[VOL-4763] Adding voltha-go-controller and redis helm charts
Change-Id: I21ce624f359989e814c4475cc5e18672fd16c795
diff --git a/redis/templates/configmap-scripts.yaml b/redis/templates/configmap-scripts.yaml
new file mode 100644
index 0000000..8ebaa25
--- /dev/null
+++ b/redis/templates/configmap-scripts.yaml
@@ -0,0 +1,394 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "redis.fullname" . }}-scripts
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+ start-node.sh: |
+ #!/bin/bash
+ is_boolean_yes() {
+ local -r bool="${1:-}"
+ # comparison is performed without regard to the case of alphabetic characters
+ shopt -s nocasematch
+ if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+ true
+ else
+ false
+ fi
+ }
+
+ HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+ REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+
+ export REDIS_REPLICATION_MODE="slave"
+ if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
+ export REDIS_REPLICATION_MODE="master"
+ fi
+
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.slave.persistence.path }}
+ {{- end }}
+
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+
+ if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+ fi
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ echo "I am master"
+ if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+ fi
+ else
+ if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+ fi
+
+ if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+ REDIS_SENTINEL_INFO=($($sentinel_info_command))
+ REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+ REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+
+
+ # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
+ # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the redis
+ # container to be ready and restart the it. By then the new master will likely have been elected
+ if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+
+ if [[ ! ($($sentinel_info_command)) ]]; then
+ # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
+ # and are reporting the old one still. Once this happens the container will get stuck and never see the new
+ # master. We stop here to allow the container to not pass the liveness check and be restarted.
+ exit 1
+ fi
+ fi
+
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ ARGS+=("--tls-replication" "yes")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+
+ if [[ "$REDIS_REPLICATION_MODE" == "slave" ]]; then
+ ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+ fi
+
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+ else
+ ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+ fi
+
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ {{- if .Values.slave.extraFlags }}
+ {{- range .Values.slave.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+
+ {{- if .Values.slave.preExecCmds }}
+ {{ .Values.slave.preExecCmds | nindent 4}}
+ {{- end }}
+
+ {{- if .Values.slave.command }}
+ exec {{ .Values.slave.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+
+ start-sentinel.sh: |
+ #!/bin/bash
+ replace_in_file() {
+ local filename="${1:?filename is required}"
+ local match_regex="${2:?match regex is required}"
+ local substitute_regex="${3:?substitute regex is required}"
+ local posix_regex=${4:-true}
+
+ local result
+
+ # We should avoid using 'sed in-place' substitutions
+ # 1) They are not compatible with files mounted from ConfigMap(s)
+ # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+ del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+ if [[ $posix_regex = true ]]; then
+ result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+ else
+ result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+ fi
+ echo "$result" > "$filename"
+ }
+ sentinel_conf_set() {
+ local -r key="${1:?missing key}"
+ local value="${2:-}"
+
+ # Sanitize inputs
+ value="${value//\\/\\\\}"
+ value="${value//&/\\&}"
+ value="${value//\?/\\?}"
+ [[ "$value" = "" ]] && value="\"$value\""
+
+ replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
+ }
+ sentinel_conf_add() {
+ echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf"
+ }
+ is_boolean_yes() {
+ local -r bool="${1:-}"
+ # comparison is performed without regard to the case of alphabetic characters
+ shopt -s nocasematch
+ if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+ true
+ else
+ false
+ fi
+ }
+ host_id() {
+ echo "$1" | openssl sha1 | awk '{print $2}'
+ }
+
+ HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+ REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+
+ if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
+ cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- if .Values.usePassword }}
+ printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- if .Values.sentinel.usePassword }}
+ printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sentinel.staticID }}
+ printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- end }}
+ fi
+
+ export REDIS_REPLICATION_MODE="slave"
+ if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
+ export REDIS_REPLICATION_MODE="master"
+ fi
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ REDIS_MASTER_HOST="$(hostname -i)"
+ REDIS_MASTER_PORT_NUMBER="{{ .Values.redisPort }}"
+ else
+ if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+ REDIS_SENTINEL_INFO=($($sentinel_info_command))
+ REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+ REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+
+ # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
+ # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the sentinel
+ # container to be ready and restart the it. By then the new master will likely have been elected
+ if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+
+ if [[ ! ($($sentinel_info_command)) ]]; then
+ # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
+ # and are reporting the old one still. Once this happens the container will get stuck and never see the new
+ # master. We stop here to allow the container to not pass the liveness check and be restarted.
+ exit 1
+ fi
+ fi
+ sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
+
+ add_replica() {
+ if [[ "$1" != "$REDIS_MASTER_HOST" ]]; then
+ sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $1 {{ .Values.redisPort }}"
+ fi
+ }
+
+ {{- if .Values.sentinel.staticID }}
+ # remove generated known sentinels and replicas
+ tmp="$(sed -e '/^sentinel known-/d' -e '/^$/d' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
+ echo "$tmp" > /opt/bitnami/redis-sentinel/etc/sentinel.conf
+
+ for node in $(seq 0 {{ .Values.cluster.slaveCount }}); do
+ NAME="{{ template "redis.fullname" . }}-node-$node"
+ IP="$(getent hosts "$NAME.$HEADLESS_SERVICE" | awk ' {print $1 }')"
+ if [[ "$NAME" != "$HOSTNAME" && -n "$IP" ]]; then
+ sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $IP {{ .Values.sentinel.port }} $(host_id "$NAME")"
+ add_replica "$IP"
+ fi
+ done
+ add_replica "$(hostname -i)"
+ {{- end }}
+
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
+ ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
+ ARGS+=("--tls-replication" "yes")
+ ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sentinel.preExecCmds }}
+ {{ .Values.sentinel.preExecCmds | nindent 4 }}
+ {{- end }}
+ exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
+{{- else }}
+ start-master.sh: |
+ #!/bin/bash
+ echo "y" | /opt/bitnami/redis/bin/redis-check-aof --fix /data/appendonly.aof
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.master.persistence.path }}
+ {{- end }}
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+ {{- if .Values.master.extraFlags }}
+ {{- range .Values.master.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+ {{- if .Values.master.preExecCmds }}
+ {{ .Values.master.preExecCmds | nindent 4}}
+ {{- end }}
+ {{- if .Values.master.command }}
+ exec {{ .Values.master.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+ {{- if .Values.global.redis.cluster.enabled }}
+ start-slave.sh: |
+ #!/bin/bash
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.slave.persistence.path }}
+ {{- end }}
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+ if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ ARGS+=("--tls-replication" "yes")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+ ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+ {{- if .Values.slave.extraFlags }}
+ {{- range .Values.slave.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+ {{- if .Values.slave.preExecCmds }}
+ {{ .Values.slave.preExecCmds | nindent 4}}
+ {{- end }}
+ {{- if .Values.slave.command }}
+ exec {{ .Values.slave.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+ {{- end }}
+
+{{- end -}}