server/sa-charts
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

redis

Browse Source
This commit is contained in:
marsal wang
2021-12-24 15:19:21 +08:00
parent 8aeed5d788
commit 98c8ddd6f5
40 changed files with 7334 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1377
local-values/redis/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

21
redis/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
redis/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.10.1
digest: sha256:46a0218b2fbb421c87da91166dc5230d3ec85aa7d822dff1d479619fff8314e7
generated: "2021-11-18T17:38:31.365659-05:00"

28
redis/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
category: Database
apiVersion: v2
appVersion: 6.2.6
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 1.x.x
description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.
engine: gotpl
home: https://github.com/bitnami/charts/tree/master/bitnami/redis
icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png
keywords:
- redis
- keyvalue
- database
maintainers:
- email: containers@bitnami.com
name: Bitnami
- email: cedric@desaintmartin.fr
name: desaintmartin
name: redis
sources:
- https://github.com/bitnami/bitnami-docker-redis
- http://redis.io/
version: 15.6.7

730
redis/README.md Normal file
View File

@ -0,0 +1,730 @@
# Redis™ Chart packaged by Bitnami
[Redis™](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
Disclaimer: REDIS® is a registered trademark of Redis Labs Ltd.Any rights therein are reserved to Redis Labs Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd.
## TL;DR
```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/redis
```
## Introduction
This chart bootstraps a [Redis™](https://github.com/bitnami/bitnami-docker-redis) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
### Choose between Redis™ Helm Chart and Redis™ Cluster Helm Chart
You can choose any of the two Redis™ Helm charts for deploying a Redis™ cluster.
1. [Redis™ Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis) will deploy a master-slave cluster, with the [option](https://github.com/bitnami/charts/tree/master/bitnami/redis#redistm-sentinel-configuration-parameters) of enabling using Redis™ Sentinel.
2. [Redis™ Cluster Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) will deploy a Redis™ Cluster topology with sharding.
The main features of each chart are the following:
| Redis™ | Redis™ Cluster |
|--------------------------------------------------------|------------------------------------------------------------------------|
| Supports multiple databases | Supports only one database. Better if you have a big dataset |
| Single write point (single master) | Multiple write points (multiple masters) |
| ![Redis™ Topology](img/redis-topology.png) | ![Redis™ Cluster Topology](img/redis-cluster-topology.png) |
## Prerequisites
- Kubernetes 1.12+
- Helm 3.1.0
- PV provisioner support in the underlying infrastructure
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install my-release bitnami/redis
```
The command deploys Redis™ on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ------------------------- | -------------------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.redis.password` | Global Redis™ password (overrides `auth.password`) | `""` |
### Common parameters
| Name | Description | Value |
| ------------------------ | --------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Override Kubernetes version | `""` |
| `nameOverride` | String to partially override common.names.fullname | `""` |
| `fullnameOverride` | String to fully override common.names.fullname | `""` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
### Redis™ Image parameters
| Name | Description | Value |
| ------------------- | ------------------------------------------------------- | --------------------- |
| `image.registry` | Redis™ image registry | `docker.io` |
| `image.repository` | Redis™ image repository | `bitnami/redis` |
| `image.tag` | Redis™ image tag (immutable tags are recommended) | `6.2.6-debian-10-r53` |
| `image.pullPolicy` | Redis™ image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Redis™ image pull secrets | `[]` |
| `image.debug` | Enable image debug mode | `false` |
### Redis™ common configuration parameters
| Name | Description | Value |
| -------------------------------- | --------------------------------------------------------------------------------------- | ------------- |
| `architecture` | Redis™ architecture. Allowed values: `standalone` or `replication` | `replication` |
| `auth.enabled` | Enable password authentication | `true` |
| `auth.sentinel` | Enable password authentication on sentinels too | `true` |
| `auth.password` | Redis™ password | `""` |
| `auth.existingSecret` | The name of an existing secret with Redis™ credentials | `""` |
| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` |
| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` |
| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis™ nodes | `""` |
### Redis™ master configuration parameters
| Name | Description | Value |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------------ |
| `master.configuration` | Configuration for Redis™ master nodes | `""` |
| `master.disableCommands` | Array with Redis™ commands to disable on master nodes | `["FLUSHDB","FLUSHALL"]` |
| `master.command` | Override default container command (useful when using custom images) | `[]` |
| `master.args` | Override default container args (useful when using custom images) | `[]` |
| `master.preExecCmds` | Additional commands to run prior to starting Redis™ master | `[]` |
| `master.extraFlags` | Array with additional command line flags for Redis™ master | `[]` |
| `master.extraEnvVars` | Array with extra environment variables to add to Redis™ master nodes | `[]` |
| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis™ master nodes | `""` |
| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis™ master nodes | `""` |
| `master.containerPort` | Container port to open on Redis™ master nodes | `6379` |
| `master.livenessProbe.enabled` | Enable livenessProbe on Redis™ master nodes | `true` |
| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `master.readinessProbe.enabled` | Enable readinessProbe on Redis™ master nodes | `true` |
| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `master.resources.limits` | The resources limits for the Redis™ master containers | `{}` |
| `master.resources.requests` | The requested resources for the Redis™ master containers | `{}` |
| `master.podSecurityContext.enabled` | Enabled Redis™ master pods' Security Context | `true` |
| `master.podSecurityContext.fsGroup` | Set Redis™ master pod's Security Context fsGroup | `1001` |
| `master.containerSecurityContext.enabled` | Enabled Redis™ master containers' Security Context | `true` |
| `master.containerSecurityContext.runAsUser` | Set Redis™ master containers' Security Context runAsUser | `1001` |
| `master.schedulerName` | Alternate scheduler for Redis™ master pods | `""` |
| `master.updateStrategy.type` | Redis™ master statefulset strategy type | `RollingUpdate` |
| `master.priorityClassName` | Redis™ master pods' priorityClassName | `""` |
| `master.hostAliases` | Redis™ master pods host aliases | `[]` |
| `master.podLabels` | Extra labels for Redis™ master pods | `{}` |
| `master.podAnnotations` | Annotations for Redis™ master pods | `{}` |
| `master.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis™ master pods | `false` |
| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` |
| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` |
| `master.affinity` | Affinity for Redis™ master pods assignment | `{}` |
| `master.nodeSelector` | Node labels for Redis™ master pods assignment | `{}` |
| `master.tolerations` | Tolerations for Redis™ master pods assignment | `[]` |
| `master.spreadConstraints` | Spread Constraints for Redis™ master pod assignment | `[]` |
| `master.lifecycleHooks` | for the Redis™ master container(s) to automate configuration before or after startup | `{}` |
| `master.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ master pod(s) | `[]` |
| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ master container(s) | `[]` |
| `master.sidecars` | Add additional sidecar containers to the Redis™ master pod(s) | `[]` |
| `master.initContainers` | Add additional init containers to the Redis™ master pod(s) | `[]` |
| `master.persistence.enabled` | Enable persistence on Redis™ master nodes using Persistent Volume Claims | `true` |
| `master.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
| `master.persistence.path` | The path the volume will be mounted at on Redis™ master containers | `/data` |
| `master.persistence.subPath` | The subdirectory of the volume to mount on Redis™ master containers | `""` |
| `master.persistence.storageClass` | Persistent Volume storage class | `""` |
| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `master.persistence.size` | Persistent Volume size | `8Gi` |
| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
| `master.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `master.persistence.dataSource` | Custom PVC data source | `{}` |
| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
| `master.service.type` | Redis™ master service type | `ClusterIP` |
| `master.service.port` | Redis™ master service port | `6379` |
| `master.service.nodePort` | Node port for Redis™ master | `""` |
| `master.service.externalTrafficPolicy` | Redis™ master service external traffic policy | `Cluster` |
| `master.service.clusterIP` | Redis™ master service Cluster IP | `""` |
| `master.service.loadBalancerIP` | Redis™ master service Load Balancer IP | `""` |
| `master.service.loadBalancerSourceRanges` | Redis™ master service Load Balancer sources | `[]` |
| `master.service.annotations` | Additional custom annotations for Redis™ master service | `{}` |
| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` |
### Redis™ replicas configuration parameters
| Name | Description | Value |
| -------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------------------ |
| `replica.replicaCount` | Number of Redis™ replicas to deploy | `3` |
| `replica.configuration` | Configuration for Redis™ replicas nodes | `""` |
| `replica.disableCommands` | Array with Redis™ commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` |
| `replica.command` | Override default container command (useful when using custom images) | `[]` |
| `replica.args` | Override default container args (useful when using custom images) | `[]` |
| `replica.preExecCmds` | Additional commands to run prior to starting Redis™ replicas | `[]` |
| `replica.extraFlags` | Array with additional command line flags for Redis™ replicas | `[]` |
| `replica.extraEnvVars` | Array with extra environment variables to add to Redis™ replicas nodes | `[]` |
| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis™ replicas nodes | `""` |
| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis™ replicas nodes | `""` |
| `replica.containerPort` | Container port to open on Redis™ replicas nodes | `6379` |
| `replica.livenessProbe.enabled` | Enable livenessProbe on Redis™ replicas nodes | `true` |
| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `replica.readinessProbe.enabled` | Enable readinessProbe on Redis™ replicas nodes | `true` |
| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `replica.resources.limits` | The resources limits for the Redis™ replicas containers | `{}` |
| `replica.resources.requests` | The requested resources for the Redis™ replicas containers | `{}` |
| `replica.podSecurityContext.enabled` | Enabled Redis™ replicas pods' Security Context | `true` |
| `replica.podSecurityContext.fsGroup` | Set Redis™ replicas pod's Security Context fsGroup | `1001` |
| `replica.containerSecurityContext.enabled` | Enabled Redis™ replicas containers' Security Context | `true` |
| `replica.containerSecurityContext.runAsUser` | Set Redis™ replicas containers' Security Context runAsUser | `1001` |
| `replica.schedulerName` | Alternate scheduler for Redis™ replicas pods | `""` |
| `replica.updateStrategy.type` | Redis™ replicas statefulset strategy type | `RollingUpdate` |
| `replica.priorityClassName` | Redis™ replicas pods' priorityClassName | `""` |
| `replica.hostAliases` | Redis™ replicas pods host aliases | `[]` |
| `replica.podLabels` | Extra labels for Redis™ replicas pods | `{}` |
| `replica.podAnnotations` | Annotations for Redis™ replicas pods | `{}` |
| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis™ replicas pods | `false` |
| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` |
| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` |
| `replica.affinity` | Affinity for Redis™ replicas pods assignment | `{}` |
| `replica.nodeSelector` | Node labels for Redis™ replicas pods assignment | `{}` |
| `replica.tolerations` | Tolerations for Redis™ replicas pods assignment | `[]` |
| `replica.spreadConstraints` | Spread Constraints for Redis™ replicas pod assignment | `[]` |
| `replica.lifecycleHooks` | for the Redis™ replica container(s) to automate configuration before or after startup | `{}` |
| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ replicas pod(s) | `[]` |
| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ replicas container(s) | `[]` |
| `replica.sidecars` | Add additional sidecar containers to the Redis™ replicas pod(s) | `[]` |
| `replica.initContainers` | Add additional init containers to the Redis™ replicas pod(s) | `[]` |
| `replica.persistence.enabled` | Enable persistence on Redis™ replicas nodes using Persistent Volume Claims | `true` |
| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
| `replica.persistence.path` | The path the volume will be mounted at on Redis™ replicas containers | `/data` |
| `replica.persistence.subPath` | The subdirectory of the volume to mount on Redis™ replicas containers | `""` |
| `replica.persistence.storageClass` | Persistent Volume storage class | `""` |
| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `replica.persistence.size` | Persistent Volume size | `8Gi` |
| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `replica.persistence.dataSource` | Custom PVC data source | `{}` |
| `replica.service.type` | Redis™ replicas service type | `ClusterIP` |
| `replica.service.port` | Redis™ replicas service port | `6379` |
| `replica.service.nodePort` | Node port for Redis™ replicas | `""` |
| `replica.service.externalTrafficPolicy` | Redis™ replicas service external traffic policy | `Cluster` |
| `replica.service.clusterIP` | Redis™ replicas service Cluster IP | `""` |
| `replica.service.loadBalancerIP` | Redis™ replicas service Load Balancer IP | `""` |
| `replica.service.loadBalancerSourceRanges` | Redis™ replicas service Load Balancer sources | `[]` |
| `replica.service.annotations` | Additional custom annotations for Redis™ replicas service | `{}` |
| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-replicas pods | `30` |
| `replica.autoscaling.enabled` | Enable replica autoscaling settings | `false` |
| `replica.autoscaling.minReplicas` | Minimum replicas for the pod autoscaling | `1` |
| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` |
| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` |
| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` |
### Redis™ Sentinel configuration parameters
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `sentinel.enabled` | Use Redis™ Sentinel on Redis™ pods. | `false` |
| `sentinel.image.registry` | Redis™ Sentinel image registry | `docker.io` |
| `sentinel.image.repository` | Redis™ Sentinel image repository | `bitnami/redis-sentinel` |
| `sentinel.image.tag` | Redis™ Sentinel image tag (immutable tags are recommended) | `6.2.6-debian-10-r54` |
| `sentinel.image.pullPolicy` | Redis™ Sentinel image pull policy | `IfNotPresent` |
| `sentinel.image.pullSecrets` | Redis™ Sentinel image pull secrets | `[]` |
| `sentinel.image.debug` | Enable image debug mode | `false` |
| `sentinel.masterSet` | Master set name | `mymaster` |
| `sentinel.quorum` | Sentinel Quorum | `2` |
| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` |
| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis™ node is down | `60000` |
| `sentinel.failoverTimeout` | Timeout for performing a election failover | `18000` |
| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new master after a failover | `1` |
| `sentinel.configuration` | Configuration for Redis™ Sentinel nodes | `""` |
| `sentinel.command` | Override default container command (useful when using custom images) | `[]` |
| `sentinel.args` | Override default container args (useful when using custom images) | `[]` |
| `sentinel.preExecCmds` | Additional commands to run prior to starting Redis™ Sentinel | `[]` |
| `sentinel.extraEnvVars` | Array with extra environment variables to add to Redis™ Sentinel nodes | `[]` |
| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis™ Sentinel nodes | `""` |
| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis™ Sentinel nodes | `""` |
| `sentinel.containerPort` | Container port to open on Redis™ Sentinel nodes | `26379` |
| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Redis™ Sentinel nodes | `true` |
| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Redis™ Sentinel nodes | `true` |
| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `sentinel.resources.limits` | The resources limits for the Redis™ Sentinel containers | `{}` |
| `sentinel.resources.requests` | The requested resources for the Redis™ Sentinel containers | `{}` |
| `sentinel.containerSecurityContext.enabled` | Enabled Redis™ Sentinel containers' Security Context | `true` |
| `sentinel.containerSecurityContext.runAsUser` | Set Redis™ Sentinel containers' Security Context runAsUser | `1001` |
| `sentinel.lifecycleHooks` | for the Redis™ sentinel container(s) to automate configuration before or after startup | `{}` |
| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ Sentinel | `[]` |
| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ Sentinel container(s) | `[]` |
| `sentinel.service.type` | Redis™ Sentinel service type | `ClusterIP` |
| `sentinel.service.port` | Redis™ service port for Redis™ | `6379` |
| `sentinel.service.sentinelPort` | Redis™ service port for Sentinel | `26379` |
| `sentinel.service.nodePorts.redis` | Node port for Redis™ | `""` |
| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` |
| `sentinel.service.externalTrafficPolicy` | Redis™ Sentinel service external traffic policy | `Cluster` |
| `sentinel.service.clusterIP` | Redis™ Sentinel service Cluster IP | `""` |
| `sentinel.service.loadBalancerIP` | Redis™ Sentinel service Load Balancer IP | `""` |
| `sentinel.service.loadBalancerSourceRanges` | Redis™ Sentinel service Load Balancer sources | `[]` |
| `sentinel.service.annotations` | Additional custom annotations for Redis™ Sentinel service | `{}` |
| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` |
### Other Parameters
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` |
| `podSecurityPolicy.enabled` | Enable PodSecurityPolicy's RBAC rules | `false` |
| `rbac.create` | Specifies whether RBAC resources should be created | `false` |
| `rbac.rules` | Custom RBAC rules to set | `[]` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `pdb.create` | Specifies whether a PodDisruptionBudget should be created | `false` |
| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` |
| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` |
| `tls.enabled` | Enable TLS traffic | `false` |
| `tls.authClients` | Require clients to authenticate | `true` |
| `tls.autoGenerated` | Enable autogenerated certificates | `false` |
| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` |
| `tls.certificatesSecret` | DEPRECATED. Use existingSecret instead. | `""` |
| `tls.certFilename` | Certificate filename | `""` |
| `tls.certKeyFilename` | Certificate Key filename | `""` |
| `tls.certCAFilename` | CA Certificate filename | `""` |
| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` |
### Metrics Parameters
| Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------ | ------------------------ |
| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis™ metrics | `false` |
| `metrics.image.registry` | Redis™ Exporter image registry | `docker.io` |
| `metrics.image.repository` | Redis™ Exporter image repository | `bitnami/redis-exporter` |
| `metrics.image.tag` | Redis™ Redis™ Exporter image tag (immutable tags are recommended) | `1.31.4-debian-10-r11` |
| `metrics.image.pullPolicy` | Redis™ Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Redis™ Exporter image pull secrets | `[]` |
| `metrics.redisTargetHost` | A way to specify an alternative Redis™ hostname | `localhost` |
| `metrics.extraArgs` | Extra arguments for Redis™ exporter, for example: | `{}` |
| `metrics.containerSecurityContext.enabled` | Enabled Redis™ exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.runAsUser` | Set Redis™ exporter containers' Security Context runAsUser | `1001` |
| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ metrics sidecar | `[]` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ metrics sidecar | `[]` |
| `metrics.resources.limits` | The resources limits for the Redis™ exporter container | `{}` |
| `metrics.resources.requests` | The requested resources for the Redis™ exporter container | `{}` |
| `metrics.podLabels` | Extra labels for Redis™ exporter pods | `{}` |
| `metrics.podAnnotations` | Annotations for Redis™ exporter pods | `{}` |
| `metrics.service.type` | Redis™ exporter service type | `ClusterIP` |
| `metrics.service.port` | Redis™ exporter service port | `9121` |
| `metrics.service.externalTrafficPolicy` | Redis™ exporter service external traffic policy | `Cluster` |
| `metrics.service.loadBalancerIP` | Redis™ exporter service Load Balancer IP | `""` |
| `metrics.service.loadBalancerSourceRanges` | Redis™ exporter service Load Balancer sources | `[]` |
| `metrics.service.annotations` | Additional custom annotations for Redis™ exporter service | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` |
| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` |
| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` |
### Init Container Parameters
| Name | Description | Value |
| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r265` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` |
| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r265` |
| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` |
| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` |
| `sysctl.resources.limits` | The resources limits for the init container | `{}` |
| `sysctl.resources.requests` | The requested resources for the init container | `{}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install my-release \
--set auth.password=secretpassword \
bitnami/redis
```
The above command sets the Redis™ server password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install my-release -f values.yaml bitnami/redis
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Use a different Redis™ version
To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis/configuration/change-image-version/).
### Cluster topologies
#### Default: Master-Replicas
When installing the chart with `architecture=replication`, it will deploy a Redis™ master StatefulSet (only one master node allowed) and a Redis™ replicas StatefulSet. The replicas will be read-replicas of the master. Two services will be exposed:
- Redis™ Master service: Points to the master, where read-write operations can be performed
- Redis™ Replicas service: Points to the replicas, where only read operations are allowed.
In case the master crashes, the replicas will wait until the master node is respawned again by the Kubernetes Controller Manager.
#### Standalone
When installing the chart with `architecture=standalone`, it will deploy a standalone Redis™ StatefulSet (only one node allowed) and a Redis™ replicas StatefulSet. A single service will be exposed:
- Redis™ Master service: Points to the master, where read-write operations can be performed
#### Master-Replicas with Sentinel
When installing the chart with `architecture=replication` and `sentinel.enabled=true`, it will deploy a Redis™ master StatefulSet (only one master allowed) and a Redis™ replicas StatefulSet. In this case, the pods will contain an extra container with Redis™ Sentinel. This container will form a cluster of Redis™ Sentinel nodes, which will promote a new master in case the actual one fails. In addition to this, only one service is exposed:
- Redis™ service: Exposes port 6379 for Redis™ read-only operations and port 26379 for accessing Redis™ Sentinel.
For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis™ Sentinel cluster and query the current master using the command below (using redis-cli or similar):
```
SENTINEL get-master-addr-by-name <name of your MasterSet. e.g: mymaster>
```
This command will return the address of the current master, which can be accessed from inside the cluster.
In case the current master crashes, the Sentinel containers will elect a new master node.
### Using a password file
To use a password file for Redis&trade; you need to create a secret containing the password and then deploy the chart using that secret.
Refer to the chart documentation for more information on [using a password file for Redis&trade;](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/use-password-file/).
### Securing traffic using TLS
TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart:
- `tls.enabled`: Enable TLS support. Defaults to `false`
- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults.
- `tls.certFilename`: Certificate filename. No defaults.
- `tls.certKeyFilename`: Certificate key filename. No defaults.
- `tls.certCAFilename`: CA Certificate filename. No defaults.
Refer to the chart documentation for more information on [creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/).
### Metrics
The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint.
If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/redis_exporter#command-line-flags). For example:
You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication:
```console
tls-client-key-file
tls-client-cert-file
tls-ca-cert-file
```
### Host Kernel Settings
Redis&trade; may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
Refer to the chart documentation for more information on [configuring host kernel settings with an example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/configure-kernel-settings/).
## Persistence
By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation.
### Existing PersistentVolumeClaim
1. Create the PersistentVolume
2. Create the PersistentVolumeClaim
3. Install the chart
```bash
$ helm install my-release --set master.persistence.existingClaim=PVC_NAME bitnami/redis
```
## Backup and restore
Refer to the chart documentation for more information on [backing up and restoring Redis&trade; deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/backup-restore/).
## NetworkPolicy
To enable network policy for Redis&trade;, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
Refer to the chart documenation for more information on [enabling the network policy in Redis&trade; deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-network-policy/).
### Setting Pod's affinity
This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more infomation about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnamis Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
### To 15.0.0
The parameter to enable the usage of StaticIDs was removed. The behavior is to [always use StaticIDs](https://github.com/bitnami/charts/pull/7278).
### To 14.8.0
The Redis&trade; sentinel exporter was removed in this version because the upstream project was deprecated. The regular Redis&trade; exporter is included in the sentinel scenario as usual.
### To 14.0.0
- Several parameters were renamed or disappeared in favor of new ones on this major version:
- The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`.
- Credentials parameter are reorganized under the `auth` parameter.
- `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`.
- `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`.
- `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones.
- New parameters to add custom command, environment variables, sidecars, init containers, etc. were added.
- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels).
- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami-labs/readme-generator-for-helm).
Consequences:
Backwards compatibility is not guaranteed. To upgrade to `14.0.0`, install a new release of the Redis&trade; chart, and migrate the data from your previous release. You have 2 alternatives to do so:
- Create a backup of the database, and restore it on the new release as explained in the [Backup and restore](#backup-and-restore) section.
- Reuse the PVC used to hold the master data on your previous release. To do so, use the `master.persistence.existingClaim` parameter. The following example assumes that the release name is `redis`:
```bash
$ helm install redis bitnami/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC]
```
| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[PASSWORD]_ with the password used in your previous release.
### To 13.0.0
This major version updates the Redis&trade; docker image version used from `6.0` to `6.2`, the new stable version. There are no major changes in the chart and there shouldn't be any breaking changes in it as `6.2` is basically a stricter superset of `6.0`. For more information, please refer to [Redis&trade; 6.2 release notes](https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES).
### To 12.3.0
This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
### To 12.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
### To 11.0.0
When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml`
### To 9.0.0
The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis&trade; exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter).
### To 7.0.0
In order to improve the performance in case of slave failure, we added persistence to the read-only slaves. That means that we moved from Deployment to StatefulSets. This should not affect upgrades from previous versions of the chart, as the deployments did not contain any persistence at all.
This version also allows enabling Redis&trade; Sentinel containers inside of the Redis&trade; Pods (feature disabled by default). In case the master crashes, a new Redis&trade; node will be elected as master. In order to query the current master (no redis master service is exposed), you need to query first the Sentinel cluster. Find more information [in this section](#master-slave-with-sentinel).
### To 11.0.0
When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version.
### To 10.0.0
For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases:
- Using a version of redis-sentinel prior to `5.0.1` where the authentication feature was introduced.
- Where redis clients need to be updated to support sentinel authentication.
If using a master/slave topology, or with `usePassword: false`, no action is required.
### To 8.0.18
For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details.
### To 7.0.0
This version causes a change in the Redis&trade; Master StatefulSet definition, so the command helm upgrade would not work out of the box. As an alternative, one of the following could be done:
- Recommended: Create a clone of the Redis&trade; Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC.
```
helm install my-release bitnami/redis --set persistence.existingClaim=<NEW PVC>
```
- Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis&trade; Master StatefulSet. As a consequence, the following commands can be done to upgrade the release
```
helm delete --purge <RELEASE>
helm install <RELEASE> bitnami/redis
```
Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters.
Some values have changed as well:
- `master.port` and `slave.port` have been changed to `redisPort` (same value for both master and slaves)
- `master.securityContext` and `slave.securityContext` have been changed to `securityContext`(same values for both master and slaves)
By default, the upgrade will not change the cluster topology. In case you want to use Redis&trade; Sentinel, you must explicitly set `sentinel.enabled` to `true`.
### To 6.0.0
Previous versions of the chart were using an init-container to change the permissions of the volumes. This was done in case the `securityContext` directive in the template was not enough for that (for example, with cephFS). In this new version of the chart, this container is disabled by default (which should not affect most of the deployments). If your installation still requires that init container, execute `helm upgrade` with the `--set volumePermissions.enabled=true`.
### To 5.0.0
The default image in this release may be switched out for any image containing the `redis-server`
and `redis-cli` binaries. If `redis-server` is not the default image ENTRYPOINT, `master.command`
must be specified.
#### Breaking changes
- `master.args` and `slave.args` are removed. Use `master.command` or `slave.command` instead in order to override the image entrypoint, or `master.extraFlags` to pass additional flags to `redis-server`.
- `disableCommands` is now interpreted as an array of strings instead of a string of comma separated values.
- `master.persistence.path` now defaults to `/data`.
### To 4.0.0
This version removes the `chart` label from the `spec.selector.matchLabels`
which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently
added, causing any subsequent upgrade to fail. See https://github.com/helm/charts/issues/7726.
It also fixes https://github.com/helm/charts/issues/7726 where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set.
Finally, it fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable.
In order to upgrade, delete the Redis&trade; StatefulSet before upgrading:
```bash
kubectl delete statefulsets.apps --cascade=false my-release-redis-master
```
And edit the Redis&trade; slave (and metrics if enabled) deployment:
```bash
kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
```

12
redis/ci/extra-flags-values.yaml Normal file
View File

@ -0,0 +1,12 @@
master:
extraFlags:
- --maxmemory-policy allkeys-lru
persistence:
enabled: false
replica:
extraFlags:
- --maxmemory-policy allkeys-lru
persistence:
enabled: false
auth:
enabled: false

6
redis/ci/sentinel-values.yaml Normal file
View File

@ -0,0 +1,6 @@
sentinel:
enabled: true
metrics:
enabled: true
sentinel:
enabled: true

1
redis/ci/standalone-values.yaml Normal file
View File

@ -0,0 +1 @@
architecture: standalone

BIN
redis/img/redis-cluster-topology.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
redis/img/redis-topology.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.5 KiB

200
redis/templates/NOTES.txt Normal file
View File

@ -0,0 +1,200 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
For Redis:
/opt/bitnami/scripts/redis/entrypoint.sh /opt/bitnami/scripts/redis/run.sh
{{- if .Values.sentinel.enabled }}
For Redis Sentinel:
/opt/bitnami/scripts/redis-sentinel/entrypoint.sh /opt/bitnami/scripts/redis-sentinel/run.sh
{{- end }}
{{- else }}
{{- if contains .Values.master.service.type "LoadBalancer" }}
{{- if not .Values.auth.enabled }}
{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }}
-------------------------------------------------------------------------------
WARNING
By specifying "master.service.type=LoadBalancer" and "auth.enabled=false" you have
most likely exposed the Redis&trade; service externally without any authentication
mechanism.
For security reasons, we strongly suggest that you switch to "ClusterIP" or
"NodePort". As alternative, you can also switch to "auth.enabled=true"
providing a valid password on "password" parameter.
-------------------------------------------------------------------------------
{{- end }}
{{- end }}
{{- end }}
{{- if eq .Values.architecture "replication" }}
{{- if .Values.sentinel.enabled }}
Redis&trade; can be accessed via port {{ .Values.sentinel.service.port }} on the following DNS name from within your cluster:
{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations
For read/write operations, first access the Redis&trade; Sentinel cluster, which is available in port {{ .Values.sentinel.service.sentinelPort }} using the same domain name above.
{{- else }}
Redis&trade; can be accessed on the following DNS names from within your cluster:
{{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.port }})
{{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.port }})
{{- end }}
{{- else }}
Redis&trade; can be accessed via port {{ .Values.master.service.port }} on the following DNS name from within your cluster:
{{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- end }}
{{ if .Values.auth.enabled }}
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 --decode)
{{- end }}
To connect to your Redis&trade; server:
1. Run a Redis&trade; pod that you can use as a client:
kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDISCLI_AUTH=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
{{- if .Values.tls.enabled }}
Copy your TLS certificates to the pod:
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key
kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert
{{- end }}
Use the following command to attach to the pod:
kubectl exec --tty -i redis-client \
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
--namespace {{ .Release.Namespace }} -- bash
2. Connect using the Redis&trade; CLI:
{{- if eq .Values.architecture "replication" }}
{{- if .Values.sentinel.enabled }}
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.port }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.sentinelPort }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access
{{- else }}
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-master" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
{{- else }}
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }}-master{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to redis.
{{- else }}
To connect to your database from outside the cluster execute the following commands:
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
{{- if contains "NodePort" .Values.sentinel.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "LoadBalancer" .Values.sentinel.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.port }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "ClusterIP" .Values.sentinel.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.port }}:{{ .Values.sentinel.service.port }} &
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.port }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
{{- else }}
{{- if contains "NodePort" .Values.master.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "LoadBalancer" .Values.master.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.port }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "ClusterIP" .Values.master.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.port }}:{{ .Values.master.service.port }} &
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.port }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- include "redis.checkRollingTags" . }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "common.warnings.rollingTag" .Values.sysctl.image }}
{{- include "redis.validateValues" . }}
{{- $requiredPassword := list -}}
{{- $secretName := include "redis.secretName" . -}}
{{- $secretPasswordKey := include "redis.secretPasswordKey" . -}}
{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (not .Values.global.redis.password) -}}
{{- $requiredRedisPassword := dict "valueKey" "auth.password" "secret" $secretName "field" $secretPasswordKey -}}
{{- $requiredPassword = append $requiredPassword $requiredRedisPassword -}}
{{- end -}}
{{- $requiredRedisPasswordErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPassword "context" $) -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredRedisPasswordErrors) "context" $) -}}
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }}
{{- if $.Values.sentinel.service.nodePorts.sentinel }}
No need to upgrade, ports and nodeports have been set from values
{{- else }}
#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!#
YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED
{{- end }}
{{- end }}

261
redis/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,261 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Redis image name
*/}}
{{- define "redis.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Redis Sentinel image name
*/}}
{{- define "redis.sentinel.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the metrics image)
*/}}
{{- define "redis.metrics.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "redis.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return sysctl image
*/}}
{{- define "redis.sysctl.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "redis.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.sysctl.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiGroup for PodSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiGroup" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy" -}}
{{- else -}}
{{- print "extensions" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS secret object should be created
*/}}
{{- define "redis.createTlsSecret" -}}
{{- if and .Values.tls.enabled .Values.tls.autoGenerated (and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret)) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the secret containing Redis TLS certificates
*/}}
{{- define "redis.tlsSecretName" -}}
{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the cert file.
*/}}
{{- define "redis.tlsCert" -}}
{{- if (include "redis.createTlsSecret" . ) -}}
{{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}}
{{- else -}}
{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the cert key file.
*/}}
{{- define "redis.tlsCertKey" -}}
{{- if (include "redis.createTlsSecret" . ) -}}
{{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}}
{{- else -}}
{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the CA cert file.
*/}}
{{- define "redis.tlsCACert" -}}
{{- if (include "redis.createTlsSecret" . ) -}}
{{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}}
{{- else -}}
{{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the DH params file.
*/}}
{{- define "redis.tlsDHParams" -}}
{{- if .Values.tls.dhParamsFilename -}}
{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "redis.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the configuration configmap name
*/}}
{{- define "redis.configmapName" -}}
{{- if .Values.existingConfigmap -}}
{{- printf "%s" (tpl .Values.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s-configuration" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a configmap object should be created
*/}}
{{- define "redis.createConfigmap" -}}
{{- if empty .Values.existingConfigmap }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Get the password secret.
*/}}
{{- define "redis.secretName" -}}
{{- if .Values.auth.existingSecret -}}
{{- printf "%s" .Values.auth.existingSecret -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the password key to be retrieved from Redis&trade; secret.
*/}}
{{- define "redis.secretPasswordKey" -}}
{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}}
{{- printf "%s" .Values.auth.existingSecretPasswordKey -}}
{{- else -}}
{{- printf "redis-password" -}}
{{- end -}}
{{- end -}}
{{/*
Return Redis&trade; password
*/}}
{{- define "redis.password" -}}
{{- if not (empty .Values.global.redis.password) }}
{{- .Values.global.redis.password -}}
{{- else if not (empty .Values.auth.password) -}}
{{- .Values.auth.password -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}
{{/* Check if there are rolling tags in the images */}}
{{- define "redis.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.sentinel.image }}
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "redis.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "redis.validateValues.spreadConstraints" .) -}}
{{- $messages := append $messages (include "redis.validateValues.architecture" .) -}}
{{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}}
{{- $messages := append $messages (include "redis.validateValues.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&trade; - spreadConstrainsts K8s version */}}
{{- define "redis.validateValues.spreadConstraints" -}}
{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.spreadConstraints -}}
redis: spreadConstraints
Pod Topology Spread Constraints are only available on K8s >= 1.16
Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&trade; - must provide a valid architecture */}}
{{- define "redis.validateValues.architecture" -}}
{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}}
redis: architecture
Invalid architecture selected. Valid values are "standalone" and
"replication". Please set a valid architecture (--set architecture="xxxx")
{{- end -}}
{{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }}
redis: architecture
Using redis sentinel on standalone mode is not supported.
To deploy redis sentinel, please select the "replication" mode
(--set "architecture=replication,sentinel.enabled=true")
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&trade; - PodSecurityPolicy create */}}
{{- define "redis.validateValues.podSecurityPolicy.create" -}}
{{- if and .Values.podSecurityPolicy.create (not .Values.podSecurityPolicy.enabled) }}
redis: podSecurityPolicy.create
In order to create PodSecurityPolicy, you also need to enable
podSecurityPolicy.enabled field
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&trade; - TLS enabled */}}
{{- define "redis.validateValues.tls" -}}
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }}
redis: tls.enabled
In order to enable TLS, you also need to provide
an existing secret containing the TLS certificates or
enable auto-generated certificates.
{{- end -}}
{{- end -}}

60
redis/templates/configmap.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if (include "redis.createConfigmap" .) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-configuration" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
redis.conf: |-
# User-supplied common configuration:
{{- if .Values.commonConfiguration }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }}
{{- end }}
# End of common configuration
master.conf: |-
dir {{ .Values.master.persistence.path }}
# User-supplied master configuration:
{{- if .Values.master.configuration }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.configuration "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.master.disableCommands }}
{{- range .Values.master.disableCommands }}
rename-command {{ . }} ""
{{- end }}
{{- end }}
# End of master configuration
replica.conf: |-
dir {{ .Values.replica.persistence.path }}
slave-read-only yes
# User-supplied replica configuration:
{{- if .Values.replica.configuration }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.replica.disableCommands }}
{{- range .Values.replica.disableCommands }}
rename-command {{ . }} ""
{{- end }}
{{- end }}
# End of replica configuration
{{- if .Values.sentinel.enabled }}
sentinel.conf: |-
dir "/tmp"
port {{ .Values.sentinel.containerPort }}
sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.port }} {{ .Values.sentinel.quorum }}
sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
# User-supplied sentinel configuration:
{{- if .Values.sentinel.configuration }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }}
{{- end }}
# End of sentinel configuration
{{- end }}
{{- end }}

4
redis/templates/extra-list.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

28
redis/templates/headless-svc.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
{{- if .Values.sentinel.enabled }}
publishNotReadyAddresses: true
{{- end }}
ports:
- name: tcp-redis
port: {{ if .Values.sentinel.enabled }}{{ .Values.sentinel.service.port }}{{ else }}{{ .Values.master.service.port }}{{ end }}
targetPort: redis
{{- if .Values.sentinel.enabled }}
- name: tcp-sentinel
port: {{ .Values.sentinel.service.sentinelPort }}
targetPort: redis-sentinel
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

170
redis/templates/health-configmap.yaml Normal file
View File

@ -0,0 +1,170 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-health" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
ping_readiness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_PORT \
{{- end }}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_PORT \
{{- end }}
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
{{- if .Values.sentinel.enabled }}
ping_sentinel.sh: |-
#!/bin/bash
{{- if .Values.auth.sentinel }}
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
{{- end }}
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_SENTINEL_TLS_PORT_NUMBER \
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- else }}
-p $REDIS_SENTINEL_PORT \
{{- end }}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
parse_sentinels.awk: |-
/ip/ {FOUND_IP=1}
/port/ {FOUND_PORT=1}
/runid/ {FOUND_RUNID=1}
!/ip|port|runid/ {
if (FOUND_IP==1) {
IP=$1; FOUND_IP=0;
}
else if (FOUND_PORT==1) {
PORT=$1;
FOUND_PORT=0;
} else if (FOUND_RUNID==1) {
printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0;
}
}
{{- end }}
ping_readiness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
{{- if .Values.tls.enabled }}
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
{{- if .Values.tls.enabled }}
--tls \
--cacert {{ template "redis.tlsCACert" . }} \
{{- if .Values.tls.authClients }}
--cert {{ template "redis.tlsCert" . }} \
--key {{ template "redis.tlsCertKey" . }} \
{{- end }}
{{- end }}
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status

46
redis/templates/master/psp.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.podSecurityPolicy.create }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ printf "%s-master" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.master.podSecurityContext.fsGroup }}
max: {{ .Values.master.podSecurityContext.fsGroup }}
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.master.containerSecurityContext.runAsUser }}
max: {{ .Values.master.containerSecurityContext.runAsUser }}
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.master.containerSecurityContext.runAsUser }}
max: {{ .Values.master.containerSecurityContext.runAsUser }}
volumes:
- 'configMap'
- 'secret'
- 'emptyDir'
- 'persistentVolumeClaim'
{{- end }}

46
redis/templates/master/service.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if not .Values.sentinel.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-master" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.master.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.master.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.master.service.type }}
{{ if eq .Values.master.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if and (eq .Values.master.service.type "ClusterIP") .Values.master.service.clusterIP }}
clusterIP: {{ .Values.master.service.clusterIP }}
{{- end }}
ports:
- name: tcp-redis
port: {{ .Values.master.service.port }}
targetPort: redis
{{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) .Values.master.service.nodePort }}
nodePort: {{ .Values.master.service.nodePort }}
{{- else if eq .Values.master.service.type "ClusterIP" }}
nodePort: null
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: master
{{- end }}

443
redis/templates/master/statefulset.yaml Normal file
View File

@ -0,0 +1,443 @@
{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ printf "%s-master" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: 1
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: master
serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }}
{{- if .Values.master.updateStrategy }}
updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: master
{{- if .Values.master.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.podLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }}
{{- end }}
annotations:
{{- if (include "redis.createConfigmap" .) }}
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.master.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
spec:
{{- include "redis.imagePullSecrets" . | nindent 6 }}
{{- if .Values.master.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.podSecurityContext.enabled }}
securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "redis.serviceAccountName" . }}
{{- if .Values.master.priorityClassName }}
priorityClassName: {{ .Values.master.priorityClassName | quote }}
{{- end }}
{{- if .Values.master.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.master.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.spreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.spreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.master.shareProcessNamespace }}
{{- end }}
{{- if .Values.master.schedulerName }}
schedulerName: {{ .Values.master.schedulerName | quote }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }}
containers:
- name: redis
image: {{ template "redis.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.master.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.master.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.master.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.master.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }}
{{- else }}
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
{{- if .Values.auth.enabled }}
{{- if .Values.auth.usePasswordFiles }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- end }}
- name: REDIS_TLS_ENABLED
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_PORT
value: {{ .Values.master.containerPort | quote }}
- name: REDIS_TLS_AUTH_CLIENTS
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
{{- end }}
{{- else }}
- name: REDIS_PORT
value: {{ .Values.master.containerPort | quote }}
{{- end }}
{{- if .Values.master.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
envFrom:
{{- if .Values.master.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.master.extraEnvVarsCM }}
{{- end }}
{{- if .Values.master.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.master.extraEnvVarsSecret }}
{{- end }}
{{- end }}
ports:
- name: redis
containerPort: {{ .Values.master.containerPort }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.master.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }}
{{- else if .Values.master.customLivenessProbe }}
livenessProbe: {{- toYaml .Values.master.customLivenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.master.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }}
{{- else if .Values.master.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.master.resources }}
resources: {{- toYaml .Values.master.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
- name: redis-data
mountPath: {{ .Values.master.persistence.path }}
subPath: {{ .Values.master.persistence.subPath }}
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
- name: tmp
mountPath: /tmp
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.master.extraVolumeMounts }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ include "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
- -c
- |
if [[ -f '/secrets/redis-password' ]]; then
export REDIS_PASSWORD=$(cat /secrets/redis-password)
fi
redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: REDIS_ALIAS
value: {{ template "common.names.fullname" . }}
{{- if .Values.auth.enabled }}
- name: REDIS_USER
value: default
{{- if (not .Values.auth.usePasswordFiles) }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: REDIS_ADDR
value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.master.containerPort }}
{{- if .Values.tls.authClients }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
{{- end }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
ports:
- name: metrics
containerPort: 9121
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.metrics.extraVolumeMounts }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.master.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.master.podSecurityContext.enabled .Values.master.containerSecurityContext.enabled }}
{{- if or .Values.master.initContainers $needsVolumePermissions .Values.sysctl.enabled }}
initContainers:
{{- if .Values.master.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if $needsVolumePermissions }}
- name: volume-permissions
image: {{ include "redis.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }}
{{- else }}
chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }} {{ .Values.master.persistence.path }}
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: redis-data
mountPath: {{ .Values.master.persistence.path }}
subPath: {{ .Values.master.persistence.subPath }}
{{- end }}
{{- if .Values.sysctl.enabled }}
- name: init-sysctl
image: {{ include "redis.sysctl.image" . }}
imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }}
securityContext:
privileged: true
runAsUser: 0
{{- if .Values.sysctl.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.resources }}
resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: start-scripts
configMap:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
defaultMode: 0755
- name: health
configMap:
name: {{ printf "%s-health" (include "common.names.fullname" .) }}
defaultMode: 0755
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- end }}
- name: config
configMap:
name: {{ include "redis.configmapName" . }}
{{- if .Values.sysctl.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
- name: redis-tmp-conf
{{- if .Values.master.persistence.medium }}
emptyDir: {
medium: {{ .Values.master.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if .Values.master.persistence.medium }}
emptyDir: {
medium: {{ .Values.master.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
secret:
secretName: {{ include "redis.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.master.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumes "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }}
{{- end }}
{{- if not .Values.master.persistence.enabled }}
- name: redis-data
{{- if .Values.master.persistence.medium }}
emptyDir: {
medium: {{ .Values.master.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
{{- else if .Values.master.persistence.existingClaim }}
- name: redis-data
persistentVolumeClaim:
claimName: {{ printf "%s" (tpl .Values.master.persistence.existingClaim .) }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: master
{{- if .Values.master.persistence.annotations }}
annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.master.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.master.persistence.size | quote }}
{{- if .Values.master.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.master.persistence.dataSource }}
dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }}
{{- end }}
{{- end }}

38
redis/templates/metrics-svc.yaml Normal file
View File

@ -0,0 +1,38 @@
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
{{- if eq .Values.metrics.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }}
{{- end }}
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.metrics.service.port }}
protocol: TCP
targetPort: metrics
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
{{- end }}

78
redis/templates/networkpolicy.yaml Normal file
View File

@ -0,0 +1,78 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
policyTypes:
- Ingress
{{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }}
- Egress
egress:
{{- if eq .Values.architecture "replication" }}
# Allow dns resolution
- ports:
- port: 53
protocol: UDP
# Allow outbound connections to other cluster pods
- ports:
- port: {{ .Values.master.containerPort }}
{{- if .Values.sentinel.enabled }}
- port: {{ .Values.sentinel.containerPort }}
{{- end }}
to:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
# Allow inbound connections
- ports:
- port: {{ .Values.master.containerPort }}
{{- if .Values.sentinel.enabled }}
- port: {{ .Values.sentinel.containerPort }}
{{- end }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: 9121
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

23
redis/templates/pdb.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pdb.minAvailable }}
minAvailable: {{ .Values.pdb.minAvailable }}
{{- end }}
{{- if .Values.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- end }}

27
redis/templates/prometheusrule.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "common.names.fullname" . }}
{{- if .Values.metrics.prometheusRule.namespace }}
namespace: {{ .Values.metrics.prometheusRule.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- with .Values.metrics.prometheusRule.rules }}
groups:
- name: {{ template "common.names.name" $ }}
rules: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- end }}

35
redis/templates/replicas/hpa.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- if and .Values.replica.autoscaling.enabled (not .Values.sentinel.enabled) }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: StatefulSet
name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
minReplicas: {{ .Values.replica.autoscaling.minReplicas }}
maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }}
metrics:
{{- if .Values.replica.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }}
{{- end }}
{{- if .Values.replica.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }}
{{- end }}
{{- end }}

46
redis/templates/replicas/service.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.replica.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.replica.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.replica.service.type }}
{{- if eq .Values.replica.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.replica.service.externalTrafficPolicy }}
{{- end }}
{{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if and (eq .Values.replica.service.type "ClusterIP") .Values.replica.service.clusterIP }}
clusterIP: {{ .Values.replica.service.clusterIP }}
{{- end }}
ports:
- name: tcp-redis
port: {{ .Values.replica.service.port }}
targetPort: redis
{{- if and (or (eq .Values.replica.service.type "NodePort") (eq .Values.replica.service.type "LoadBalancer")) .Values.replica.service.nodePort }}
nodePort: {{ .Values.replica.service.nodePort }}
{{- else if eq .Values.replica.service.type "ClusterIP" }}
nodePort: null
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: replica
{{- end }}

443
redis/templates/replicas/statefulset.yaml Normal file
View File

@ -0,0 +1,443 @@
{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.replica.autoscaling.enabled }}
replicas: {{ .Values.replica.replicaCount }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: replica
serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }}
{{- if .Values.replica.updateStrategy }}
updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: replica
{{- if .Values.replica.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }}
{{- end }}
annotations:
{{- if (include "redis.createConfigmap" .) }}
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.replica.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
spec:
{{- include "redis.imagePullSecrets" . | nindent 6 }}
{{- if .Values.replica.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.podSecurityContext.enabled }}
securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "redis.serviceAccountName" . }}
{{- if .Values.replica.priorityClassName }}
priorityClassName: {{ .Values.replica.priorityClassName | quote }}
{{- end }}
{{- if .Values.replica.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "replica" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "replica" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.replica.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.spreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.spreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }}
{{- end }}
{{- if .Values.replica.schedulerName }}
schedulerName: {{ .Values.replica.schedulerName | quote }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.replica.terminationGracePeriodSeconds }}
containers:
- name: redis
image: {{ template "redis.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.replica.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.replica.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.replica.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.replica.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }}
{{- else }}
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-replica.sh
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
- name: REDIS_MASTER_PORT_NUMBER
value: {{ .Values.master.containerPort | quote }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
{{- if .Values.auth.enabled }}
{{- if .Values.auth.usePasswordFiles }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
- name: REDIS_MASTER_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- end }}
- name: REDIS_TLS_ENABLED
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_PORT
value: {{ .Values.replica.containerPort | quote }}
- name: REDIS_TLS_AUTH_CLIENTS
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
{{- end }}
{{- else }}
- name: REDIS_PORT
value: {{ .Values.replica.containerPort | quote }}
{{- end }}
{{- if .Values.replica.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.replica.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }}
envFrom:
{{- if .Values.replica.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.replica.extraEnvVarsCM }}
{{- end }}
{{- if .Values.replica.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.replica.extraEnvVarsSecret }}
{{- end }}
{{- end }}
ports:
- name: redis
containerPort: {{ .Values.replica.containerPort }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.replica.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }}
timeoutSeconds: {{ add1 .Values.replica.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.replica.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold}}
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh {{ .Values.replica.livenessProbe.timeoutSeconds }}
{{- else if .Values.replica.customLivenessProbe }}
livenessProbe: {{- toYaml .Values.replica.customLivenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.replica.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }}
timeoutSeconds: {{ add1 .Values.replica.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.replica.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh {{ .Values.replica.readinessProbe.timeoutSeconds }}
{{- else if .Values.replica.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.replica.customReadinessProbe | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.replica.resources }}
resources: {{- toYaml .Values.replica.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
- name: redis-data
mountPath: /data
subPath: {{ .Values.replica.persistence.subPath }}
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.replica.extraVolumeMounts }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ include "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
- -c
- |
if [[ -f '/secrets/redis-password' ]]; then
export REDIS_PASSWORD=$(cat /secrets/redis-password)
fi
redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: REDIS_ALIAS
value: {{ template "common.names.fullname" . }}
{{- if .Values.auth.enabled }}
- name: REDIS_USER
value: default
{{- if (not .Values.auth.usePasswordFiles) }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: REDIS_ADDR
value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPort }}
{{- if .Values.tls.authClients }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
{{- end }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
ports:
- name: metrics
containerPort: 9121
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.metrics.extraVolumeMounts }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.replica.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }}
{{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }}
initContainers:
{{- if .Values.replica.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if $needsVolumePermissions }}
- name: volume-permissions
image: {{ include "redis.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }}
{{- else }}
chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }}
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: redis-data
mountPath: {{ .Values.replica.persistence.path }}
subPath: {{ .Values.replica.persistence.subPath }}
{{- end }}
{{- if .Values.sysctl.enabled }}
- name: init-sysctl
image: {{ include "redis.sysctl.image" . }}
imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }}
securityContext:
privileged: true
runAsUser: 0
{{- if .Values.sysctl.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.resources }}
resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: start-scripts
configMap:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
defaultMode: 0755
- name: health
configMap:
name: {{ printf "%s-health" (include "common.names.fullname" .) }}
defaultMode: 0755
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- end }}
- name: config
configMap:
name: {{ include "redis.configmapName" . }}
{{- if .Values.sysctl.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
- name: redis-tmp-conf
{{- if .Values.replica.persistence.medium }}
emptyDir: {
medium: {{ .Values.replica.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
secret:
secretName: {{ include "redis.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.replica.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }}
{{- end }}
{{- if not .Values.replica.persistence.enabled }}
- name: redis-data
{{- if .Values.replica.persistence.medium }}
emptyDir: {
medium: {{ .Values.replica.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: replica
{{- if .Values.replica.persistence.annotations }}
annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.replica.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.replica.persistence.size | quote }}
{{- if .Values.replica.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.replica.persistence.dataSource }}
dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.dataSource "context" $) | nindent 10 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }}
{{- end }}
{{- end }}

28
redis/templates/role.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if .Values.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.podSecurityPolicy.enabled }}
- apiGroups:
- '{{ template "podSecurityPolicy.apiGroup" . }}'
resources:
- 'podsecuritypolicies'
verbs:
- 'use'
resourceNames: [{{ template "common.names.fullname" . }}]
{{- end }}
{{- if .Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
{{- end }}

21
redis/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "common.names.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "redis.serviceAccountName" . }}
{{- end }}

607
redis/templates/scripts-configmap.yaml Normal file
View File

@ -0,0 +1,607 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
start-node.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo {{ .Values.sentinel.containerPort }}
;;
"REDIS")
echo {{ .Values.master.containerPort }}
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
{{- if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}"
{{- else }}
echo "${hostname}.${HEADLESS_SERVICE}"
{{- end}}
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
myip=$(hostname -i)
# If there are more than one IP, use the first IPv4 address
if [[ "$myip" = *" "* ]]; then
myip=$(echo $myip | awk '{if ( match($0,/([0-9]+\.)([0-9]+\.)([0-9]+\.)[0-9]+/) ) { print substr($0,RSTART,RLENGTH); } }')
fi
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL")
not_exists_dns_entry() {
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep "^${myip}" )" ]]; then
warn "$HEADLESS_SERVICE does not contain the IP of this pod: ${myip}"
return 1
fi
debug "$HEADLESS_SERVICE has my IP: ${myip}"
return 0
}
validate_quorum() {
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel master {{ .Values.sentinel.masterSet }}"
else
quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel master {{ .Values.sentinel.masterSet }}"
fi
info "about to run the command: $quorum_info_command"
eval $quorum_info_command | grep -Fq "s_down"
}
trigger_manual_failover() {
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.masterSet }}"
else
failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.masterSet }}"
fi
info "about to run the command: $failover_command"
eval $failover_command
}
get_sentinel_master_info() {
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
info "about to run the command: $sentinel_info_command"
eval $sentinel_info_command
}
{{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.replica.persistence.path }}
{{- end }}
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
# Waits for DNS to add this ip to the service DNS entry
retry_while not_exists_dns_entry
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^${myip}")" ]]; then
# Only node available on the network, master by default
export REDIS_REPLICATION_MODE="master"
else
export REDIS_REPLICATION_MODE="slave"
{{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }}
retry_count=1
while validate_quorum
do
info "sleeping, waiting for Redis master to come up"
sleep 1s
if ! ((retry_count % 11)); then
info "Trying to manually failover"
failover_result=$(trigger_manual_failover)
debug "Failover result: $failover_result"
fi
((retry_count+=1))
done
info "Redis master is up now"
{{- end }}
# Fetches current master's host and port
REDIS_SENTINEL_INFO=($(get_sentinel_master_info))
info "printing REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})"
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
fi
if [[ "$REDIS_REPLICATION_MODE" = "master" ]]; then
debug "Starting as master node"
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]]; then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
else
debug "Starting as replica node"
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
echo "" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
if [[ "$REDIS_REPLICATION_MODE" = "slave" ]]; then
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
fi
{{- if .Values.auth.enabled }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
if [[ "$REDIS_REPLICATION_MODE" = "master" ]]; then
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
else
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
fi
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
{{- if .Values.replica.extraFlags }}
{{- range .Values.replica.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.replica.preExecCmds }}
{{- .Values.replica.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.replica.command }}
exec {{ .Values.replica.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
start-sentinel.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libfile.sh
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo {{ .Values.sentinel.containerPort }}
;;
"REDIS")
echo {{ .Values.master.containerPort }}
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
{{- if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}"
{{- else }}
echo "${hostname}.${HEADLESS_SERVICE}"
{{- end}}
}
SERVPORT=$(get_port "$HOSTNAME" "SENTINEL")
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL")
myip=$(hostname -i)
# If there are more than one IP, use the first IPv4 address
if [[ "$myip" = *" "* ]]; then
myip=$(echo $myip | awk '{if ( match($0,/([0-9]+\.)([0-9]+\.)([0-9]+\.)[0-9]+/) ) { print substr($0,RSTART,RLENGTH); } }')
fi
sentinel_conf_set() {
local -r key="${1:?missing key}"
local value="${2:-}"
# Sanitize inputs
value="${value//\\/\\\\}"
value="${value//&/\\&}"
value="${value//\?/\\?}"
[[ "$value" = "" ]] && value="\"$value\""
replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
}
sentinel_conf_add() {
echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf"
}
host_id() {
echo "$1" | openssl sha1 | awk '{print $2}'
}
not_exists_dns_entry() {
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep "^${myip}" )" ]]; then
warn "$HEADLESS_SERVICE does not contain the IP of this pod: ${myip}"
return 1
fi
debug "$HEADLESS_SERVICE has my IP: ${myip}"
return 0
}
get_sentinel_master_info() {
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
info "about to run the command: $sentinel_info_command"
eval $sentinel_info_command
}
# Waits for DNS to add this ip to the service DNS entry
retry_while not_exists_dns_entry
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- if .Values.auth.enabled }}
printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- if and .Values.auth.enabled .Values.auth.sentinel }}
printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- end }}
{{- end }}
printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
if ! $(get_sentinel_master_info); then
# No master found, lets create a master node
export REDIS_REPLICATION_MODE="master"
REDIS_MASTER_HOST=$(get_full_hostname "$HOSTNAME")
REDIS_MASTER_PORT_NUMBER="$REDISPORT"
else
export REDIS_REPLICATION_MODE="slave"
# Fetches current master's host and port
REDIS_SENTINEL_INFO=($(get_sentinel_master_info))
info "printing REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})"
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
fi
sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
add_known_sentinel() {
hostname="$1"
ip="$2"
if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then
sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")"
fi
}
add_known_replica() {
hostname="$1"
ip="$2"
if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$REDIS_MASTER_HOST" ]]; then
sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "REDIS")"
fi
}
# Add available hosts on the network as known replicas & sentinels
for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do
hostname="{{ template "common.names.fullname" . }}-node-$node"
ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')"
add_known_sentinel "$hostname" "$ip"
add_known_replica "$hostname" "$ip"
done
echo "" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
echo "sentinel announce-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
echo "sentinel resolve-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
ARGS+=("--tls-replication" "yes")
ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- end }}
{{- if .Values.sentinel.preExecCmds }}
{{ .Values.sentinel.preExecCmds | nindent 4 }}
{{- end }}
exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
prestop-sentinel.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libos.sh
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
SENTINEL_SERVICE_ENV_NAME={{ printf "%s%s" (upper (include "common.names.fullname" .)| replace "-" "_") "_SERVICE_PORT_TCP_SENTINEL" }}
SENTINEL_SERVICE_PORT=${!SENTINEL_SERVICE_ENV_NAME}
get_full_hostname() {
hostname="$1"
{{- if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}"
{{- else }}
echo "${hostname}.${HEADLESS_SERVICE}"
{{- end}}
}
run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
else
redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" sentinel "$@"
fi
}
failover_finished() {
REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "{{ .Values.sentinel.masterSet }}"))
REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}"
[[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
}
REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
# redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
[[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")"
if ! failover_finished; then
echo "I am the master pod and you are stopping me. Starting sentinel failover"
# if I am the master, issue a command to failover once and then wait for the failover to finish
run_sentinel_command failover "{{ .Values.sentinel.masterSet }}"
if retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then
echo "Master has been successfuly failed over to a different pod."
exit 0
else
echo "Master failover failed"
exit 1
fi
else
exit 0
fi
prestop-redis.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libos.sh
run_redis_command() {
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
redis-cli -h 127.0.0.1 -p "$REDIS_TLS_PORT" --tls --cert "$REDIS_TLS_CERT_FILE" --key "$REDIS_TLS_KEY_FILE" --cacert "$REDIS_TLS_CA_FILE" "$@"
else
redis-cli -h 127.0.0.1 -p ${REDIS_PORT} "$@"
fi
}
failover_finished() {
REDIS_ROLE=$(run_redis_command role | head -1)
[[ "$REDIS_ROLE" != "master" ]]
}
# redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
[[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")"
if ! failover_finished; then
echo "Waiting for sentinel to run failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s"
retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1
else
exit 0
fi
{{- else }}
start-master.sh: |
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
{{- if and .Values.master.containerSecurityContext.runAsUser (eq (.Values.master.containerSecurityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.master.persistence.path }}
{{- end }}
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
{{- if .Values.auth.enabled }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
{{- if .Values.master.extraFlags }}
{{- range .Values.master.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.master.preExecCmds }}
{{ .Values.master.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.master.command }}
exec {{ .Values.master.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
{{- if eq .Values.architecture "replication" }}
start-replica.sh: |
#!/bin/bash
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo {{ .Values.sentinel.containerPort }}
;;
"REDIS")
echo {{ .Values.master.containerPort }}
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
{{- if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}"
{{- else }}
echo "${hostname}.${HEADLESS_SERVICE}"
{{- end}}
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
{{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.replica.persistence.path }}
{{- end }}
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
echo "" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
{{- if .Values.auth.enabled }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
{{- if .Values.replica.extraFlags }}
{{- range .Values.replica.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.replica.preExecCmds }}
{{ .Values.replica.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.replica.command }}
exec {{ .Values.replica.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
{{- end }}
{{- end }}

17
redis/templates/secret.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
redis-password: {{ include "redis.password" . | b64enc | quote }}
{{- end -}}

35
redis/templates/sentinel/hpa.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- if and .Values.replica.autoscaling.enabled .Values.sentinel.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ printf "%s-node" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: StatefulSet
name: {{ printf "%s-node" (include "common.names.fullname" .) }}
minReplicas: {{ .Values.replica.autoscaling.minReplicas }}
maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }}
metrics:
{{- if .Values.replica.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }}
{{- end }}
{{- if .Values.replica.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }}
{{- end }}
{{- end }}

71
redis/templates/sentinel/node-services.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (or .Release.IsUpgrade .Values.sentinel.service.nodePorts.redis )}}
{{- range $i := until (int .Values.replica.replicaCount) }}
{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data}}
{{ $sentinelport := 0}}
{{ $redisport := 0}}
{{- if $portsmap }}
{{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel")}}
{{ $redisport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "redis")}}
{{- else }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" $ }}-node-{{$i}}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
app.kubernetes.io/component: node
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or $.Values.sentinel.service.annotations $.Values.commonAnnotations }}
annotations:
{{- if $.Values.sentinel.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.sentinel.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: NodePort
ports:
- name: sentinel
{{- if $.Values.sentinel.service.nodePorts.sentinel }}
nodePort: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }}
port: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }}
{{- else}}
nodePort: {{ $sentinelport }}
port: {{ $sentinelport }}
{{- end}}
protocol: TCP
targetPort: {{ $.Values.sentinel.containerPort }}
- name: redis
{{- if $.Values.sentinel.service.nodePorts.redis }}
nodePort: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }}
port: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }}
{{- else}}
nodePort: {{ $redisport }}
port: {{ $redisport }}
{{- end}}
protocol: TCP
targetPort: {{ $.Values.replica.containerPort }}
- name: sentinel-internal
nodePort: null
port: {{ $.Values.sentinel.containerPort }}
protocol: TCP
targetPort: {{ $.Values.sentinel.containerPort }}
- name: redis-internal
nodePort: null
port: {{ $.Values.replica.containerPort }}
protocol: TCP
targetPort: {{ $.Values.replica.containerPort }}
selector:
statefulset.kubernetes.io/pod-name: {{ template "common.names.fullname" $ }}-node-{{$i}}
{{- end }}
{{- end }}

100
redis/templates/sentinel/ports-configmap.yaml Normal file
View File

@ -0,0 +1,100 @@
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Values.sentinel.service.nodePorts.redis ) }}
{{- /* create a list to keep track of ports we choose to use */}}
{{ $chosenports := (list ) }}
{{- /* Get list of all used nodeports */}}
{{ $usedports := (list ) }}
{{- range $index, $service := (lookup "v1" "Service" "" "").items }}
{{- range.spec.ports }}
{{- if .nodePort}}
{{- $usedports = (append $usedports .nodePort) }}
{{- end }}
{{- end }}
{{- end }}
{{- /*
comments that start with # are rendered in the output when you debug, so you can less and search for them
Vars in the comment will be rendered out, so you can check their value this way.
https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments
remove the template comments and leave the yaml comments to help debug
*/}}
{{- /* Sort the list */}}
{{$usedports = $usedports | sortAlpha}}
#usedports {{$usedports}}
{{- /* How many nodeports per service do we want to create, except for the main service which is always two */}}
{{$numberofPortsPerNodeService := 2}}
{{- /* for every nodeport we want, loop though the used ports to get an unused port */}}
{{- range $j := until (int (add (mul (int .Values.replica.replicaCount) $numberofPortsPerNodeService) 2)) }}
{{- /* #j={{$j}} */}}
{{- $nodeport := (add $j 30000)}}
{{- $nodeportfound := false}}
{{- range $i := $usedports }}
{{- /* #i={{$i}}
#nodeport={{$nodeport}}
#usedports={{$usedports}} */}}
{{- if and (has (toString $nodeport) $usedports) (eq $nodeportfound false) }}
{{- /* nodeport conflicts with in use */}}
{{- $nodeport = (add $nodeport 1) }}
{{- else if and ( has $nodeport $chosenports) (eq $nodeportfound false)}}
{{- /* nodeport already chosen, try another */}}
{{- $nodeport = (add $nodeport 1) }}
{{- else if (eq $nodeportfound false)}}
{{- /* nodeport free to use: not already claimed and not in use */}}
{{- /* select nodeport, and place into usedports */}}
{{- $chosenports = (append $chosenports $nodeport) }}
{{- $nodeportfound = true}}
{{- else }}
{{- /* nodeport has already been chosen and locked in, just work through the rest of the list to get to the next nodeport selection */}}
{{- end }}
{{- end }}
{{- if (eq $nodeportfound false)}}
{{- $chosenports = (append $chosenports $nodeport) }}
{{- end }}
{{- end }}
{{- /* print the usedports and chosenports for debugging */}}
#usedports {{$usedports}}
#chosenports {{$chosenports}}}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.names.fullname" . }}-ports-configmap
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data}}
{{- if $portsmap }}
{{- /* configmap already exists, do not install again */ -}}
{{- range $name, $value := $portsmap}}
"{{$name}}": "{{$value}}"
{{- end }}
{{- else }}
{{- /* configmap being set for first time */ -}}
{{- range $index, $port := $chosenports }}
{{- $nodenumber := (floor (div $index 2))}}
{{- if (eq $index 0)}}
"{{ template "common.names.fullname" $ }}-sentinel": "{{ $port }}"
{{- else if (eq $index 1)}}
"{{ template "common.names.fullname" $ }}-redis": "{{ $port }}"
{{- else if (eq (mod $index 2) 0)}}
"{{ template "common.names.fullname" $ }}-node-{{(sub $nodenumber 1)}}-sentinel": "{{ $port }}"
{{- else if (eq (mod $index 2) 1)}}
"{{ template "common.names.fullname" $ }}-node-{{(sub $nodenumber 1)}}-redis": "{{ $port }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

96
redis/templates/sentinel/service.yaml Normal file
View File

@ -0,0 +1,96 @@
{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}}
---
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data}}
{{ $sentinelport := 0}}
{{ $redisport := 0}}
{{- if $portsmap }}
{{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel")}}
{{ $redisport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "redis")}}
{{- else }}
{{- end}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: node
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.sentinel.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.sentinel.service.type }}
{{- if eq .Values.sentinel.service.type "LoadBalancer" }}
externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if and (eq .Values.sentinel.service.type "ClusterIP") .Values.sentinel.service.clusterIP }}
clusterIP: {{ .Values.sentinel.service.clusterIP }}
{{- end }}
ports:
- name: tcp-redis
{{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }}
port: {{ .Values.sentinel.service.nodePorts.redis }}
{{- else if eq .Values.sentinel.service.type "NodePort" }}
port: {{ $redisport }}
{{- else}}
port: {{ .Values.sentinel.service.port }}
{{- end }}
targetPort: {{ .Values.replica.containerPort }}
{{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }}
nodePort: {{ .Values.sentinel.service.nodePorts.redis }}
{{- else if eq .Values.sentinel.service.type "ClusterIP" }}
nodePort: null
{{- else if eq .Values.sentinel.service.type "NodePort" }}
nodePort: {{ $redisport }}
{{- end }}
- name: tcp-sentinel
{{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }}
port: {{ .Values.sentinel.service.nodePorts.sentinel }}
{{- else if eq .Values.sentinel.service.type "NodePort" }}
port: {{ $sentinelport }}
{{- else}}
port: {{ .Values.sentinel.service.sentinelPort }}
{{- end }}
targetPort: {{ .Values.sentinel.containerPort }}
{{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }}
nodePort: {{ .Values.sentinel.service.nodePorts.sentinel }}
{{- else if eq .Values.sentinel.service.type "ClusterIP" }}
nodePort: null
{{- else if eq .Values.sentinel.service.type "NodePort" }}
nodePort: {{ $sentinelport }}
{{- end }}
{{- if eq .Values.sentinel.service.type "NodePort" }}
- name: sentinel-internal
nodePort: null
port: {{ .Values.sentinel.containerPort }}
protocol: TCP
targetPort: {{ .Values.sentinel.containerPort }}
- name: redis-internal
nodePort: null
port: {{ .Values.replica.containerPort }}
protocol: TCP
targetPort: {{ .Values.replica.containerPort }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: node
{{- end }}
{{- end }}

612
redis/templates/sentinel/statefulset.yaml Normal file
View File

@ -0,0 +1,612 @@
{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}}
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ printf "%s-node" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: node
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replica.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: node
serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }}
{{- if .Values.replica.updateStrategy }}
updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: node
{{- if .Values.replica.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }}
{{- end }}
annotations:
{{- if (include "redis.createConfigmap" .) }}
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.replica.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
spec:
{{- include "redis.imagePullSecrets" . | nindent 6 }}
{{- if .Values.replica.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.podSecurityContext.enabled }}
securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "redis.serviceAccountName" . }}
{{- if .Values.replica.priorityClassName }}
priorityClassName: {{ .Values.replica.priorityClassName | quote }}
{{- end }}
{{- if .Values.replica.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.replica.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.spreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.spreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.replica.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }}
{{- end }}
{{- if .Values.replica.schedulerName }}
schedulerName: {{ .Values.replica.schedulerName | quote }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }}
containers:
- name: redis
image: {{ template "redis.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.replica.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.replica.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.replica.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.replica.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }}
{{- else }}
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-node.sh
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: REDIS_MASTER_PORT_NUMBER
value: {{ .Values.replica.containerPort | quote }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
{{- if .Values.auth.enabled }}
{{- if .Values.auth.usePasswordFiles }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
- name: REDIS_MASTER_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- end }}
- name: REDIS_TLS_ENABLED
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_PORT
value: {{ .Values.replica.containerPort | quote }}
- name: REDIS_TLS_AUTH_CLIENTS
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis.tlsDHParams" . }}
{{- end }}
{{- else }}
- name: REDIS_PORT
value: {{ .Values.replica.containerPort | quote }}
{{- end }}
- name: REDIS_DATA_DIR
value: {{ .Values.replica.persistence.path }}
{{- if .Values.replica.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }}
envFrom:
{{- if .Values.replica.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.replica.extraEnvVarsCM }}
{{- end }}
{{- if .Values.replica.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.replica.extraEnvVarsSecret }}
{{- end }}
{{- end }}
ports:
- name: redis
containerPort: {{ .Values.replica.containerPort }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.replica.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.replica.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold}}
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }}
{{- else if .Values.replica.customLivenessProbe }}
livenessProbe: {{- toYaml .Values.replica.customLivenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.replica.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.replica.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }}
{{- else if .Values.replica.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.replica.customReadinessProbe | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.replica.resources }}
resources: {{- toYaml .Values.replica.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
- name: redis-data
mountPath: {{ .Values.replica.persistence.path }}
subPath: {{ .Values.replica.persistence.subPath }}
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
- name: tmp
mountPath: /tmp
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.replica.extraVolumeMounts }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
lifecycle:
preStop:
exec:
command:
- /bin/bash
- -c
- /opt/bitnami/scripts/start-scripts/prestop-redis.sh
- name: sentinel
image: {{ template "redis.sentinel.image" . }}
imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
{{- if .Values.sentinel.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sentinel.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.sentinel.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.sentinel.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.sentinel.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }}
{{- else }}
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-sentinel.sh
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }}
{{- if .Values.auth.enabled }}
{{- if .Values.auth.usePasswordFiles }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- else }}
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
{{- end }}
- name: REDIS_SENTINEL_TLS_ENABLED
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: REDIS_SENTINEL_TLS_PORT_NUMBER
value: {{ .Values.sentinel.containerPort | quote }}
- name: REDIS_SENTINEL_TLS_AUTH_CLIENTS
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
- name: REDIS_SENTINEL_TLS_CERT_FILE
value: {{ template "redis.tlsCert" . }}
- name: REDIS_SENTINEL_TLS_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_SENTINEL_TLS_CA_FILE
value: {{ template "redis.tlsCACert" . }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
value: {{ template "redis.tls.dhParamsFilename" . }}
{{- end }}
{{- else }}
- name: REDIS_SENTINEL_PORT
value: {{ .Values.sentinel.containerPort | quote }}
{{- end }}
{{- if .Values.sentinel.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }}
envFrom:
{{- if .Values.sentinel.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.sentinel.extraEnvVarsCM }}
{{- end }}
{{- if .Values.sentinel.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.sentinel.extraEnvVarsSecret }}
{{- end }}
{{- end }}
ports:
- name: redis-sentinel
containerPort: {{ .Values.sentinel.containerPort }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.sentinel.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
{{- else if .Values.sentinel.customLivenessProbe }}
livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }}
{{- end }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.sentinel.readinessProbe.enabled}}
readinessProbe:
initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
{{- else if .Values.sentinel.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
{{- end }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
lifecycle:
preStop:
exec:
command:
- /bin/bash
- -c
- /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh
{{- end }}
{{- if .Values.sentinel.resources }}
resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
- name: redis-data
mountPath: {{ .Values.replica.persistence.path }}
subPath: {{ .Values.replica.persistence.subPath }}
- name: config
mountPath: /opt/bitnami/redis-sentinel/mounted-etc
- name: sentinel-tmp-conf
mountPath: /opt/bitnami/redis-sentinel/etc
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.sentinel.extraVolumeMounts }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "redis.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
- -c
- |
if [[ -f '/secrets/redis-password' ]]; then
export REDIS_PASSWORD=$(cat /secrets/redis-password)
fi
redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: REDIS_ALIAS
value: {{ template "common.names.fullname" . }}
{{- if .Values.auth.enabled }}
- name: REDIS_USER
value: default
{{- if (not .Values.auth.usePasswordFiles) }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis.secretName" . }}
key: {{ template "redis.secretPasswordKey" . }}
{{- end }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: REDIS_ADDR
value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPort }}
{{- if .Values.tls.authClients }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis.tlsCert" . }}
{{- end }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis.tlsCACert" . }}
{{- end }}
ports:
- name: metrics
containerPort: 9121
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
mountPath: /secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.replica.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }}
{{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }}
initContainers:
{{- if .Values.replica.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if $needsVolumePermissions }}
- name: volume-permissions
image: {{ include "redis.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }}
{{- else }}
chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }}
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: redis-data
mountPath: {{ .Values.replica.persistence.path }}
subPath: {{ .Values.replica.persistence.subPath }}
{{- end }}
{{- if .Values.sysctl.enabled }}
- name: init-sysctl
image: {{ include "redis.sysctl.image" . }}
imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }}
securityContext:
privileged: true
runAsUser: 0
{{- if .Values.sysctl.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.resources }}
resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
{{- end }}
{{- if .Values.sysctl.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: start-scripts
configMap:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
defaultMode: 0755
- name: health
configMap:
name: {{ printf "%s-health" (include "common.names.fullname" .) }}
defaultMode: 0755
{{- if .Values.auth.usePasswordFiles }}
- name: redis-password
secret:
secretName: {{ template "redis.secretName" . }}
items:
- key: {{ template "redis.secretPasswordKey" . }}
path: redis-password
{{- end }}
- name: config
configMap:
name: {{ include "redis.configmapName" . }}
{{- if .Values.sysctl.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
- name: sentinel-tmp-conf
{{- if .Values.replica.persistence.medium }}
emptyDir: {
medium: {{ .Values.replica.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
- name: redis-tmp-conf
{{- if .Values.replica.persistence.medium }}
emptyDir: {
medium: {{ .Values.replica.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if .Values.replica.persistence.medium }}
emptyDir: {
medium: {{ .Values.replica.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.replica.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.sentinel.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
secret:
secretName: {{ include "redis.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if not .Values.replica.persistence.enabled }}
- name: redis-data
{{- if .Values.replica.persistence.medium }}
emptyDir: {
medium: {{ .Values.replica.persistence.medium | quote }}
}
{{- else }}
emptyDir: {}
{{- end }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: node
{{- if .Values.replica.persistence.annotations }}
annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.replica.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.replica.persistence.size | quote }}
{{- if .Values.replica.persistence.selector }}
selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

21
redis/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "redis.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }}
annotations:
{{- if or .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

45
redis/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: http-metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabellings }}
relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: metrics
{{- end }}

26
redis/templates/tls-secret.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if (include "redis.createTlsSecret" .) }}
{{- $ca := genCA "redis-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $fullname := include "common.names.fullname" . }}
{{- $serviceName := include "common.names.fullname" . }}
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-crt
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}

149
redis/values.schema.json Normal file
View File

@ -0,0 +1,149 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"architecture": {
"type": "string",
"title": "Redis architecture",
"form": true,
"description": "Allowed values: `standalone` or `replication`",
"enum": ["standalone", "replication"]
},
"auth": {
"type": "object",
"title": "Authentication configuration",
"form": true,
"properties": {
"enabled": {
"type": "boolean",
"form": true,
"title": "Use password authentication"
},
"password": {
"type": "string",
"title": "Redis password",
"form": true,
"description": "Defaults to a random 10-character alphanumeric string if not set",
"hidden": {
"value": false,
"path": "auth/enabled"
}
}
}
},
"master": {
"type": "object",
"title": "Master replicas settings",
"form": true,
"properties": {
"persistence": {
"type": "object",
"title": "Persistence for master replicas",
"form": true,
"properties": {
"enabled": {
"type": "boolean",
"form": true,
"title": "Enable persistence",
"description": "Enable persistence using Persistent Volume Claims"
},
"size": {
"type": "string",
"title": "Persistent Volume Size",
"form": true,
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi",
"hidden": {
"value": false,
"path": "master/persistence/enabled"
}
}
}
}
}
},
"replica": {
"type": "object",
"title": "Redis replicas settings",
"form": true,
"hidden": {
"value": "standalone",
"path": "architecture"
},
"properties": {
"replicaCount": {
"type": "integer",
"form": true,
"title": "Number of Redis replicas"
},
"persistence": {
"type": "object",
"title": "Persistence for Redis replicas",
"form": true,
"properties": {
"enabled": {
"type": "boolean",
"form": true,
"title": "Enable persistence",
"description": "Enable persistence using Persistent Volume Claims"
},
"size": {
"type": "string",
"title": "Persistent Volume Size",
"form": true,
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi",
"hidden": {
"value": false,
"path": "replica/persistence/enabled"
}
}
}
}
}
},
"volumePermissions": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"form": true,
"title": "Enable Init Containers",
"description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination"
}
}
},
"metrics": {
"type": "object",
"form": true,
"title": "Prometheus metrics details",
"properties": {
"enabled": {
"type": "boolean",
"title": "Create Prometheus metrics exporter",
"description": "Create a side-car container to expose Prometheus metrics",
"form": true
},
"serviceMonitor": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"title": "Create Prometheus Operator ServiceMonitor",
"description": "Create a ServiceMonitor to track metrics using Prometheus Operator",
"form": true,
"hidden": {
"value": false,
"path": "metrics/enabled"
}
}
}
}
}
}
}
}

1377
redis/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff