redis/templates/configmap-scripts.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "redis.fullname" . }}-scripts
  namespace: {{ .Release.Namespace | quote }}
  labels:
    app: {{ template "redis.name" . }}
    chart: {{ template "redis.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
data:
{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
  start-node.sh: |
    #!/bin/bash
    is_boolean_yes() {
        local -r bool="${1:-}"
        # comparison is performed without regard to the case of alphabetic characters
        shopt -s nocasematch
        if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
            true
        else
            false
        fi
    }

    HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"

    export REDIS_REPLICATION_MODE="slave"
    if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
      export REDIS_REPLICATION_MODE="master"
    fi

    {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
    useradd redis
    chown -R redis {{ .Values.slave.persistence.path }}
    {{- end }}

    if [[ -n $REDIS_PASSWORD_FILE ]]; then
      password_aux=`cat ${REDIS_PASSWORD_FILE}`
      export REDIS_PASSWORD=$password_aux
    fi

    if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
      password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
      export REDIS_MASTER_PASSWORD=$password_aux
    fi

    if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
      echo "I am master"
      if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
      fi
    else
      if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
      fi

      if is_boolean_yes "$REDIS_TLS_ENABLED"; then
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      else
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      fi
      REDIS_SENTINEL_INFO=($($sentinel_info_command))
      REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
      REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}


      # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
      # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the redis
      # container to be ready and restart the it. By then the new master will likely have been elected
      if is_boolean_yes "$REDIS_TLS_ENABLED"; then
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      else
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      fi

      if [[ ! ($($sentinel_info_command)) ]]; then
        # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
        # and are reporting the old one still. Once this happens the container will get stuck and never see the new
        # master. We stop here to allow the container to not pass the liveness check and be restarted.
        exit 1
      fi
    fi

    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
      cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
    fi
    {{- if .Values.tls.enabled }}
    ARGS=("--port" "0")
    ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
    ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
    ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
    ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
    ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
    ARGS+=("--tls-replication" "yes")
    {{- if .Values.tls.dhParamsFilename }}
    ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
    {{- end }}
    {{- else }}
    ARGS=("--port" "${REDIS_PORT}")
    {{- end }}

    if [[ "$REDIS_REPLICATION_MODE" == "slave" ]]; then
      ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
    fi

    {{- if .Values.usePassword }}
    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
    ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
    {{- else }}
    ARGS+=("--protected-mode" "no")
    {{- end }}

    if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
      ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
    else
      ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
    fi

    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
    {{- if .Values.slave.extraFlags }}
    {{- range .Values.slave.extraFlags }}
    ARGS+=({{ . | quote }})
    {{- end }}
    {{- end }}

    {{- if .Values.slave.preExecCmds }}
    {{ .Values.slave.preExecCmds | nindent 4}}
    {{- end }}

    {{- if .Values.slave.command }}
    exec {{ .Values.slave.command }} "${ARGS[@]}"
    {{- else }}
    exec redis-server "${ARGS[@]}"
    {{- end }}

  start-sentinel.sh: |
    #!/bin/bash
    replace_in_file() {
        local filename="${1:?filename is required}"
        local match_regex="${2:?match regex is required}"
        local substitute_regex="${3:?substitute regex is required}"
        local posix_regex=${4:-true}

        local result

        # We should avoid using 'sed in-place' substitutions
        # 1) They are not compatible with files mounted from ConfigMap(s)
        # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
        del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
        if [[ $posix_regex = true ]]; then
            result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
        else
            result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
        fi
        echo "$result" > "$filename"
    }
    sentinel_conf_set() {
        local -r key="${1:?missing key}"
        local value="${2:-}"

        # Sanitize inputs
        value="${value//\\/\\\\}"
        value="${value//&/\\&}"
        value="${value//\?/\\?}"
        [[ "$value" = "" ]] && value="\"$value\""

        replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
    }
    sentinel_conf_add() {
        echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf"
    }
    is_boolean_yes() {
        local -r bool="${1:-}"
        # comparison is performed without regard to the case of alphabetic characters
        shopt -s nocasematch
        if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
            true
        else
            false
        fi
    }
    host_id() {
      echo "$1" | openssl sha1 | awk '{print $2}'
    }

    HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"

    if [[ -n $REDIS_PASSWORD_FILE ]]; then
      password_aux=`cat ${REDIS_PASSWORD_FILE}`
      export REDIS_PASSWORD=$password_aux
    fi

    if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
      cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
      {{- if .Values.usePassword }}
      printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
      {{- if .Values.sentinel.usePassword }}
      printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
      {{- end }}
      {{- end }}
      {{- if .Values.sentinel.staticID }}
      printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
      {{- end }}
    fi

    export REDIS_REPLICATION_MODE="slave"
    if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
      export REDIS_REPLICATION_MODE="master"
    fi

    if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
      REDIS_MASTER_HOST="$(hostname -i)"
      REDIS_MASTER_PORT_NUMBER="{{ .Values.redisPort }}"
    else
      if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      else
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      fi
      REDIS_SENTINEL_INFO=($($sentinel_info_command))
      REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
      REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}

      # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
      # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the sentinel
      # container to be ready and restart the it. By then the new master will likely have been elected
      if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      else
        sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
      fi

      if [[ ! ($($sentinel_info_command)) ]]; then
        # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
        # and are reporting the old one still. Once this happens the container will get stuck and never see the new
        # master. We stop here to allow the container to not pass the liveness check and be restarted.
        exit 1
      fi
    fi
    sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"

    add_replica() {
      if [[ "$1" != "$REDIS_MASTER_HOST" ]]; then
        sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $1 {{ .Values.redisPort }}"
      fi
    }

    {{- if .Values.sentinel.staticID }}
    # remove generated known sentinels and replicas
    tmp="$(sed -e '/^sentinel known-/d' -e '/^$/d' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
    echo "$tmp" > /opt/bitnami/redis-sentinel/etc/sentinel.conf

    for node in $(seq 0 {{ .Values.cluster.slaveCount }}); do
      NAME="{{ template "redis.fullname" . }}-node-$node"
      IP="$(getent hosts "$NAME.$HEADLESS_SERVICE" | awk ' {print $1 }')"
      if [[ "$NAME" != "$HOSTNAME" && -n "$IP" ]]; then
        sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $IP {{ .Values.sentinel.port }} $(host_id "$NAME")"
        add_replica "$IP"
      fi
    done
    add_replica "$(hostname -i)"
    {{- end }}

    {{- if .Values.tls.enabled }}
    ARGS=("--port" "0")
    ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
    ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
    ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
    ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
    ARGS+=("--tls-replication" "yes")
    ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
    {{- if .Values.tls.dhParamsFilename }}
    ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
    {{- end }}
    {{- end }}
    {{- if .Values.sentinel.preExecCmds }}
    {{ .Values.sentinel.preExecCmds | nindent 4 }}
    {{- end }}
    exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
{{- else }}
  start-master.sh: |
    #!/bin/bash
    echo "y" | /opt/bitnami/redis/bin/redis-check-aof --fix /data/appendonly.aof
    {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
    useradd redis
    chown -R redis {{ .Values.master.persistence.path }}
    {{- end }}
    if [[ -n $REDIS_PASSWORD_FILE ]]; then
      password_aux=`cat ${REDIS_PASSWORD_FILE}`
      export REDIS_PASSWORD=$password_aux
    fi
    if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
      cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
    fi
    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
      cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
    fi
    {{- if .Values.tls.enabled }}
    ARGS=("--port" "0")
    ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
    ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
    ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
    ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
    ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
    {{- if .Values.tls.dhParamsFilename }}
    ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
    {{- end }}
    {{- else }}
    ARGS=("--port" "${REDIS_PORT}")
    {{- end }}
    {{- if .Values.usePassword }}
    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
    ARGS+=("--masterauth" "${REDIS_PASSWORD}")
    {{- else }}
    ARGS+=("--protected-mode" "no")
    {{- end }}
    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
    ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
    {{- if .Values.master.extraFlags }}
    {{- range .Values.master.extraFlags }}
    ARGS+=({{ . | quote }})
    {{- end }}
    {{- end }}
    {{- if .Values.master.preExecCmds }}
    {{ .Values.master.preExecCmds | nindent 4}}
    {{- end }}
    {{- if .Values.master.command }}
    exec {{ .Values.master.command }} "${ARGS[@]}"
    {{- else }}
    exec redis-server "${ARGS[@]}"
    {{- end }}
  {{- if .Values.global.redis.cluster.enabled }}
  start-slave.sh: |
    #!/bin/bash
    {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
    useradd redis
    chown -R redis {{ .Values.slave.persistence.path }}
    {{- end }}
    if [[ -n $REDIS_PASSWORD_FILE ]]; then
      password_aux=`cat ${REDIS_PASSWORD_FILE}`
      export REDIS_PASSWORD=$password_aux
    fi
    if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
      password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
      export REDIS_MASTER_PASSWORD=$password_aux
    fi
    if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
      cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
    fi
    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
      cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
    fi
    {{- if .Values.tls.enabled }}
    ARGS=("--port" "0")
    ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
    ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
    ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
    ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
    ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
    ARGS+=("--tls-replication" "yes")
    {{- if .Values.tls.dhParamsFilename }}
    ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
    {{- end }}
    {{- else }}
    ARGS=("--port" "${REDIS_PORT}")
    {{- end }}
    ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
    {{- if .Values.usePassword }}
    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
    ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
    {{- else }}
    ARGS+=("--protected-mode" "no")
    {{- end }}
    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
    ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
    {{- if .Values.slave.extraFlags }}
    {{- range .Values.slave.extraFlags }}
    ARGS+=({{ . | quote }})
    {{- end }}
    {{- end }}
    {{- if .Values.slave.preExecCmds }}
    {{ .Values.slave.preExecCmds | nindent 4}}
    {{- end }}
    {{- if .Values.slave.command }}
    exec {{ .Values.slave.command }} "${ARGS[@]}"
    {{- else }}
    exec redis-server "${ARGS[@]}"
    {{- end }}
  {{- end }}

{{- end -}}