[VOL-4763] Adding voltha-go-controller and redis helm charts
Change-Id: I21ce624f359989e814c4475cc5e18672fd16c795
diff --git a/redis/templates/NOTES.txt b/redis/templates/NOTES.txt
new file mode 100644
index 0000000..a680c72
--- /dev/null
+++ b/redis/templates/NOTES.txt
@@ -0,0 +1,136 @@
+** Please be patient while the chart is being deployed **
+
+{{- if contains .Values.master.service.type "LoadBalancer" }}
+{{- if not .Values.usePassword }}
+{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }}
+
+-------------------------------------------------------------------------------
+ WARNING
+
+ By specifying "master.service.type=LoadBalancer" and "usePassword=false" you have
+ most likely exposed the Redis(TM) service externally without any authentication
+ mechanism.
+
+ For security reasons, we strongly suggest that you switch to "ClusterIP" or
+ "NodePort". As alternative, you can also switch to "usePassword=true"
+ providing a valid password on "password" parameter.
+
+-------------------------------------------------------------------------------
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- if and .Values.global.redis.sentinel.enabled (not .Values.global.redis.cluster.enabled)}}
+
+-------------------------------------------------------------------------------
+ WARNING
+
+ Using redis sentinel without a cluster is not supported. A single pod with
+ standalone redis has been deployed.
+
+ To deploy redis sentinel, please use the values "cluster.enabled=true" and
+ "sentinel.enabled=true".
+
+-------------------------------------------------------------------------------
+{{- end }}
+
+{{- if .Values.global.redis.cluster.enabled }}
+{{- if .Values.global.redis.sentinel.enabled }}
+Redis can be accessed via port {{ .Values.sentinel.service.redisPort }} on the following DNS name from within your cluster:
+
+{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations
+
+For read/write operations, first access the Redis(TM) Sentinel cluster, which is available in port {{ .Values.sentinel.service.sentinelPort }} using the same domain name above.
+
+{{- else }}
+Redis(TM) can be accessed via port {{ .Values.redisPort }} on the following DNS names from within your cluster:
+
+{{ template "redis.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read/write operations
+{{ template "redis.fullname" . }}-slave.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read-only operations
+{{- end }}
+
+{{- else }}
+Redis(TM) can be accessed via port {{ .Values.redisPort }} on the following DNS name from within your cluster:
+
+{{ template "redis.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+
+{{- end }}
+
+{{ if .Values.usePassword }}
+To get your password run:
+
+ export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 --decode)
+{{- end }}
+
+To connect to your Redis(TM) server:
+
+1. Run a Redis(TM) pod that you can use as a client:
+
+{{- if .Values.tls.enabled }}
+ kubectl run --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }}-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image {{ template "redis.image" . }} --command -- sleep infinity
+
+ Copy your TLS certificates to the pod:
+
+ kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert {{ template "redis.fullname" . }}-client:/tmp/client.cert
+ kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key {{ template "redis.fullname" . }}-client:/tmp/client.key
+ kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert {{ template "redis.fullname" . }}-client:/tmp/CA.cert
+
+ Use the following command to attach to the pod:
+
+ kubectl exec --tty -i {{ template "redis.fullname" . }}-client \
+ {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "redis.fullname" . }}-client=true" \{{- end }}
+ --namespace {{ .Release.Namespace }} -- bash
+{{- else }}
+ kubectl run --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }}-client --rm --tty -i --restart='Never' \
+ {{ if .Values.usePassword }} --env REDIS_PASSWORD=$REDIS_PASSWORD \{{ end }}
+ {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "redis.fullname" . }}-client=true" \{{- end }}
+ --image {{ template "redis.image" . }} -- bash
+{{- end }}
+
+2. Connect using the Redis(TM) CLI:
+
+{{- if .Values.global.redis.cluster.enabled }}
+ {{- if .Values.global.redis.sentinel.enabled }}
+ redis-cli -h {{ template "redis.fullname" . }} -p {{ .Values.sentinel.service.redisPort }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations
+ redis-cli -h {{ template "redis.fullname" . }} -p {{ .Values.sentinel.service.sentinelPort }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access
+ {{- else }}
+ redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+ redis-cli -h {{ template "redis.fullname" . }}-slave{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+ {{- end }}
+{{- else }}
+ redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+{{- end }}
+
+{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
+Note: Since NetworkPolicy is enabled, only pods with label
+{{ template "redis.fullname" . }}-client=true"
+will be able to connect to redis.
+{{- else -}}
+
+To connect to your database from outside the cluster execute the following commands:
+
+{{- if contains "NodePort" .Values.master.service.type }}
+
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "redis.fullname" . }}-master)
+ redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+
+{{- else if contains "LoadBalancer" .Values.master.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "redis.fullname" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+ redis-cli -h $SERVICE_IP -p {{ .Values.master.service.port }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+
+{{- else if contains "ClusterIP" .Values.master.service.type }}
+
+ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "redis.fullname" . }}-master {{ .Values.redisPort }}:{{ .Values.redisPort }} &
+ redis-cli -h 127.0.0.1 -p {{ .Values.redisPort }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+
+{{- end }}
+{{- end }}
+
+{{ include "redis.checkRollingTags" . }}
+
+{{- include "redis.validateValues" . }}
diff --git a/redis/templates/_helpers.tpl b/redis/templates/_helpers.tpl
new file mode 100644
index 0000000..478a3ba
--- /dev/null
+++ b/redis/templates/_helpers.tpl
@@ -0,0 +1,435 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "redis.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the chart plus release name (used by the chart label)
+*/}}
+{{- define "redis.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "redis.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "networkPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiGroup for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiGroup" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy" -}}
+{{- else -}}
+{{- print "extensions" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Redis(TM) image name
+*/}}
+{{- define "redis.image" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Redis(TM) Sentinel image name
+*/}}
+{{- define "sentinel.image" -}}
+{{- $registryName := .Values.sentinel.image.registry -}}
+{{- $repositoryName := .Values.sentinel.image.repository -}}
+{{- $tag := .Values.sentinel.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the metrics image)
+*/}}
+{{- define "redis.metrics.image" -}}
+{{- $registryName := .Values.metrics.image.registry -}}
+{{- $repositoryName := .Values.metrics.image.repository -}}
+{{- $tag := .Values.metrics.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "redis.volumePermissions.image" -}}
+{{- $registryName := .Values.volumePermissions.image.registry -}}
+{{- $repositoryName := .Values.volumePermissions.image.repository -}}
+{{- $tag := .Values.volumePermissions.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path to the cert file.
+*/}}
+{{- define "redis.tlsCert" -}}
+{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}}
+{{- end -}}
+
+{{/*
+Return the path to the cert key file.
+*/}}
+{{- define "redis.tlsCertKey" -}}
+{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}}
+{{- end -}}
+
+{{/*
+Return the path to the CA cert file.
+*/}}
+{{- define "redis.tlsCACert" -}}
+{{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}}
+{{- end -}}
+
+{{/*
+Return the path to the DH params file.
+*/}}
+{{- define "redis.tlsDHParams" -}}
+{{- if .Values.tls.dhParamsFilename -}}
+{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "redis.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "redis.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "redis.secretName" -}}
+{{- if .Values.existingSecret -}}
+{{- printf "%s" .Values.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "redis.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password key to be retrieved from Redis(TM) secret.
+*/}}
+{{- define "redis.secretPasswordKey" -}}
+{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}}
+{{- printf "%s" .Values.existingSecretPasswordKey -}}
+{{- else -}}
+{{- printf "redis-password" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return Redis(TM) password
+*/}}
+{{- define "redis.password" -}}
+{{- if not (empty .Values.global.redis.password) }}
+ {{- .Values.global.redis.password -}}
+{{- else if not (empty .Values.password) -}}
+ {{- .Values.password -}}
+{{- else -}}
+ {{- randAlphaNum 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return sysctl image
+*/}}
+{{- define "redis.sysctl.image" -}}
+{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
+{{- $repositoryName := .Values.sysctlImage.repository -}}
+{{- $tag := default "buster" .Values.sysctlImage.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "redis.imagePullSecrets" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+Also, we can not use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.metrics.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.sysctlImage.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.volumePermissions.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.metrics.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.sysctlImage.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.volumePermissions.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/* Check if there are rolling tags in the images */}}
+{{- define "redis.checkRollingTags" -}}
+{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
+{{- end }}
+{{- if and (contains "bitnami/" .Values.sentinel.image.repository) (not (.Values.sentinel.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .Values.sentinel.image.repository }}:{{ .Values.sentinel.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
+{{- end }}
+{{- end -}}
+
+{{/*
+Return the proper Storage Class for master
+*/}}
+{{- define "redis.master.storageClass" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+*/}}
+{{- if .Values.global -}}
+ {{- if .Values.global.storageClass -}}
+ {{- if (eq "-" .Values.global.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.global.storageClass -}}
+ {{- end -}}
+ {{- else -}}
+ {{- if .Values.master.persistence.storageClass -}}
+ {{- if (eq "-" .Values.master.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- else -}}
+ {{- if .Values.master.persistence.storageClass -}}
+ {{- if (eq "-" .Values.master.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Storage Class for slave
+*/}}
+{{- define "redis.slave.storageClass" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+*/}}
+{{- if .Values.global -}}
+ {{- if .Values.global.storageClass -}}
+ {{- if (eq "-" .Values.global.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.global.storageClass -}}
+ {{- end -}}
+ {{- else -}}
+ {{- if .Values.slave.persistence.storageClass -}}
+ {{- if (eq "-" .Values.slave.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- else -}}
+ {{- if .Values.slave.persistence.storageClass -}}
+ {{- if (eq "-" .Values.slave.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "redis.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "redis.validateValues.spreadConstraints" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Redis(TM) - spreadConstrainsts K8s version */}}
+{{- define "redis.validateValues.spreadConstraints" -}}
+{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.slave.spreadConstraints -}}
+redis: spreadConstraints
+ Pod Topology Spread Constraints are only available on K8s >= 1.16
+ Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+{{- end -}}
+{{- end -}}
+
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "redis.tplValue" (dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "redis.tplValue" -}}
+ {{- if typeIs "string" .value }}
+ {{- tpl .value .context }}
+ {{- else }}
+ {{- tpl (.value | toYaml) .context }}
+ {{- end }}
+{{- end -}}
diff --git a/redis/templates/configmap-scripts.yaml b/redis/templates/configmap-scripts.yaml
new file mode 100644
index 0000000..8ebaa25
--- /dev/null
+++ b/redis/templates/configmap-scripts.yaml
@@ -0,0 +1,394 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "redis.fullname" . }}-scripts
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+ start-node.sh: |
+ #!/bin/bash
+ is_boolean_yes() {
+ local -r bool="${1:-}"
+ # comparison is performed without regard to the case of alphabetic characters
+ shopt -s nocasematch
+ if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+ true
+ else
+ false
+ fi
+ }
+
+ HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+ REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+
+ export REDIS_REPLICATION_MODE="slave"
+ if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
+ export REDIS_REPLICATION_MODE="master"
+ fi
+
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.slave.persistence.path }}
+ {{- end }}
+
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+
+ if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+ fi
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ echo "I am master"
+ if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+ fi
+ else
+ if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+ fi
+
+ if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+ REDIS_SENTINEL_INFO=($($sentinel_info_command))
+ REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+ REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+
+
+ # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
+ # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the redis
+ # container to be ready and restart the it. By then the new master will likely have been elected
+ if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+
+ if [[ ! ($($sentinel_info_command)) ]]; then
+ # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
+ # and are reporting the old one still. Once this happens the container will get stuck and never see the new
+ # master. We stop here to allow the container to not pass the liveness check and be restarted.
+ exit 1
+ fi
+ fi
+
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ ARGS+=("--tls-replication" "yes")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+
+ if [[ "$REDIS_REPLICATION_MODE" == "slave" ]]; then
+ ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+ fi
+
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+ else
+ ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+ fi
+
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ {{- if .Values.slave.extraFlags }}
+ {{- range .Values.slave.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+
+ {{- if .Values.slave.preExecCmds }}
+ {{ .Values.slave.preExecCmds | nindent 4}}
+ {{- end }}
+
+ {{- if .Values.slave.command }}
+ exec {{ .Values.slave.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+
+ start-sentinel.sh: |
+ #!/bin/bash
+ replace_in_file() {
+ local filename="${1:?filename is required}"
+ local match_regex="${2:?match regex is required}"
+ local substitute_regex="${3:?substitute regex is required}"
+ local posix_regex=${4:-true}
+
+ local result
+
+ # We should avoid using 'sed in-place' substitutions
+ # 1) They are not compatible with files mounted from ConfigMap(s)
+ # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+ del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+ if [[ $posix_regex = true ]]; then
+ result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+ else
+ result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+ fi
+ echo "$result" > "$filename"
+ }
+ sentinel_conf_set() {
+ local -r key="${1:?missing key}"
+ local value="${2:-}"
+
+ # Sanitize inputs
+ value="${value//\\/\\\\}"
+ value="${value//&/\\&}"
+ value="${value//\?/\\?}"
+ [[ "$value" = "" ]] && value="\"$value\""
+
+ replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
+ }
+ sentinel_conf_add() {
+ echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf"
+ }
+ is_boolean_yes() {
+ local -r bool="${1:-}"
+ # comparison is performed without regard to the case of alphabetic characters
+ shopt -s nocasematch
+ if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+ true
+ else
+ false
+ fi
+ }
+ host_id() {
+ echo "$1" | openssl sha1 | awk '{print $2}'
+ }
+
+ HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+ REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+
+ if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
+ cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- if .Values.usePassword }}
+ printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- if .Values.sentinel.usePassword }}
+ printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sentinel.staticID }}
+ printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- end }}
+ fi
+
+ export REDIS_REPLICATION_MODE="slave"
+ if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
+ export REDIS_REPLICATION_MODE="master"
+ fi
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ REDIS_MASTER_HOST="$(hostname -i)"
+ REDIS_MASTER_PORT_NUMBER="{{ .Values.redisPort }}"
+ else
+ if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+ REDIS_SENTINEL_INFO=($($sentinel_info_command))
+ REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+ REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+
+ # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
+ # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the sentinel
+ # container to be ready and restart the it. By then the new master will likely have been elected
+ if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+
+ if [[ ! ($($sentinel_info_command)) ]]; then
+ # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
+ # and are reporting the old one still. Once this happens the container will get stuck and never see the new
+ # master. We stop here to allow the container to not pass the liveness check and be restarted.
+ exit 1
+ fi
+ fi
+ sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
+
+ add_replica() {
+ if [[ "$1" != "$REDIS_MASTER_HOST" ]]; then
+ sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $1 {{ .Values.redisPort }}"
+ fi
+ }
+
+ {{- if .Values.sentinel.staticID }}
+ # remove generated known sentinels and replicas
+ tmp="$(sed -e '/^sentinel known-/d' -e '/^$/d' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
+ echo "$tmp" > /opt/bitnami/redis-sentinel/etc/sentinel.conf
+
+ for node in $(seq 0 {{ .Values.cluster.slaveCount }}); do
+ NAME="{{ template "redis.fullname" . }}-node-$node"
+ IP="$(getent hosts "$NAME.$HEADLESS_SERVICE" | awk ' {print $1 }')"
+ if [[ "$NAME" != "$HOSTNAME" && -n "$IP" ]]; then
+ sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $IP {{ .Values.sentinel.port }} $(host_id "$NAME")"
+ add_replica "$IP"
+ fi
+ done
+ add_replica "$(hostname -i)"
+ {{- end }}
+
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
+ ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
+ ARGS+=("--tls-replication" "yes")
+ ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sentinel.preExecCmds }}
+ {{ .Values.sentinel.preExecCmds | nindent 4 }}
+ {{- end }}
+ exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
+{{- else }}
+ start-master.sh: |
+ #!/bin/bash
+ echo "y" | /opt/bitnami/redis/bin/redis-check-aof --fix /data/appendonly.aof
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.master.persistence.path }}
+ {{- end }}
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+ {{- if .Values.master.extraFlags }}
+ {{- range .Values.master.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+ {{- if .Values.master.preExecCmds }}
+ {{ .Values.master.preExecCmds | nindent 4}}
+ {{- end }}
+ {{- if .Values.master.command }}
+ exec {{ .Values.master.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+ {{- if .Values.global.redis.cluster.enabled }}
+ start-slave.sh: |
+ #!/bin/bash
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.slave.persistence.path }}
+ {{- end }}
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+ if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ ARGS+=("--tls-replication" "yes")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+ ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+ {{- if .Values.slave.extraFlags }}
+ {{- range .Values.slave.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+ {{- if .Values.slave.preExecCmds }}
+ {{ .Values.slave.preExecCmds | nindent 4}}
+ {{- end }}
+ {{- if .Values.slave.command }}
+ exec {{ .Values.slave.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+ {{- end }}
+
+{{- end -}}
diff --git a/redis/templates/configmap.yaml b/redis/templates/configmap.yaml
new file mode 100644
index 0000000..1dd6dd7
--- /dev/null
+++ b/redis/templates/configmap.yaml
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ redis.conf: |-
+{{- if .Values.configmap }}
+ # User-supplied configuration:
+{{- tpl .Values.configmap . | nindent 4 }}
+{{- end }}
+ master.conf: |-
+ dir {{ .Values.master.persistence.path }}
+{{- if .Values.master.configmap }}
+ # User-supplied master configuration:
+{{- tpl .Values.master.configmap . | nindent 4 }}
+{{- end }}
+{{- if .Values.master.disableCommands }}
+{{- range .Values.master.disableCommands }}
+ rename-command {{ . }} ""
+{{- end }}
+{{- end }}
+ replica.conf: |-
+ dir {{ .Values.slave.persistence.path }}
+ slave-read-only yes
+{{- if .Values.slave.configmap }}
+ # User-supplied slave configuration:
+{{- tpl .Values.slave.configmap . | nindent 4 }}
+{{- end }}
+{{- if .Values.slave.disableCommands }}
+{{- range .Values.slave.disableCommands }}
+ rename-command {{ . }} ""
+{{- end }}
+{{- end }}
+{{- if .Values.global.redis.sentinel.enabled }}
+ sentinel.conf: |-
+ dir "/tmp"
+ # bind 0.0.0.0 ::
+ port {{ .Values.sentinel.port }}
+ sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "redis.fullname" . }}-node-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.redisPort }} {{ .Values.sentinel.quorum }}
+ sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
+ sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
+ sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
+{{- if .Values.sentinel.configmap }}
+ # User-supplied sentinel configuration:
+{{- tpl .Values.sentinel.configmap . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/redis/templates/headless-svc.yaml b/redis/templates/headless-svc.yaml
new file mode 100644
index 0000000..834d63a
--- /dev/null
+++ b/redis/templates/headless-svc.yaml
@@ -0,0 +1,42 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}-headless
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ clusterIP: None
+ {{- if .Values.global.redis.sentinel.enabled }}
+ publishNotReadyAddresses: true
+ {{- end }}
+ ports:
+ - name: redis
+ port: {{ .Values.redisPort }}
+ targetPort: redis
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - name: redis-sentinel
+ port: {{ .Values.sentinel.port }}
+ targetPort: redis-sentinel
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
diff --git a/redis/templates/health-configmap.yaml b/redis/templates/health-configmap.yaml
new file mode 100644
index 0000000..14a9c8b
--- /dev/null
+++ b/redis/templates/health-configmap.yaml
@@ -0,0 +1,176 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "redis.fullname" . }}-health
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ ping_readiness_local.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h localhost \
+{{- if .Values.tls.enabled }}
+ -p $REDIS_TLS_PORT \
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- else }}
+ -p $REDIS_PORT \
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ]; then
+ echo "$response"
+ exit 1
+ fi
+ ping_liveness_local.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h localhost \
+{{- if .Values.tls.enabled }}
+ -p $REDIS_TLS_PORT \
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- else }}
+ -p $REDIS_PORT \
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
+ echo "$response"
+ exit 1
+ fi
+{{- if .Values.global.redis.sentinel.enabled }}
+ ping_sentinel.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h localhost \
+{{- if .Values.tls.enabled }}
+ -p $REDIS_SENTINEL_TLS_PORT_NUMBER \
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- else }}
+ -p $REDIS_SENTINEL_PORT \
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ]; then
+ echo "$response"
+ exit 1
+ fi
+ parse_sentinels.awk: |-
+ /ip/ {FOUND_IP=1}
+ /port/ {FOUND_PORT=1}
+ /runid/ {FOUND_RUNID=1}
+ !/ip|port|runid/ {
+ if (FOUND_IP==1) {
+ IP=$1; FOUND_IP=0;
+ }
+ else if (FOUND_PORT==1) {
+ PORT=$1;
+ FOUND_PORT=0;
+ } else if (FOUND_RUNID==1) {
+ printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0;
+ }
+ }
+{{- end }}
+ ping_readiness_master.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h $REDIS_MASTER_HOST \
+ -p $REDIS_MASTER_PORT_NUMBER \
+{{- if .Values.tls.enabled }}
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ]; then
+ echo "$response"
+ exit 1
+ fi
+ ping_liveness_master.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h $REDIS_MASTER_HOST \
+ -p $REDIS_MASTER_PORT_NUMBER \
+{{- if .Values.tls.enabled }}
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
+ echo "$response"
+ exit 1
+ fi
+ ping_readiness_local_and_master.sh: |-
+ script_dir="$(dirname "$0")"
+ exit_status=0
+ "$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
+ "$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
+ exit $exit_status
+ ping_liveness_local_and_master.sh: |-
+ script_dir="$(dirname "$0")"
+ exit_status=0
+ "$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
+ "$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
+ exit $exit_status
diff --git a/redis/templates/metrics-prometheus.yaml b/redis/templates/metrics-prometheus.yaml
new file mode 100644
index 0000000..6bfe719
--- /dev/null
+++ b/redis/templates/metrics-prometheus.yaml
@@ -0,0 +1,53 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- range $key, $value := .Values.metrics.serviceMonitor.selector }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+spec:
+ endpoints:
+ - port: metrics
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ app.kubernetes.io/component: "metrics"
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end -}}
diff --git a/redis/templates/metrics-svc.yaml b/redis/templates/metrics-svc.yaml
new file mode 100644
index 0000000..27d6b06
--- /dev/null
+++ b/redis/templates/metrics-svc.yaml
@@ -0,0 +1,48 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}-metrics
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ app.kubernetes.io/component: "metrics"
+ {{- if .Values.metrics.service.labels -}}
+ {{- toYaml .Values.metrics.service.labels | nindent 4 }}
+ {{- end -}}
+ {{- if .Values.metrics.service.annotations }}
+ annotations: {{- toYaml .Values.metrics.service.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.metrics.service.type }}
+ {{ if eq .Values.metrics.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }}
+ {{- end }}
+ {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: metrics
+ port: 9121
+ targetPort: metrics
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/redis/templates/networkpolicy.yaml b/redis/templates/networkpolicy.yaml
new file mode 100644
index 0000000..69c192e
--- /dev/null
+++ b/redis/templates/networkpolicy.yaml
@@ -0,0 +1,88 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "networkPolicy.apiVersion" . }}
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ podSelector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.global.redis.cluster.enabled }}
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ # Allow dns resolution
+ - ports:
+ - port: 53
+ protocol: UDP
+ # Allow outbound connections to other cluster pods
+ - ports:
+ - port: {{ .Values.redisPort }}
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - port: {{ .Values.sentinel.port }}
+ {{- end }}
+ to:
+ - podSelector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ {{- end }}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: {{ .Values.redisPort }}
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - port: {{ .Values.sentinel.port }}
+ {{- end }}
+ {{- if not .Values.networkPolicy.allowExternal }}
+ from:
+ - podSelector:
+ matchLabels:
+ {{ template "redis.fullname" . }}-client: "true"
+ - podSelector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.networkPolicy.ingressNSMatchLabels }}
+ - namespaceSelector:
+ matchLabels:
+ {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
+ podSelector:
+ matchLabels:
+ {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/pdb.yaml b/redis/templates/pdb.yaml
new file mode 100644
index 0000000..2b7fe99
--- /dev/null
+++ b/redis/templates/pdb.yaml
@@ -0,0 +1,36 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+spec:
+ {{- if .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/redis/templates/prometheusrule.yaml b/redis/templates/prometheusrule.yaml
new file mode 100644
index 0000000..ec09907
--- /dev/null
+++ b/redis/templates/prometheusrule.yaml
@@ -0,0 +1,39 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.metrics.prometheusRule.namespace }}
+ namespace: {{ .Values.metrics.prometheusRule.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+{{- with .Values.metrics.prometheusRule.additionalLabels }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+{{- with .Values.metrics.prometheusRule.rules }}
+ groups:
+ - name: {{ template "redis.name" $ }}
+ rules: {{- tpl (toYaml .) $ | nindent 8 }}
+{{- end }}
+{{- end }}
diff --git a/redis/templates/psp.yaml b/redis/templates/psp.yaml
new file mode 100644
index 0000000..8796578
--- /dev/null
+++ b/redis/templates/psp.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.podSecurityPolicy.create }}
+apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ allowPrivilegeEscalation: false
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.securityContext.fsGroup }}
+ max: {{ .Values.securityContext.fsGroup }}
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ privileged: false
+ readOnlyRootFilesystem: false
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.containerSecurityContext.runAsUser }}
+ max: {{ .Values.containerSecurityContext.runAsUser }}
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.containerSecurityContext.runAsUser }}
+ max: {{ .Values.containerSecurityContext.runAsUser }}
+ volumes:
+ - 'configMap'
+ - 'secret'
+ - 'emptyDir'
+ - 'persistentVolumeClaim'
+{{- end }}
diff --git a/redis/templates/pvc.yaml b/redis/templates/pvc.yaml
new file mode 100755
index 0000000..d1980ee
--- /dev/null
+++ b/redis/templates/pvc.yaml
@@ -0,0 +1,164 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-0
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ claimRef:
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ name: redis-data-{{ template "redis.fullname" . }}-node-0
+ namespace: default
+ hostPath:
+ path: "{{ .Values.global.redis.volumePath }}/redis"
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/hostname
+ operator: In
+ values:
+ - {{ .Values.global.hostname.worker1 }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-1
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ claimRef:
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ name: redis-data-{{ template "redis.fullname" . }}-node-1
+ namespace: default
+ hostPath:
+ path: "{{ .Values.global.redis.volumePath }}/redis"
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/hostname
+ operator: In
+ values:
+ - {{ .Values.global.hostname.worker2 }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-2
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ claimRef:
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ name: redis-data-{{ template "redis.fullname" . }}-node-2
+ namespace: default
+ hostPath:
+ path: "{{ .Values.global.redis.volumePath }}/redis"
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/hostname
+ operator: In
+ values:
+ - {{ .Values.global.hostname.worker3 }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-0
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-1
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-2
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+{{- else }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-0
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ hostPath:
+ path: "{{ .Values.global.volumePath }}/data/redis"
+
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-0
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+
+{{- end }}
+
diff --git a/redis/templates/redis-master-statefulset.yaml b/redis/templates/redis-master-statefulset.yaml
new file mode 100644
index 0000000..c2cd6c9
--- /dev/null
+++ b/redis/templates/redis-master-statefulset.yaml
@@ -0,0 +1,393 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if or (not .Values.global.redis.cluster.enabled) (not .Values.global.redis.sentinel.enabled) }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.master.statefulset.labels }}
+ {{- toYaml .Values.master.statefulset.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.master.statefulset.annotations }}
+ annotations:
+ {{- toYaml .Values.master.statefulset.annotations | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: master
+ serviceName: {{ template "redis.fullname" . }}-headless
+ template:
+ metadata:
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ role: master
+ {{- if .Values.master.podLabels }}
+ {{- toYaml .Values.master.podLabels | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
+ {{- toYaml .Values.metrics.podLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap-scripts.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- if .Values.master.podAnnotations }}
+ {{- toYaml .Values.master.podAnnotations | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+ {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "redis.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.master.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "redis.serviceAccountName" . }}
+ {{- if .Values.master.priorityClassName }}
+ priorityClassName: {{ .Values.master.priorityClassName | quote }}
+ {{- end }}
+ {{- with .Values.master.affinity }}
+ affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+ {{- end }}
+ {{- if .Values.master.nodeSelector }}
+ nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.master.tolerations }}
+ tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.master.shareProcessNamespace }}
+ shareProcessNamespace: {{ .Values.master.shareProcessNamespace }}
+ {{- end }}
+ {{- if .Values.master.schedulerName }}
+ schedulerName: {{ .Values.master.schedulerName }}
+ {{- end }}
+ containers:
+ - name: {{ template "redis.name" . }}
+ image: {{ template "redis.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-master.sh
+ env:
+ - name: REDIS_REPLICATION_MODE
+ value: master
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_TLS_PORT
+ value: {{ .Values.redisPort | quote }}
+ - name: REDIS_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.tlsDHParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_PORT
+ value: {{ .Values.redisPort | quote }}
+ {{- end }}
+ {{- if .Values.master.extraEnvVars }}
+ {{- include "redis.tplValue" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.master.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.master.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.master.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.master.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ containerPort: {{ .Values.redisPort }}
+ {{- if .Values.master.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
+ # One second longer than command timeout should prevent generation of zombie processes.
+ timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.master.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.master.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.master.readinessProbe.enabled}}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }}
+ {{- else if .Values.master.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.master.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: {{ .Values.master.persistence.path }}
+ subPath: {{ .Values.master.persistence.subPath }}
+ - name: config
+ mountPath: /opt/bitnami/redis/mounted-etc
+ - name: redis-tmp-conf
+ mountPath: /opt/bitnami/redis/etc/
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "redis.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ if [[ -f '/secrets/redis-password' ]]; then
+ export REDIS_PASSWORD=$(cat /secrets/redis-password)
+ fi
+ redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
+ env:
+ - name: REDIS_ALIAS
+ value: {{ template "redis.fullname" . }}
+ {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_ADDR
+ value: rediss://localhost:{{ .Values.redisPort }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /secrets/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9121
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
+ {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
+ initContainers:
+ {{- if $needsVolumePermissions }}
+ - name: volume-permissions
+ image: "{{ template "redis.volumePermissions.image" . }}"
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }}
+ {{- else }}
+ chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.master.persistence.path }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 10 }}
+ volumeMounts:
+ - name: redis-data
+ mountPath: {{ .Values.master.persistence.path }}
+ subPath: {{ .Values.master.persistence.subPath }}
+ {{- end }}
+ {{- if .Values.sysctlImage.enabled }}
+ - name: init-sysctl
+ image: {{ template "redis.sysctl.image" . }}
+ imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
+ resources: {{- toYaml .Values.sysctlImage.resources | nindent 10 }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ volumeMounts:
+ - name: host-sys
+ mountPath: /host-sys
+ {{- end }}
+ command: {{- toYaml .Values.sysctlImage.command | nindent 10 }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: start-scripts
+ configMap:
+ name: {{ include "redis.fullname" . }}-scripts
+ defaultMode: 0755
+ - name: health
+ configMap:
+ name: {{ template "redis.fullname" . }}-health
+ defaultMode: 0755
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ secret:
+ secretName: {{ template "redis.secretName" . }}
+ items:
+ - key: {{ template "redis.secretPasswordKey" . }}
+ path: redis-password
+ {{- end }}
+ - name: config
+ configMap:
+ name: {{ template "redis.fullname" . }}
+ {{- if not .Values.master.persistence.enabled }}
+ - name: "redis-data"
+ emptyDir: {}
+ {{- else }}
+ {{- if .Values.persistence.existingClaim }}
+ - name: "redis-data"
+ persistentVolumeClaim:
+ claimName: {{ include "redis.tplValue" (dict "value" .Values.persistence.existingClaim "context" $) }}
+ {{- end }}
+ {{- if .Values.master.persistence.volumes }}
+ {{- toYaml .Values.master.persistence.volumes | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ - name: host-sys
+ hostPath:
+ path: /sys
+ {{- end }}
+ - name: redis-tmp-conf
+ emptyDir: {}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ secret:
+ secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
+ defaultMode: 256
+ {{- end }}
+ {{- if and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) (not .Values.master.persistence.volumes) }}
+ volumeClaimTemplates:
+ - metadata:
+ name: redis-data
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: master
+ {{- if .Values.master.statefulset.volumeClaimTemplates.labels }}
+ {{- toYaml .Values.master.statefulset.volumeClaimTemplates.labels | nindent 10 }}
+ {{- end }}
+ {{- if .Values.master.statefulset.volumeClaimTemplates.annotations }}
+ annotations:
+ {{- toYaml .Values.master.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.master.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.master.persistence.size | quote }}
+ {{ include "redis.master.storageClass" . }}
+ selector:
+ {{- if .Values.master.persistence.matchLabels }}
+ matchLabels: {{- toYaml .Values.master.persistence.matchLabels | nindent 12 }}
+ {{- end -}}
+ {{- if .Values.master.persistence.matchExpressions }}
+ matchExpressions: {{- toYaml .Values.master.persistence.matchExpressions | nindent 12 }}
+ {{- end -}}
+ {{- end }}
+ updateStrategy:
+ type: {{ .Values.master.statefulset.updateStrategy }}
+ {{- if .Values.master.statefulset.rollingUpdatePartition }}
+ {{- if (eq "Recreate" .Values.master.statefulset.updateStrategy) }}
+ rollingUpdate: null
+ {{- else }}
+ rollingUpdate:
+ partition: {{ .Values.master.statefulset.rollingUpdatePartition }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/redis-master-svc.yaml b/redis/templates/redis-master-svc.yaml
new file mode 100644
index 0000000..27c5389
--- /dev/null
+++ b/redis/templates/redis-master-svc.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if not .Values.global.redis.sentinel.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.master.service.labels -}}
+ {{- toYaml .Values.master.service.labels | nindent 4 }}
+ {{- end -}}
+{{- if .Values.master.service.annotations }}
+ annotations: {{- toYaml .Values.master.service.annotations | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.master.service.type }}
+ {{ if eq .Values.master.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy }}
+ {{- end }}
+ {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- with .Values.master.service.loadBalancerSourceRanges }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ port: {{ .Values.master.service.port }}
+ targetPort: redis
+ {{- if .Values.master.service.nodePort }}
+ nodePort: {{ .Values.master.service.nodePort }}
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: master
+{{- end }}
diff --git a/redis/templates/redis-node-statefulset.yaml b/redis/templates/redis-node-statefulset.yaml
new file mode 100644
index 0000000..22bb252
--- /dev/null
+++ b/redis/templates/redis-node-statefulset.yaml
@@ -0,0 +1,510 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "redis.fullname" . }}-node
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.slave.statefulset.labels }}
+ {{- toYaml .Values.slave.statefulset.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.slave.statefulset.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }}
+{{- end }}
+spec:
+{{- if .Values.slave.updateStrategy }}
+ strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
+{{- end }}
+ replicas: {{ .Values.cluster.slaveCount }}
+ serviceName: {{ template "redis.fullname" . }}-headless
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: node
+ template:
+ metadata:
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ chart: {{ template "redis.chart" . }}
+ role: node
+ {{- if .Values.slave.podLabels }}
+ {{- toYaml .Values.slave.podLabels | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
+ {{- toYaml .Values.metrics.podLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- if .Values.slave.podAnnotations }}
+ {{- toYaml .Values.slave.podAnnotations | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+ {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "redis.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.slave.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "redis.serviceAccountName" . }}
+ {{- if .Values.slave.priorityClassName }}
+ priorityClassName: "{{ .Values.slave.priorityClassName }}"
+ {{- end }}
+ {{- if .Values.slave.nodeSelector }}
+ nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.tolerations }}
+ tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.schedulerName }}
+ schedulerName: {{ .Values.slave.schedulerName }}
+ {{- end }}
+ {{- if .Values.master.spreadConstraints }}
+ topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
+ {{- end }}
+ {{- with .Values.slave.affinity }}
+ affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ template "redis.name" . }}
+ image: {{ template "redis.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-node.sh
+ env:
+ - name: REDIS_MASTER_PORT_NUMBER
+ value: {{ .Values.redisPort | quote }}
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ - name: REDIS_MASTER_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ - name: REDIS_MASTER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_TLS_PORT
+ value: {{ .Values.redisPort | quote }}
+ - name: REDIS_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.tlsDHParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_PORT
+ value: {{ .Values.redisPort | quote }}
+ {{- end }}
+ - name: REDIS_DATA_DIR
+ value: {{ .Values.slave.persistence.path }}
+ {{- if .Values.sentinel.extraEnvVars }}
+ {{- include "redis.tplValue" (dict "value" .Values.sentinel.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.sentinel.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.sentinel.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.sentinel.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.sentinel.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ containerPort: {{ .Values.redisPort }}
+ {{- if .Values.slave.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
+ exec:
+ command:
+ - sh
+ - -c
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - /health/ping_liveness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- else }}
+ - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- end }}
+ {{- else if .Values.slave.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.slave.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - /health/ping_readiness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- else }}
+ - /health/ping_readiness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- end }}
+ {{- else if .Values.slave.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.slave.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ - name: config
+ mountPath: /opt/bitnami/redis/mounted-etc
+ - name: redis-tmp-conf
+ mountPath: /opt/bitnami/redis/etc
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+ - name: sentinel
+ image: {{ template "sentinel.image" . }}
+ imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-sentinel.sh
+ env:
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_SENTINEL_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_SENTINEL_TLS_PORT_NUMBER
+ value: {{ .Values.sentinel.port | quote }}
+ - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_SENTINEL_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_SENTINEL_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_SENTINEL_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.dhParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_SENTINEL_PORT
+ value: {{ .Values.sentinel.port | quote }}
+ {{- end }}
+ ports:
+ - name: redis-sentinel
+ containerPort: {{ .Values.sentinel.port }}
+ {{- if .Values.sentinel.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.sentinel.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.sentinel.readinessProbe.enabled}}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.sentinel.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ - name: config
+ mountPath: /opt/bitnami/redis-sentinel/mounted-etc
+ - name: sentinel-tmp-conf
+ mountPath: /opt/bitnami/redis-sentinel/etc
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "redis.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ if [[ -f '/secrets/redis-password' ]]; then
+ export REDIS_PASSWORD=$(cat /secrets/redis-password)
+ fi
+ redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
+ env:
+ - name: REDIS_ALIAS
+ value: {{ template "redis.fullname" . }}
+ {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_ADDR
+ value: rediss://localhost:{{ .Values.redisPort }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /secrets/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9121
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
+ {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
+ initContainers:
+ {{- if $needsVolumePermissions }}
+ - name: volume-permissions
+ image: {{ template "redis.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }}
+ {{- else }}
+ chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ volumeMounts:
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ {{- end }}
+ {{- if .Values.sysctlImage.enabled }}
+ - name: init-sysctl
+ image: {{ template "redis.sysctl.image" . }}
+ imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
+ resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ volumeMounts:
+ - name: host-sys
+ mountPath: /host-sys
+ {{- end }}
+ command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: start-scripts
+ configMap:
+ name: {{ include "redis.fullname" . }}-scripts
+ defaultMode: 0755
+ - name: health
+ configMap:
+ name: {{ template "redis.fullname" . }}-health
+ defaultMode: 0755
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ secret:
+ secretName: {{ template "redis.secretName" . }}
+ items:
+ - key: {{ template "redis.secretPasswordKey" . }}
+ path: redis-password
+ {{- end }}
+ - name: config
+ configMap:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ - name: host-sys
+ hostPath:
+ path: /sys
+ {{- end }}
+ - name: sentinel-tmp-conf
+ emptyDir: {}
+ - name: redis-tmp-conf
+ emptyDir: {}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ secret:
+ secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
+ defaultMode: 256
+ {{- end }}
+ {{- if not .Values.slave.persistence.enabled }}
+ - name: redis-data
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: redis-data
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: slave
+ {{- if .Values.slave.statefulset.volumeClaimTemplates }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }}
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }}
+ {{- end }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.slave.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.slave.persistence.size | quote }}
+ {{ include "redis.slave.storageClass" . }}
+ selector:
+ {{- if .Values.slave.persistence.matchLabels }}
+ matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
+ {{- end -}}
+ {{- if .Values.slave.persistence.matchExpressions }}
+ matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
+ {{- end -}}
+ {{- end }}
+ updateStrategy:
+ type: {{ .Values.slave.statefulset.updateStrategy }}
+ {{- if .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
+ rollingUpdate: null
+ {{- else }}
+ rollingUpdate:
+ partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/redis-role.yaml b/redis/templates/redis-role.yaml
new file mode 100644
index 0000000..c5fdc9a
--- /dev/null
+++ b/redis/templates/redis-role.yaml
@@ -0,0 +1,36 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+{{- if .Values.podSecurityPolicy.create }}
+ - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: [{{ template "redis.fullname" . }}]
+{{- end -}}
+{{- if .Values.rbac.role.rules }}
+{{- toYaml .Values.rbac.role.rules | nindent 2 }}
+{{- end -}}
+{{- end -}}
diff --git a/redis/templates/redis-rolebinding.yaml b/redis/templates/redis-rolebinding.yaml
new file mode 100644
index 0000000..3d715fe
--- /dev/null
+++ b/redis/templates/redis-rolebinding.yaml
@@ -0,0 +1,33 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "redis.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "redis.serviceAccountName" . }}
+{{- end -}}
diff --git a/redis/templates/redis-serviceaccount.yaml b/redis/templates/redis-serviceaccount.yaml
new file mode 100644
index 0000000..07933cc
--- /dev/null
+++ b/redis/templates/redis-serviceaccount.yaml
@@ -0,0 +1,29 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "redis.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.serviceAccount.annotations }}
+ annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/redis/templates/redis-slave-statefulset.yaml b/redis/templates/redis-slave-statefulset.yaml
new file mode 100644
index 0000000..b04b037
--- /dev/null
+++ b/redis/templates/redis-slave-statefulset.yaml
@@ -0,0 +1,400 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled (not .Values.global.redis.sentinel.enabled) }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "redis.fullname" . }}-slave
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.slave.statefulset.labels }}
+ {{- toYaml .Values.slave.statefulset.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.slave.statefulset.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }}
+{{- end }}
+spec:
+{{- if .Values.slave.updateStrategy }}
+ strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
+{{- end }}
+ replicas: {{ .Values.cluster.slaveCount }}
+ serviceName: {{ template "redis.fullname" . }}-headless
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: slave
+ template:
+ metadata:
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ chart: {{ template "redis.chart" . }}
+ role: slave
+ {{- if .Values.slave.podLabels }}
+ {{- toYaml .Values.slave.podLabels | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
+ {{- toYaml .Values.metrics.podLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- if .Values.slave.podAnnotations }}
+ {{- toYaml .Values.slave.podAnnotations | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+ {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "redis.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.slave.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "redis.serviceAccountName" . }}
+ {{- if .Values.slave.priorityClassName }}
+ priorityClassName: {{ .Values.slave.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.slave.nodeSelector }}
+ nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.tolerations }}
+ tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.shareProcessNamespace }}
+ shareProcessNamespace: {{ .Values.slave.shareProcessNamespace }}
+ {{- end }}
+ {{- if .Values.slave.schedulerName }}
+ schedulerName: {{ .Values.slave.schedulerName }}
+ {{- end }}
+ {{- if .Values.master.spreadConstraints }}
+ topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
+ {{- end }}
+ {{- with .Values.slave.affinity }}
+ affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ template "redis.name" . }}
+ image: {{ template "redis.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-slave.sh
+ env:
+ - name: REDIS_REPLICATION_MODE
+ value: slave
+ - name: REDIS_MASTER_HOST
+ value: {{ template "redis.fullname" . }}-master-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+ - name: REDIS_MASTER_PORT_NUMBER
+ value: {{ .Values.redisPort | quote }}
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ - name: REDIS_MASTER_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ - name: REDIS_MASTER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_TLS_PORT
+ value: {{ .Values.redisPort | quote }}
+ - name: REDIS_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.tlsDHParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_PORT
+ value: {{ .Values.redisPort | quote }}
+ {{- end }}
+ {{- if .Values.slave.extraEnvVars }}
+ {{- include "redis.tplValue" (dict "value" .Values.slave.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.slave.extraEnvVarsCM .Values.slave.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.slave.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.slave.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.slave.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.slave.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ containerPort: {{ .Values.redisPort }}
+ {{- if .Values.slave.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ add1 .Values.slave.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.slave.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.slave.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ add1 .Values.slave.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
+ {{- else if .Values.slave.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.slave.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: /data
+ - name: config
+ mountPath: /opt/bitnami/redis/mounted-etc
+ - name: redis-tmp-conf
+ mountPath: /opt/bitnami/redis/etc
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "redis.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ if [[ -f '/secrets/redis-password' ]]; then
+ export REDIS_PASSWORD=$(cat /secrets/redis-password)
+ fi
+ redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
+ env:
+ - name: REDIS_ALIAS
+ value: {{ template "redis.fullname" . }}
+ {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_ADDR
+ value: rediss://localhost:{{ .Values.redisPort }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /secrets/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9121
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
+ {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
+ initContainers:
+ {{- if $needsVolumePermissions }}
+ - name: volume-permissions
+ image: {{ template "redis.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }}
+ {{- else }}
+ chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ volumeMounts:
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ {{- end }}
+ {{- if .Values.sysctlImage.enabled }}
+ - name: init-sysctl
+ image: {{ template "redis.sysctl.image" . }}
+ imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
+ resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ volumeMounts:
+ - name: host-sys
+ mountPath: /host-sys
+ {{- end }}
+ command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: start-scripts
+ configMap:
+ name: {{ include "redis.fullname" . }}-scripts
+ defaultMode: 0755
+ - name: health
+ configMap:
+ name: {{ template "redis.fullname" . }}-health
+ defaultMode: 0755
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ secret:
+ secretName: {{ template "redis.secretName" . }}
+ items:
+ - key: {{ template "redis.secretPasswordKey" . }}
+ path: redis-password
+ {{- end }}
+ - name: config
+ configMap:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ - name: host-sys
+ hostPath:
+ path: /sys
+ {{- end }}
+ - name: redis-tmp-conf
+ emptyDir: {}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ secret:
+ secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
+ defaultMode: 256
+ {{- end }}
+ {{- if not .Values.slave.persistence.enabled }}
+ - name: redis-data
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: redis-data
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: slave
+ {{- if .Values.slave.statefulset.volumeClaimTemplates }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }}
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }}
+ {{- end }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.slave.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.slave.persistence.size | quote }}
+ {{ include "redis.slave.storageClass" . }}
+ selector:
+ {{- if .Values.slave.persistence.matchLabels }}
+ matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
+ {{- end -}}
+ {{- if .Values.slave.persistence.matchExpressions }}
+ matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
+ {{- end -}}
+ {{- end }}
+ updateStrategy:
+ type: {{ .Values.slave.statefulset.updateStrategy }}
+ {{- if .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
+ rollingUpdate: null
+ {{- else }}
+ rollingUpdate:
+ partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/redis-slave-svc.yaml b/redis/templates/redis-slave-svc.yaml
new file mode 100644
index 0000000..c56aa1d
--- /dev/null
+++ b/redis/templates/redis-slave-svc.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled (not .Values.global.redis.sentinel.enabled) }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}-slave
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.slave.service.labels -}}
+ {{- toYaml .Values.slave.service.labels | nindent 4 }}
+ {{- end -}}
+{{- if .Values.slave.service.annotations }}
+ annotations: {{- toYaml .Values.slave.service.annotations | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.slave.service.type }}
+ {{ if eq .Values.slave.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.slave.service.externalTrafficPolicy }}
+ {{- end }}
+ {{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.slave.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- with .Values.slave.service.loadBalancerSourceRanges }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ port: {{ .Values.slave.service.port }}
+ targetPort: redis
+ {{- if .Values.slave.service.nodePort }}
+ nodePort: {{ .Values.slave.service.nodePort }}
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: slave
+{{- end }}
diff --git a/redis/templates/redis-with-sentinel-svc.yaml b/redis/templates/redis-with-sentinel-svc.yaml
new file mode 100644
index 0000000..004f2d7
--- /dev/null
+++ b/redis/templates/redis-with-sentinel-svc.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.global.redis.sentinel.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.sentinel.service.labels }}
+ {{- toYaml .Values.sentinel.service.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.sentinel.service.annotations }}
+ annotations: {{- toYaml .Values.sentinel.service.annotations | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.sentinel.service.type }}
+ {{ if eq .Values.sentinel.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy }}
+ {{- end }}
+ {{ if eq .Values.sentinel.service.type "LoadBalancer" -}} {{ if .Values.sentinel.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
+ {{ end -}}
+ {{- end -}}
+ ports:
+ - name: redis
+ port: {{ .Values.sentinel.service.redisPort }}
+ targetPort: redis
+ {{- if .Values.sentinel.service.redisNodePort }}
+ nodePort: {{ .Values.sentinel.service.redisNodePort }}
+ {{- end }}
+ - name: redis-sentinel
+ port: {{ .Values.sentinel.service.sentinelPort }}
+ targetPort: redis-sentinel
+ {{- if .Values.sentinel.service.sentinelNodePort }}
+ nodePort: {{ .Values.sentinel.service.sentinelNodePort }}
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/redis/templates/secret.yaml b/redis/templates/secret.yaml
new file mode 100644
index 0000000..599831f
--- /dev/null
+++ b/redis/templates/secret.yaml
@@ -0,0 +1,29 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.usePassword (not .Values.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+ redis-password: {{ include "redis.password" . | b64enc | quote }}
+{{- end -}}