGroup }}
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.containerSecurityContext.runAsUser }}
max: {{ .Values.containerSecurityContext.runAsUser }}
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.containerSecurityContext.runAsUser }}
max: {{ .Values.containerSecurityContext.runAsUser }}
volumes:
- 'configMap'
- 'secret'
- 'emptyDir'
- 'persistentVolumeClaim'
{{- end }}
chart/deps/redis/templates/redis-master-statefulset.yaml 0 → 100644
View file @ add69a72
{{- if or (not .Values.cluster.enabled) (not .Values.sentinel.enabled) }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "redis.fullname" . }}-master
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.master.statefulset.labels }}
{{- toYaml .Values.master.statefulset.labels | nindent 4 }}
{{- end }}
{{- if .Values.master.statefulset.annotations }}
annotations:
{{- toYaml .Values.master.statefulset.annotations | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
role: master
serviceName: {{ template "redis.fullname" . }}-headless
template:
metadata:
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
role: master
{{- if .Values.master.podLabels }}
{{- toYaml .Values.master.podLabels | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
{{- toYaml .Values.metrics.podLabels | nindent 8 }}
{{- end }}
annotations:
checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.master.podAnnotations }}
{{- toYaml .Values.master.podAnnotations | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- include "redis.imagePullSecrets" . | nindent 6 }}
{{- if .Values.master.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "redis.serviceAccountName" . }}
{{- if .Values.master.priorityClassName }}
priorityClassName: {{ .Values.master.priorityClassName | quote }}
{{- end }}
{{- with .Values.master.affinity }}
affinity: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- if .Values.master.nodeSelector }}
nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.master.tolerations }}
tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.master.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.master.shareProcessNamespace }}
{{- end }}
{{- if .Values.master.schedulerName }}
schedulerName: {{ .Values.master.schedulerName }}
{{- end }}
containers:
- name: {{ template "redis.name" . }}
image: {{ template "redis.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
command:
- /bin/bash
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
env:
- name: REDIS_REPLICATION_MODE
value: master
{{- if .Values.usePassword }}
{{- if .Values.usePasswordFile }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- else }}
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
{{- end }}
- name: REDIS_TLS_ENABLED
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_PORT
value: {{ .Values.redisPort | quote }}
- name: REDIS_TLS_AUTH_CLIENTS
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
{{- end }}
{{- else }}
- name: REDIS_PORT
value: {{ .Values.redisPort | quote }}
{{- end }}
{{- if .Values.master.extraEnvVars }}
{{- include "redis.tplValue" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
envFrom:
{{- if .Values.master.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.master.extraEnvVarsCM }}
{{- end }}
{{- if .Values.master.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.master.extraEnvVarsSecret }}
{{- end }}
{{- end }}
ports:
- name: redis
containerPort: {{ .Values.redisPort }}
{{- if .Values.master.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }}
{{- else if .Values.master.customLivenessProbe }}
livenessProbe: {{- toYaml .Values.master.customLivenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.master.readinessProbe.enabled}}
readinessProbe:
initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }}
{{- else if .Values.master.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.master.resources | nindent 12 }}
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
{{- if .Values.usePasswordFile }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
- name: redis-data
mountPath: {{ .Values.master.persistence.path }}
subPath: {{ .Values.master.persistence.subPath }}
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
- name: tmp
mountPath: /tmp
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
command:
- /bin/bash
- -c
- |
if [[ -f '/secrets/redis-password' ]]; then
export REDIS_PASSWORD=$(cat /secrets/redis-password)
fi
redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
env:
- name: REDIS_ALIAS
value: {{ template "redis.fullname" . }}
{{- if and .Values.usePassword (not .Values.usePasswordFile) }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: REDIS_ADDR
value: rediss://localhost:{{ .Values.redisPort }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
volumeMounts:
{{- if .Values.usePasswordFile }}
- name: redis-password
mountPath: /secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
ports:
- name: metrics
containerPort: 9121
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
{{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
initContainers:
{{- if $needsVolumePermissions }}
- name: volume-permissions
image: "{{ template "redis.volumePermissions.image" . }}"
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }}
{{- else }}
chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.master.persistence.path }}
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 10 }}
volumeMounts:
- name: redis-data
mountPath: {{ .Values.master.persistence.path }}
subPath: {{ .Values.master.persistence.subPath }}
{{- end }}
{{- if .Values.sysctlImage.enabled }}
- name: init-sysctl
image: {{ template "redis.sysctl.image" . }}
imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 10 }}
{{- if .Values.sysctlImage.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
command: {{- toYaml .Values.sysctlImage.command | nindent 10 }}
securityContext:
privileged: true
runAsUser: 0
{{- end }}
{{- end }}
volumes:
- name: start-scripts
configMap:
name: {{ include "redis.fullname" . }}-scripts
defaultMode: 0755
- name: health
configMap:
name: {{ template "redis.fullname" . }}-health
defaultMode: 0755
{{- if .Values.usePasswordFile }}
- name: redis-password
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- end }}
- name: config
configMap:
name: {{ template "redis.fullname" . }}
{{- if not .Values.master.persistence.enabled }}
- name: "redis-data"
emptyDir: {}
{{- else }}
{{- if .Values.persistence.existingClaim }}
- name: "redis-data"
persistentVolumeClaim:
claimName: {{ include "redis.tplValue" (dict "value" .Values.persistence.existingClaim "context" $) }}
{{- end }}
{{- if .Values.master.persistence.volumes }}
{{- toYaml .Values.master.persistence.volumes | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.sysctlImage.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
- name: redis-tmp-conf
emptyDir: {}
- name: tmp
emptyDir: {}
{{- if .Values.tls.enabled }}
- name: redis-certificates
secret:
secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
defaultMode: 256
{{- end }}
{{- if and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) (not .Values.master.persistence.volumes) }}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
component: master
{{- if .Values.master.statefulset.volumeClaimTemplates.labels }}
{{- toYaml .Values.master.statefulset.volumeClaimTemplates.labels | nindent 10 }}
{{- end }}
{{- if .Values.master.statefulset.volumeClaimTemplates.annotations }}
annotations:
{{- toYaml .Values.master.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.master.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.master.persistence.size | quote }}
{{ include "redis.master.storageClass" . }}
selector:
{{- if .Values.master.persistence.matchLabels }}
matchLabels: {{- toYaml .Values.master.persistence.matchLabels | nindent 12 }}
{{- end -}}
{{- if .Values.master.persistence.matchExpressions }}
matchExpressions: {{- toYaml .Values.master.persistence.matchExpressions | nindent 12 }}
{{- end -}}
{{- end }}
updateStrategy:
type: {{ .Values.master.statefulset.updateStrategy }}
{{- if .Values.master.statefulset.rollingUpdatePartition }}
{{- if (eq "Recreate" .Values.master.statefulset.updateStrategy) }}
rollingUpdate: null
{{- else }}
rollingUpdate:
partition: {{ .Values.master.statefulset.rollingUpdatePartition }}
{{- end }}
{{- end }}
{{- end }}
chart/deps/redis/templates/redis-master-svc.yaml 0 → 100644
View file @ add69a72
{{- if not .Values.sentinel.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis.fullname" . }}-master
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.master.service.labels -}}
{{- toYaml .Values.master.service.labels | nindent 4 }}
{{- end -}}
{{- if .Values.master.service.annotations }}
annotations: {{- toYaml .Values.master.service.annotations | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.master.service.type }}
{{ if eq .Values.master.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- with .Values.master.service.loadBalancerSourceRanges }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
ports:
- name: tcp-redis
port: {{ .Values.master.service.port }}
targetPort: redis
{{- if .Values.master.service.nodePort }}
nodePort: {{ .Values.master.service.nodePort }}
{{- end }}
selector:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
role: master
{{- end }}
chart/deps/redis/templates/redis-node-statefulset.yaml 0 → 100644
View file @ add69a72
This diff is collapsed.
chart/deps/redis/templates/redis-role.yaml 0 → 100644
View file @ add69a72
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "redis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
{{- if .Values.podSecurityPolicy.create }}
- apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "redis.fullname" . }}]
{{- end -}}
{{- if .Values.rbac.role.rules }}
{{- toYaml .Values.rbac.role.rules | nindent 2 }}
{{- end -}}
{{- end -}}
chart/deps/redis/templates/redis-rolebinding.yaml 0 → 100644
View file @ add69a72
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "redis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "redis.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "redis.serviceAccountName" . }}
{{- end -}}
chart/deps/redis/templates/redis-serviceaccount.yaml 0 → 100644
View file @ add69a72
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "redis.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.serviceAccount.annotations }}
annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
{{- end }}
{{- end -}}
chart/deps/redis/templates/redis-slave-statefulset.yaml 0 → 100644
View file @ add69a72
{{- if and .Values.cluster.enabled (not .Values.sentinel.enabled) }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "redis.fullname" . }}-slave
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.slave.statefulset.labels }}
{{- toYaml .Values.slave.statefulset.labels | nindent 4 }}
{{- end }}
{{- if .Values.slave.statefulset.annotations }}
annotations:
{{- toYaml .Values.slave.statefulset.annotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.slave.updateStrategy }}
strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
{{- end }}
replicas: {{ .Values.cluster.slaveCount }}
serviceName: {{ template "redis.fullname" . }}-headless
selector:
matchLabels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
role: slave
template:
metadata:
labels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
chart: {{ template "redis.chart" . }}
role: slave
{{- if .Values.slave.podLabels }}
{{- toYaml .Values.slave.podLabels | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
{{- toYaml .Values.metrics.podLabels | nindent 8 }}
{{- end }}
annotations:
checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.slave.podAnnotations }}
{{- toYaml .Values.slave.podAnnotations | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- include "redis.imagePullSecrets" . | nindent 6 }}
{{- if .Values.slave.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "redis.serviceAccountName" . }}
{{- if .Values.slave.priorityClassName }}
priorityClassName: {{ .Values.slave.priorityClassName | quote }}
{{- end }}
{{- if .Values.slave.nodeSelector }}
nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.slave.tolerations }}
tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.slave.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.slave.shareProcessNamespace }}
{{- end }}
{{- if .Values.slave.schedulerName }}
schedulerName: {{ .Values.slave.schedulerName }}
{{- end }}
{{- if .Values.master.spreadConstraints }}
topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
{{- end }}
{{- with .Values.slave.affinity }}
affinity: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
containers:
- name: {{ template "redis.name" . }}
image: {{ template "redis.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
command:
- /bin/bash
- -c
- /opt/bitnami/scripts/start-scripts/start-slave.sh
env:
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: {{ template "redis.fullname" . }}-master-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
- name: REDIS_MASTER_PORT_NUMBER
value: {{ .Values.redisPort | quote }}
{{- if .Values.usePassword }}
{{- if .Values.usePasswordFile }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
- name: REDIS_MASTER_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- else }}
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
{{- end }}
- name: REDIS_TLS_ENABLED
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_PORT
value: {{ .Values.redisPort | quote }}
- name: REDIS_TLS_AUTH_CLIENTS
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
{{- end }}
{{- else }}
- name: REDIS_PORT
value: {{ .Values.redisPort | quote }}
{{- end }}
{{- if .Values.slave.extraEnvVars }}
{{- include "redis.tplValue" (dict "value" .Values.slave.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.slave.extraEnvVarsCM .Values.slave.extraEnvVarsSecret }}
envFrom:
{{- if .Values.slave.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.slave.extraEnvVarsCM }}
{{- end }}
{{- if .Values.slave.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.slave.extraEnvVarsSecret }}
{{- end }}
{{- end }}
ports:
- name: redis
containerPort: {{ .Values.redisPort }}
{{- if .Values.slave.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
timeoutSeconds: {{ add1 .Values.slave.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
{{- else if .Values.slave.customLivenessProbe }}
livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.slave.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
timeoutSeconds: {{ add1 .Values.slave.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
{{- else if .Values.slave.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.slave.resources | nindent 12 }}
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
{{- if .Values.usePasswordFile }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
- name: redis-data
mountPath: /data
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
command:
- /bin/bash
- -c
- |
if [[ -f '/secrets/redis-password' ]]; then
export REDIS_PASSWORD=$(cat /secrets/redis-password)
fi
redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
env:
- name: REDIS_ALIAS
value: {{ template "redis.fullname" . }}
{{- if and .Values.usePassword (not .Values.usePasswordFile) }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: REDIS_ADDR
value: rediss://localhost:{{ .Values.redisPort }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
volumeMounts:
{{- if .Values.usePasswordFile }}
- name: redis-password
mountPath: /secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
ports:
- name: metrics
containerPort: 9121
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
{{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
initContainers:
{{- if $needsVolumePermissions }}
- name: volume-permissions
image: {{ template "redis.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }}
{{- else }}
chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }}
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
volumeMounts:
- name: redis-data
mountPath: {{ .Values.slave.persistence.path }}
subPath: {{ .Values.slave.persistence.subPath }}
{{- end }}
{{- if .Values.sysctlImage.enabled }}
- name: init-sysctl
image: {{ template "redis.sysctl.image" . }}
imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- if .Values.sysctlImage.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
securityContext:
privileged: true
runAsUser: 0
{{- end }}
{{- end }}
volumes:
- name: start-scripts
configMap:
name: {{ include "redis.fullname" . }}-scripts
defaultMode: 0755
- name: health
configMap:
name: {{ template "redis.fullname" . }}-health
defaultMode: 0755
{{- if .Values.usePasswordFile }}
- name: redis-password
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- end }}
- name: config
configMap:
name: {{ template "redis.fullname" . }}
{{- if .Values.sysctlImage.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
- name: redis-tmp-conf
emptyDir: {}
{{- if .Values.tls.enabled }}
- name: redis-certificates
secret:
secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
defaultMode: 256
{{- end }}
{{- if not .Values.slave.persistence.enabled }}
- name: redis-data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
component: slave
{{- if .Values.slave.statefulset.volumeClaimTemplates }}
{{- if .Values.slave.statefulset.volumeClaimTemplates.labels }}
{{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }}
{{- end }}
{{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }}
annotations:
{{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
{{- end }}
{{- end }}
spec:
accessModes:
{{- range .Values.slave.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.slave.persistence.size | quote }}
{{ include "redis.slave.storageClass" . }}
selector:
{{- if .Values.slave.persistence.matchLabels }}
matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
{{- end -}}
{{- if .Values.slave.persistence.matchExpressions }}
matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
{{- end -}}
{{- end }}
updateStrategy:
type: {{ .Values.slave.statefulset.updateStrategy }}
{{- if .Values.slave.statefulset.rollingUpdatePartition }}
{{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
rollingUpdate: null
{{- else }}
rollingUpdate:
partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
{{- end }}
{{- end }}
{{- end }}
chart/deps/redis/templates/redis-slave-svc.yaml 0 → 100644
View file @ add69a72
{{- if and .Values.cluster.enabled (not .Values.sentinel.enabled) }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis.fullname" . }}-slave
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.slave.service.labels -}}
{{- toYaml .Values.slave.service.labels | nindent 4 }}
{{- end -}}
{{- if .Values.slave.service.annotations }}
annotations: {{- toYaml .Values.slave.service.annotations | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.slave.service.type }}
{{ if eq .Values.slave.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.slave.service.externalTrafficPolicy }}
{{- end }}
{{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.slave.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- with .Values.slave.service.loadBalancerSourceRanges }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
ports:
- name: tcp-redis
port: {{ .Values.slave.service.port }}
targetPort: redis
{{- if .Values.slave.service.nodePort }}
nodePort: {{ .Values.slave.service.nodePort }}
{{- end }}
selector:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
role: slave
{{- end }}
chart/deps/redis/templates/redis-with-sentinel-svc.yaml 0 → 100644
View file @ add69a72
{{- if .Values.sentinel.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.sentinel.service.labels }}
{{- toYaml .Values.sentinel.service.labels | nindent 4 }}
{{- end }}
{{- if .Values.sentinel.service.annotations }}
annotations: {{- toYaml .Values.sentinel.service.annotations | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.sentinel.service.type }}
{{ if eq .Values.sentinel.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy }}
{{- end }}
{{ if eq .Values.sentinel.service.type "LoadBalancer" -}} {{ if .Values.sentinel.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
{{ end -}}
{{- end -}}
ports:
- name: tcp-redis
port: {{ .Values.sentinel.service.redisPort }}
targetPort: redis
{{- if .Values.sentinel.service.redisNodePort }}
nodePort: {{ .Values.sentinel.service.redisNodePort }}
{{- end }}
- name: tcp-sentinel
port: {{ .Values.sentinel.service.sentinelPort }}
targetPort: redis-sentinel
{{- if .Values.sentinel.service.sentinelNodePort }}
nodePort: {{ .Values.sentinel.service.sentinelNodePort }}
{{- end }}
selector:
app: {{ template "redis.name" . }}
release: {{ .Release.Name }}
{{- end }}
chart/deps/redis/templates/secret.yaml 0 → 100644
View file @ add69a72
{{- if and .Values.usePassword (not .Values.existingSecret) -}}
{{- $secretName := include "redis.fullname" . -}}
{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName ) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{ if $secret }}
{{ with $secret }}
redis-password: {{ get .data "redis-password" }}
{{ end }}
{{ else }}
redis-password: {{ include "redis.password" . | b64enc | quote }}
{{- end -}}
{{- end -}}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED