andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #551 from samuelattwood/main 

Release Partner Charts
pull/553/head
Samuel Attwood 2022-10-26 15:19:44 -04:00 committed by GitHub
parent 5b9d365021 b2541967e6
commit 9d0ab3421a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7430 changed files with 622137 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-5.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.8.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/asserts/asserts-1.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-13.1.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/cassandra-9.7.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-19.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-11.3.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.4.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-11.9.12.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-17.3.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-6.3.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.4.9.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-15.2.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-10.2.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/cert-manager/cert-manager-1.10.0.tgz Normal file
View File

Binary file not shown.

0
assets/cockroachdb/cockroachdb-4.1.200.tgz → assets/cockroach-labs/cockroachdb-4.1.200.tgz
View File

BIN
assets/cockroach-labs/cockroachdb-8.1.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/crate/crate-operator-2.16.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.1.11.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-operator-0.8.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/elastic/elasticsearch-7.17.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/elastic/kibana-7.17.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/elastic/logstash-7.17.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/gitlab/gitlab-6.5.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/harbor/harbor-1.10.1.tgz Normal file
View File

Binary file not shown.

0
assets/instana-agent/instana-agent-1.0.2900.tgz → assets/instana/instana-agent-1.0.2900.tgz
View File

BIN
assets/instana/instana-agent-1.2.45.tgz Normal file
View File

Binary file not shown.

BIN
assets/intel/intel-device-plugins-operator-0.24.1.tgz Normal file
View File

Binary file not shown.

0
assets/intel-tcs-issuer/tcs-issuer-0.1.0.tgz → assets/intel/tcs-issuer-0.1.0.tgz
View File

BIN
assets/jaeger/jaeger-operator-2.36.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/jenkins/jenkins-4.2.9.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-ha-107.46.8.tgz Normal file
View File

Binary file not shown.

0
assets/artifactory-ha/artifactory-ha-3.0.1400.tgz → assets/jfrog/artifactory-ha-3.0.1400.tgz
View File

0
assets/artifactory-ha/artifactory-ha-4.13.000.tgz → assets/jfrog/artifactory-ha-4.13.000.tgz
View File

0
assets/artifactory-ha/artifactory-ha-4.13.1.tgz → assets/jfrog/artifactory-ha-4.13.1.tgz
View File

0
assets/artifactory-ha/artifactory-ha-4.7.600.tgz → assets/jfrog/artifactory-ha-4.7.600.tgz
View File

BIN
assets/jfrog/artifactory-jcr-107.46.8.tgz Normal file
View File

Binary file not shown.

0
assets/artifactory-jcr/artifactory-jcr-2.5.100.tgz → assets/jfrog/artifactory-jcr-2.5.100.tgz
View File

0
assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz → assets/jfrog/artifactory-jcr-3.4.000.tgz
View File

0
assets/artifactory-jcr/artifactory-jcr-3.4.1.tgz → assets/jfrog/artifactory-jcr-3.4.1.tgz
View File

BIN
assets/metallb/metallb-0.13.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/mongodb/community-operator-0.7.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-2.2.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/streamsets/control-agent-2.0.100.tgz
View File

Binary file not shown.

BIN
assets/streamsets/control-agent-2.0.101.tgz
View File

Binary file not shown.

BIN
assets/sumologic/sumologic-2.17.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/sumologic/sumologic-2.18.1.tgz Normal file
View File

Binary file not shown.

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz → assets/trilio/k8s-triliovault-operator-2.0.500.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.1.0.tgz → assets/trilio/k8s-triliovault-operator-2.1.0.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.10.0.tgz → assets/trilio/k8s-triliovault-operator-2.10.0.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.10.100.tgz → assets/trilio/k8s-triliovault-operator-2.10.100.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.10.200.tgz → assets/trilio/k8s-triliovault-operator-2.10.200.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.10.300.tgz → assets/trilio/k8s-triliovault-operator-2.10.300.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.10.400.tgz → assets/trilio/k8s-triliovault-operator-2.10.400.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.10.500.tgz → assets/trilio/k8s-triliovault-operator-2.10.500.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.10.600.tgz → assets/trilio/k8s-triliovault-operator-2.10.600.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.5.0.tgz → assets/trilio/k8s-triliovault-operator-2.5.0.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.5.300.tgz → assets/trilio/k8s-triliovault-operator-2.5.300.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.0.tgz → assets/trilio/k8s-triliovault-operator-2.6.0.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.400.tgz → assets/trilio/k8s-triliovault-operator-2.6.400.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.500.tgz → assets/trilio/k8s-triliovault-operator-2.6.500.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.600.tgz → assets/trilio/k8s-triliovault-operator-2.6.600.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.700.tgz → assets/trilio/k8s-triliovault-operator-2.6.700.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.7.0.tgz → assets/trilio/k8s-triliovault-operator-2.7.0.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.7.100.tgz → assets/trilio/k8s-triliovault-operator-2.7.100.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.7.200.tgz → assets/trilio/k8s-triliovault-operator-2.7.200.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.8.0.tgz → assets/trilio/k8s-triliovault-operator-2.8.0.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.8.200.tgz → assets/trilio/k8s-triliovault-operator-2.8.200.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.9.0.tgz → assets/trilio/k8s-triliovault-operator-2.9.0.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.9.100.tgz → assets/trilio/k8s-triliovault-operator-2.9.100.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.9.200.tgz → assets/trilio/k8s-triliovault-operator-2.9.200.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.9.300.tgz → assets/trilio/k8s-triliovault-operator-2.9.300.tgz
View File

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.9.400.tgz → assets/trilio/k8s-triliovault-operator-2.9.400.tgz
View File

BIN
assets/trilio/k8s-triliovault-operator-3.0.0.tgz Normal file
View File

Binary file not shown.

0
assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz → assets/trilio/k8s-triliovault-operator-v2.0.200.tgz
View File

4
charts/argo/argo-cd/5.8.0/.helmignore Normal file
View File

@ -0,0 +1,4 @@
/*.tgz
output
ci/
*.gotmpl

6
charts/argo/argo-cd/5.8.0/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.22.2
digest: sha256:b6dc7774d0cc20a7a889d10e61f3dd653bdacd7836558f4875688b5cb5051d80
generated: "2022-09-19T12:39:19.736045+02:00"

29
charts/argo/argo-cd/5.8.0/Chart.yaml Normal file
View File

@ -0,0 +1,29 @@
annotations:
artifacthub.io/changes: |
- "[Changed]: Upgraded Argo CD to 2.5.0"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.5.0
dependencies:
- condition: redis-ha.enabled
name: redis-ha
repository: file://./charts/redis-ha
version: 4.22.2
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool
for Kubernetes.
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
- argoproj
- argocd
- gitops
maintainers:
- name: argoproj
url: https://argoproj.github.io/
name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.8.0

1080
charts/argo/argo-cd/5.8.0/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

21
charts/argo/argo-cd/5.8.0/charts/redis-ha/Chart.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v2
appVersion: 7.0.4
description: This Helm chart provides a highly available Redis implementation with
a master/slave configuration and uses Sentinel sidecars for failover management
home: http://redis.io/
icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
keywords:
- redis
- keyvalue
- database
maintainers:
- email: salimsalaues@gmail.com
name: ssalaues
- email: aaron.layfield@gmail.com
name: dandydeveloper
name: redis-ha
sources:
- https://redis.io/download
- https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha
- https://github.com/oliver006/redis_exporter
version: 4.22.2

396
charts/argo/argo-cd/5.8.0/charts/redis-ha/README.md Normal file
View File

@ -0,0 +1,396 @@
# Redis
[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
## TL;DR
```bash
helm repo add dandydev https://dandydeveloper.github.io/charts
helm install dandydev/redis-ha
```
By default this chart install 3 pods total:
* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available)
* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available)
## Introduction
This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager.
## Prerequisites
* Kubernetes 1.8+ with Beta APIs enabled
* PV provisioner support in the underlying infrastructure
## Upgrading the Chart
Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually.
### Upgrading the chart from 3.x to 4.x
Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs.
## Installing the Chart
To install the chart
```bash
helm repo add dandydev https://dandydeveloper.github.io/charts
helm install dandydev/redis-ha
```
The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the deployment:
```bash
helm delete <chart-name>
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the Redis chart and their default values.
| Parameter | Description | Default |
|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
| `image.repository` | Redis image repository | `redis` |
| `image.tag` | Redis image tag | `6.2.5-alpine` |
| `image.pullPolicy` | Redis image pull policy | `IfNotPresent` |
| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] |
| `tag` | Redis tag | `6.2.5-alpine` |
| `replicas` | Number of redis master/slave pods | `3` |
| `podManagementPolicy` | The statefulset pod management policy | `OrderedReady` |
| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | ``|
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template |
| `serviceAccount.automountToken` | Opt in/out of automounting API credentials into container | `false` |
| `serviceAnnotations` | Annotations to set on Redis HA service | `null` |
| `serviceLabels` | Labels to set on Redis HA service | `{}` |
| `rbac.create` | Create and use RBAC resources | `true` |
| `redis.port` | Port to access the redis service | `6379` |
| `redis.tlsPort` | TLS Port to access the redis service |``|
| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf |``|
| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``|
| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` |
| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` |
| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` |
| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` |
| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` |
| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` |
| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` |
| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` |
| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` |
| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` |
| `redis.disableCommands` | Array with commands to disable | `["FLUSHDB","FLUSHALL"]` |
| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml |
| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored |``|
| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` |
| `redis.lifecycle` | Container Lifecycle Hooks for redis container | see values.yaml |
| `redis.annotations` | Annotations for the redis statefulset | `{}` |
| `redis.updateStategy.type`| Update strategy for redis statefulSet | `RollingUpdate` |
| `redis.extraVolumeMounts` | Extra volume mounts for Redis container | `[]` |
| `sentinel.port` | Port to access the sentinel service | `26379` |
| `sentinel.bind` | Configure the 'bind' directive to bind to a list of network interfaces | `` |
| `sentinel.tlsPort` | TLS Port to access the sentinel service |``|
| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf |``|
| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``|
| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` |
| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` |
| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` |
| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` |
| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` |
| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` |
| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` |
| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | `3` |
| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` |
| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | `false` |
| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) |``|
| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) |``|
| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | `sentinel-password` |
| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` |
| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml |
| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored |``|
| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` |
| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container | `{}` |
| `sentinel.extraVolumeMounts` | Extra volume mounts for Sentinel container | `[]` |
| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` |
| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` |
| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) |``|
| `authKey` | The key holding the redis password in an existing secret. | `auth` |
| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) |``|
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` |
| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` |
| `securityContext` | Security context to be added to the Redis StatefulSet. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
| `containerSecurityContext` | Security context to be added to the Redis containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` |
| `affinity` | Override all other affinity settings with a string. | `""` |
| `labels` | Labels for the Redis pod. | `{}` |
| `configmap.labels` | Labels for the Redis configmap. | `{}` |
| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | `koalaman/shellcheck` |
| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | `v0.5.0` |
| `configmapTest.resources` | Resources for the ConfigMap tests. | `{}` |
| `persistentVolume.size` | Size for the volume | 10Gi |
| `persistentVolume.annotations` | Annotations for the volume | `{}` |
| `persistentVolume.labels` | Labels for the volume | `{}` |
| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` |
| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` |
| `exporter.image` | Exporter image | `oliver006/redis_exporter` |
| `exporter.tag` | Exporter tag | `v1.27.0` |
| `exporter.port` | Exporter port | `9121` |
| `exporter.portName` | Exporter port name | `exporter-port` |
| `exporter.address` | Redis instance Hostname/Address Exists to circumvent some issues with issues in IPv6 hostname resolution | `localhost` |
| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` |
| `exporter.extraArgs` | Additional args for the exporter | `{}` |
| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | |
| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` |
| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` |
| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` |
| `haproxy.replicas` | Number of HAProxy instances | `3` |
| `haproxy.servicePort` | Modify HAProxy service port | `6379` |
| `haproxy.containerPort` | Modify HAProxy deployment container port | `6379`
| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` |
| `haproxy.image.tag` | HAProxy Image Tag | `2.4.2` |
| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` |
| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] |
| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | `false`
| `haproxy.tls.secretName` | Secret containing the .pem file | `""`
| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | `false`
| `haproxy.tls.secretName` | Secret containing the .pem file | `""`
| `haproxy.annotations` | HAProxy template annotations | `{}` |
| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten |``|
| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg |``|
| `haproxy.resources` | HAProxy resources | `{}` |
| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` |
| `haproxy.labels` | Labels for the HAProxy pod | `{}` |
| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` |
| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set |
| `haproxy.image.serviceAccountName`| HAProxy serviceAccountName | `default`
| `haproxy.service.externalTrafficPolicy`| HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | not set |
| `haproxy.service.annotations` | HAProxy service annotations | `{}` |
| `haproxy.service.labels` | HAProxy service labels | `{}` |
| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` |
| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` |
| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` |
| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` |
| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` |
| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `http-exporter-port` |
| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` |
| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` |
| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` |
| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` |
| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` |
| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.init.resources` | Extra init resources | `{}` |
| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` |
| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` |
| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` |
| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` |
| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | `1s` |
| `haproxy.checkFall` | haproxy.cfg `check fall` setting | `1` |
| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set |
| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 99, fsGroup: 99, runAsNonRoot: true}` |
| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` |
| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` |
| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` |
| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` |
| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | `{}` |
| `haproxy.IPv6.enabled` | Disables certain binding options to support non-IPv6 environments. | `true` |
| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` |
| `nameOverride` | Override the chart name | `""` |
| `fullnameOverride` | Fully override the release name and chart name | `""` |
| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set |
| `hostPath.path` | Use this path on the host for data storage | not set |
| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` |
| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` |
| `sysctlImage.command` | sysctlImage command to execute | [] |
| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` |
| `sysctlImage.repository` | sysctlImage Init container name | `busybox` |
| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` |
| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` |
| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` |
| `sysctlImage.resources` | sysctlImage resources | `{}` |
| `schedulerName` | Alternate scheduler name | `nil` |
| `tls.secretName` | The name of secret if you want to use your own TLS certificates. The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file | ``|
| `tls.certFile` | Name of certificate file | `redis.crt` |
| `tls.keyFile` | Name of key file | `redis.key` |
| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file |`` |
| `tls.caCertFile` | Name of CA certificate file | `ca.crt` |
| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb | `false` |
| `restore.existingSecret` | Set to true to use existingSecret for the AWS S3 or SSH credentials | `false` |
| `topologySpreadConstraints.enabled` | Enable topology spread constraints |`false`|
| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated |`1`|
| `topologySpreadConstraints.topologyKey` | Topology key for spread |`topology.kubernetes.io/zone`|
| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft |`ScheduleAnyway`|
| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source |``|
| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source |``|
| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source |``|
| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb | `false` |
| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. -----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY----- |`` |
| `extraContainers` | Extra containers to include in StatefulSet |`[]`|
| `extraInitContainers` | Extra init containers to include in StatefulSet |`[]`|
| `extraVolumes` | Extra volumes to include in StatefulSet |`[]`|
| `extraLabels` | Labels that should be applied to all created resources |`{}`|
| `networkPolicy.enabled` | Create NetworkPolicy for Redis StatefulSet pods |`false`|
| `networkPolicy.labels` | Labels for NetworkPolicy |`{}`|
| `networkPolicy.annotations` | Annotations for NetworkPolicy |`{}`|
| `networkPolicy.ingressRules[].selectors` | Label selector query to define resources for this ingress rule |`[]`|
| `networkPolicy.ingressRules[].ports` | The destination ports for the ingress rule |`[{port: redis.port, protocol: TCP}, {port: sentinel.port, protocol: TCP}]`|
| `networkPolicy.egressRules[].selectors` | Label selector query to define resources for this egress rule |`[]`|
| `networkPolicy.egressRules[].ports` | The destination ports for the egress rule |``|
| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) |`60`|
| `splitBrainDetection.resources` | splitBrainDetection resources |`{}`|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm repo add dandydev https://dandydeveloper.github.io/charts
$ helm install \
--set image=redis \
--set tag=5.0.5-alpine \
dandydev/redis-ha
```
The above command sets the Redis server within `default` namespace.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
helm install -f values.yaml dandydev/redis-ha
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Custom Redis and Sentinel config options
This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options.
[Example redis.conf](http://download.redis.io/redis-stable/redis.conf)
[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf)
For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as:
```yml
repl-timeout: "60"
```
Note:
1. Some config options should be renamed by redis versione.g.:
```yml
# In redis 5.xsee https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf
min-replicas-to-write: 1
min-replicas-max-lag: 5
# In redis 4.x and redis 3.xsee https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf
min-slaves-to-write 1
min-slaves-max-lag 5
```
Sentinel options supported must be in the the `sentinel <option> <master-group-name> <value>` format. For example, `sentinel down-after-milliseconds 30000` would be added to the `sentinel.config` section of the `values.yaml` as:
```yml
down-after-milliseconds: 30000
```
If more control is needed from either the redis or sentinel config then an entire config can be defined under `redis.customConfig` or `sentinel.customConfig`. Please note that these values will override any configuration options under their respective section. For example, if you define `sentinel.customConfig` then the `sentinel.config` is ignored.
## Host Kernel Settings
Redis may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example:
```yml
sysctlImage:
enabled: true
mountHostSys: true
command:
- /bin/sh
- -xc
- |-
sysctl -w net.core.somaxconn=10000
echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
```
## HAProxy startup
When HAProxy is enabled, it will attempt to connect to each announce-service of each redis replica instance in its init container before starting.
It will fail if announce-service IP is not available fast enough (10 seconds max by announce-service).
A such case could happen if the orchestator is pending the nomination of redis pods.
Risk is limited because announce-service is using `publishNotReadyAddresses: true`, although, in such case, HAProxy pod will be rescheduled afterward by the orchestrator.
PodDisruptionBudgets are not configured by default, you may need to set the `haproxy.podDisruptionBudget` parameter in values.yaml to enable it.
## Network policies
If `networkPolicy.enabled` is set to `true`, then a `NetworkPolicy` resource is created with default rules to allow inter-Redis and Sentinel connectivity.
This is a requirement for Redis Pods to come up successfully.
You will need to define `ingressRules` to permit your application connectivity to Redis.
The `selectors` block should be in the format of a [label selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
Templating is also supported in the selectors.
See such a configuration below.
```yaml
networkPolicy: true
ingressRules:
- selectors:
- namespaceSelector:
matchLabels:
name: my-redis-client-namespace
podSelector:
matchLabels:
# template example
app: |-
{{- .App.Name }}
## ports block is optional (defaults to below), define the block to override the defaults
# ports:
# - port: 6379
# protocol: TCP
# - port: 26379
# protocol: TCP
```
Should your Pod require additional egress rules, define them in a `egressRules` key which is structured identically to an `ingressRules` key.
## Sentinel and redis server split brain detection
Under not entirely known yet circumstances redis sentinel and its corresponding redis server reach a condition that this chart authors call "split brain" (for short). The observed behaviour is the following: the sentinel switches to the new re-elected master, but does not switch its redis server. Majority of original discussion on the problem has happened at the <https://github.com/DandyDeveloper/charts/issues/121>.
The proposed solution is currently implemented as a sidecar container that runs a bash script with the following logic:
1. Every `splitBrainDetection.interval` seconds a master (as known by sentinel) is determined
1. If it is the current node: ensure the redis server's role is master as well.
1. If it is not the current node: ensure the redis server also replicates from the same node.
If any of the checks above fails - the redis server reinitialisation happens (it regenerates configs the same way it's done during the pod init), and then the redis server is instructed to shutdown. Then kubernetes restarts the container immediately.
# Change Log
## 4.14.9 - ** POTENTIAL BREAKING CHANGE. **
Introduced the ability to change the Haproxy Deployment container pod
- Container port in redis-haproxy-deployment.yam has been changed. Was **redis.port** To **haproxy.containerPort**. Default value is 6379.
- Port in redis-haproxy-service.yaml has been changed. Was **redis.port** To **haproxy.servicePort**. Default value is 6379.
## 4.21.0 - BREAKING CHANGES (Kubernetes Deprecation)
This version introduced the deprecation of the PSP and subsequently added fields to the securityContexts that were introduced in Kubernetes v1.19:
https://kubernetes.io/docs/tutorials/security/seccomp/
As a result, from this version onwards Kubernetes versions older than 1.19 will fail to install without the removal of `.Values.containerSeucrityContext.seccompProfile` and `.Values.haproxy.containerSeucrityContext.seccompProfile` (If HAProxy is enabled)

25
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/NOTES.txt Normal file
View File

@ -0,0 +1,25 @@
Redis can be accessed via {{ if ne (int .Values.redis.port) 0 }}port {{ .Values.redis.port }}{{ end }} {{ if .Values.redis.tlsPort }} tls-port {{ .Values.redis.tlsPort }}{{ end }} and Sentinel can be accessed via {{ if ne (int .Values.sentinel.port) 0 }}port {{ .Values.sentinel.port }}{{ end }} {{ if .Values.sentinel.tlsPort }} tls-port {{ .Values.sentinel.tlsPort }}{{ end }} on the following DNS name from within your cluster:
{{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
To connect to your Redis server:
{{- if .Values.auth }}
1. To retrieve the redis password:
echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode)
2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
3. Connect using the Redis CLI (inside container):
redis-cli -a <REDIS-PASS-FROM-SECRET>
{{- else }}
1. Run a Redis pod that you can use as a client:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
2. Connect using the Redis CLI:
redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{- end }}

693
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/_configs.tpl Normal file
View File

@ -0,0 +1,693 @@
{{/* vim: set filetype=mustache: */}}
{{- define "config-redis.conf" }}
{{- if .Values.redis.customConfig }}
{{ tpl .Values.redis.customConfig . | indent 4 }}
{{- else }}
dir "/data"
port {{ .Values.redis.port }}
{{- if .Values.sentinel.tlsPort }}
tls-port {{ .Values.redis.tlsPort }}
tls-cert-file /tls-certs/{{ .Values.tls.certFile }}
tls-key-file /tls-certs/{{ .Values.tls.keyFile }}
{{- if .Values.tls.dhParamsFile }}
tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }}
{{- end }}
{{- if .Values.tls.caCertFile }}
tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }}
{{- end }}
{{- if eq (default "yes" .Values.redis.authClients) "no"}}
tls-auth-clients no
{{- end }}
tls-replication {{ if .Values.redis.tlsReplication }}yes{{ else }}no{{ end }}
{{- end }}
{{- if .Values.redis.disableCommands }}
{{- range .Values.redis.disableCommands }}
rename-command {{ . }} ""
{{- end }}
{{- end }}
{{- range $key, $value := .Values.redis.config }}
{{ $key }} {{ $value }}
{{- end }}
{{- if .Values.auth }}
requirepass replace-default-auth
masterauth replace-default-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "config-sentinel.conf" }}
{{- if .Values.sentinel.customConfig }}
{{ tpl .Values.sentinel.customConfig . | indent 4 }}
{{- else }}
dir "/data"
port {{ .Values.sentinel.port }}
{{- if .Values.sentinel.bind }}
bind {{ .Values.sentinel.bind }}
{{- end }}
{{- if .Values.sentinel.tlsPort }}
tls-port {{ .Values.sentinel.tlsPort }}
tls-cert-file /tls-certs/{{ .Values.tls.certFile }}
tls-key-file /tls-certs/{{ .Values.tls.keyFile }}
{{- if .Values.tls.dhParamsFile }}
tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }}
{{- end }}
{{- if .Values.tls.caCertFile }}
tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }}
{{- end }}
{{- if eq (default "yes" .Values.sentinel.authClients) "no"}}
tls-auth-clients no
{{- end }}
tls-replication {{ if .Values.sentinel.tlsReplication }}yes{{ else }}no{{ end }}
{{- end }}
{{- range $key, $value := .Values.sentinel.config }}
{{- if eq "maxclients" $key }}
{{ $key }} {{ $value }}
{{- else }}
sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.auth }}
sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth
{{- end }}
{{- if .Values.sentinel.auth }}
requirepass replace-default-sentinel-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "lib.sh" }}
sentinel_get_master() {
set +e
if [ "$SENTINEL_PORT" -eq 0 ]; then
redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
else
redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
fi
set -e
}
sentinel_get_master_retry() {
master=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
master=$(sentinel_get_master)
if [ -n "${master}" ]; then
break
fi
sleep $((sleep + i))
done
echo "${master}"
}
identify_master() {
echo "Identifying redis master (get-master-addr-by-name).."
echo " using sentinel ({{ template "redis-ha.fullname" . }}), sentinel group name ({{ template "redis-ha.masterGroupName" . }})"
MASTER="$(sentinel_get_master_retry 3)"
if [ -n "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
else
echo " $(date) Did not find redis master (${MASTER})"
fi
}
sentinel_update() {
echo "Updating sentinel config.."
echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
echo " redis master (${1}:${REDIS_TLS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
else
echo " redis master (${1}:${REDIS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
fi
echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
else
echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
fi
}
redis_update() {
echo "Updating redis config.."
if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})"
echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
else
echo " we are slave of redis master (${1}:${REDIS_PORT})"
echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
fi
echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
}
copy_config() {
echo "Copying default redis config.."
echo " to '${REDIS_CONF}'"
cp /readonly-config/redis.conf "${REDIS_CONF}"
echo "Copying default sentinel config.."
echo " to '${SENTINEL_CONF}'"
cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
}
setup_defaults() {
echo "Setting up defaults.."
echo " using statefulset index (${INDEX})"
if [ "${INDEX}" = "0" ]; then
echo "Setting this pod as master for redis and sentinel.."
echo " using announce (${ANNOUNCE_IP})"
redis_update "${ANNOUNCE_IP}"
sentinel_update "${ANNOUNCE_IP}"
echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
else
echo "Getting redis master ip.."
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
if [ -z "${DEFAULT_MASTER}" ]; then
echo "Error: Unable to resolve redis master (getent hosts)."
exit 1
fi
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
echo "Setting default slave config for redis and sentinel.."
echo " using master ip (${DEFAULT_MASTER})"
redis_update "${DEFAULT_MASTER}"
sentinel_update "${DEFAULT_MASTER}"
fi
}
redis_ping() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} ping
else
redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" ping
fi
set -e
}
redis_ping_retry() {
ping=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
if [ "$(redis_ping)" = "PONG" ]; then
ping='PONG'
break
fi
sleep $((sleep + i))
MASTER=$(sentinel_get_master)
done
echo "${ping}"
}
find_master() {
echo "Verifying redis master.."
if [ "$REDIS_PORT" -eq 0 ]; then
echo " ping (${MASTER}:${REDIS_TLS_PORT})"
else
echo " ping (${MASTER}:${REDIS_PORT})"
fi
if [ "$(redis_ping_retry 3)" != "PONG" ]; then
echo " $(date) Can't ping redis master (${MASTER})"
echo "Attempting to force failover (sentinel failover).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
else
echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
fi
echo "Hold on for 10sec"
sleep 10
echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
else
echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
fi
MASTER="$(sentinel_get_master)"
if [ "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
else
echo "$(date) Error: Could not failover, exiting..."
exit 1
fi
else
echo " $(date) Found reachable redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
fi
}
redis_ro_update() {
echo "Updating read-only redis config.."
echo " redis.conf set 'replica-priority 0'"
echo "replica-priority 0" >> ${REDIS_CONF}
}
getent_hosts() {
index=${1:-${INDEX}}
service="${SERVICE}-announce-${index}"
host=$(getent hosts "${service}")
echo "${host}"
}
identify_announce_ip() {
echo "Identify announce ip for this pod.."
echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
echo " identified announce (${ANNOUNCE_IP})"
}
{{- end }}
{{- define "vars.sh" }}
HOSTNAME="$(hostname)"
{{- if .Values.ro_replicas }}
RO_REPLICAS="{{ .Values.ro_replicas }}"
{{- end }}
INDEX="${HOSTNAME##*-}"
SENTINEL_PORT={{ .Values.sentinel.port }}
ANNOUNCE_IP=''
MASTER=''
MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}"
QUORUM="{{ .Values.sentinel.quorum }}"
REDIS_CONF=/data/conf/redis.conf
REDIS_PORT={{ .Values.redis.port }}
REDIS_TLS_PORT={{ .Values.redis.tlsPort }}
SENTINEL_CONF=/data/conf/sentinel.conf
SENTINEL_TLS_PORT={{ .Values.sentinel.tlsPort }}
SERVICE={{ template "redis-ha.fullname" . }}
SENTINEL_TLS_REPLICATION_ENABLED={{ default false .Values.sentinel.tlsReplication }}
REDIS_TLS_REPLICATION_ENABLED={{ default false .Values.redis.tlsReplication }}
{{- end }}
{{- define "config-init.sh" }}
echo "$(date) Start..."
{{- include "vars.sh" . }}
set -eu
{{- include "lib.sh" . }}
mkdir -p /data/conf/
echo "Initializing config.."
copy_config
# where is redis master
identify_master
identify_announce_ip
if [ -z "${ANNOUNCE_IP}" ]; then
"Error: Could not resolve the announce ip for this pod."
exit 1
elif [ "${MASTER}" ]; then
find_master
else
setup_defaults
fi
{{- if .Values.ro_replicas }}
# works only if index is less than 10
echo "Verifying redis read-only replica.."
echo " we have RO_REPLICAS='${RO_REPLICAS}' with INDEX='${INDEX}'"
if echo "${RO_REPLICAS}" | grep -q "${INDEX}" ; then
redis_ro_update
fi
{{- end }}
if [ "${AUTH:-}" ]; then
echo "Setting redis auth values.."
ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
fi
if [ "${SENTINELAUTH:-}" ]; then
echo "Setting sentinel auth values"
ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
fi
echo "$(date) Ready..."
{{- end }}
{{- define "trigger-failover-if-master.sh" }}
{{- if or (eq (int .Values.redis.port) 0) (eq (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
get_redis_role() {
is_master=$(
redis-cli \
{{- if .Values.auth }}
-a "${AUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if (int .Values.redis.port) }}
-p {{ .Values.redis.port }} \
{{- else }}
-p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
info | grep -c 'role:master' || true
)
}
get_redis_role
if [[ "$is_master" -eq 1 ]]; then
echo "This node is currently master, we trigger a failover."
{{- $masterGroupName := include "redis-ha.masterGroupName" . }}
response=$(
redis-cli \
{{- if .Values.sentinel.auth }}
-a "${SENTINELAUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if (int .Values.sentinel.port) }}
-p {{ .Values.sentinel.port }} \
{{- else }}
-p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
SENTINEL failover {{ $masterGroupName }}
)
if [[ "$response" != "OK" ]] ; then
echo "$response"
exit 1
fi
timeout=30
while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do
sleep 1
get_redis_role
timeout=$((timeout - 1))
done
echo "Failover successful"
fi
{{- end }}
{{- define "fix-split-brain.sh" }}
{{- include "vars.sh" . }}
ROLE=''
REDIS_MASTER=''
set -eu
{{- include "lib.sh" . }}
redis_role() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep role | sed 's/role://' | sed 's/\r//')
else
ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//')
fi
set -e
}
identify_redis_master() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep master_host | sed 's/master_host://' | sed 's/\r//')
else
REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//')
fi
set -e
}
reinit() {
set +e
sh /readonly-config/init.sh
if [ "$REDIS_PORT" -eq 0 ]; then
echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }}
else
echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}"
fi
set -e
}
identify_announce_ip
while [ -z "${ANNOUNCE_IP}" ]; do
echo "Error: Could not resolve the announce ip for this pod."
sleep 30
identify_announce_ip
done
while true; do
sleep {{ .Values.splitBrainDetection.interval }}
# where is redis master
identify_master
if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
redis_role
if [ "$ROLE" != "master" ]; then
reinit
fi
elif [ "${MASTER}" ]; then
identify_redis_master
if [ "$REDIS_MASTER" != "$MASTER" ]; then
reinit
fi
fi
done
{{- end }}
{{- define "config-haproxy.cfg" }}
{{- if .Values.haproxy.customConfig }}
{{ tpl .Values.haproxy.customConfig . | indent 4 }}
{{- else }}
defaults REDIS
mode tcp
timeout connect {{ .Values.haproxy.timeout.connect }}
timeout server {{ .Values.haproxy.timeout.server }}
timeout client {{ .Values.haproxy.timeout.client }}
timeout check {{ .Values.haproxy.timeout.check }}
listen health_check_http_url
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:8888 {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
mode http
monitor-uri /healthz
option dontlognull
{{- $root := . }}
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- $masterGroupName := include "redis-ha.masterGroupName" . }}
{{- range $i := until $replicas }}
# Check Sentinel and whether they are nominated master
backend check_if_redis_is_master_{{ $i }}
mode tcp
option tcp-check
tcp-check connect
{{- if $root.Values.sentinel.auth }}
tcp-check send "AUTH ${SENTINELAUTH}"\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n
tcp-check expect string REPLACE_ANNOUNCE{{ $i }}
tcp-check send QUIT\r\n
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter {{ $root.Values.haproxy.checkInterval }}
{{- end }}
{{- end }}
# decide redis backend to use
#master
frontend ft_redis_master
{{- if .Values.haproxy.tls.enabled }}
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.haproxy.containerPort }} ssl crt {{ .Values.haproxy.tls.certMountPath }}{{ .Values.haproxy.tls.keyName }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
{{ else }}
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.redis.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
{{- end }}
use_backend bk_redis_master
{{- if .Values.haproxy.readOnly.enabled }}
#slave
frontend ft_redis_slave
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.readOnly.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
use_backend bk_redis_slave
{{- end }}
# Check all redis servers to see if they think they are master
backend bk_redis_master
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send "AUTH ${AUTH}"\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 }
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1
{{- end }}
{{- if .Values.haproxy.readOnly.enabled }}
backend bk_redis_slave
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send "AUTH ${AUTH}"\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:slave
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1
{{- end }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
frontend stats
mode http
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.metrics.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} }
stats enable
stats uri /stats
stats refresh 10s
{{- end }}
{{- if .Values.haproxy.extraConfig }}
# Additional configuration
{{ .Values.haproxy.extraConfig | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "config-haproxy_init.sh" }}
HAPROXY_CONF=/data/haproxy.cfg
cp /readonly/haproxy.cfg "$HAPROXY_CONF"
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- range $i := until $replicas }}
for loop in $(seq 1 10); do
getent hosts {{ $fullName }}-announce-{{ $i }} && break
echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1
done
ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then
echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}"
exit 1
fi
sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF"
{{- end }}
{{- end }}
{{- define "redis_liveness.sh" }}
{{- if not (ne (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
response=$(
redis-cli \
{{- if .Values.auth }}
-a "${AUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if ne (int .Values.redis.port) 0 }}
-p {{ .Values.redis.port }} \
{{- else }}
-p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
ping
)
if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then
echo "$response"
exit 1
fi
echo "response=$response"
{{- end }}
{{- define "redis_readiness.sh" }}
{{- if not (ne (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
response=$(
redis-cli \
{{- if .Values.auth }}
-a "${AUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if ne (int .Values.redis.port) 0 }}
-p {{ .Values.redis.port }} \
{{- else }}
-p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
ping
)
if [ "$response" != "PONG" ] ; then
echo "$response"
exit 1
fi
echo "response=$response"
{{- end }}
{{- define "sentinel_liveness.sh" }}
{{- if not (ne (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
response=$(
redis-cli \
{{- if .Values.sentinel.auth }}
-a "${SENTINELAUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if ne (int .Values.sentinel.port) 0 }}
-p {{ .Values.sentinel.port }} \
{{- else }}
-p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
echo "response=$response"
{{- end }}

94
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,94 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return sysctl image
*/}}
{{- define "redis.sysctl.image" -}}
{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
{{- $tag := default "latest" .Values.sysctlImage.tag | toString -}}
{{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
labels.standard prints the standard Helm labels.
The standard labels are frequently used in metadata.
*/ -}}
{{- define "labels.standard" -}}
app: {{ template "redis-ha.name" . }}
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ template "chartref" . }}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
chartref prints a chart name and version.
It does minimal escaping for use in Kubernetes labels.
Example output:
zookeeper-1.2.3
wordpress-3.2.1_20170219
*/ -}}
{{- define "chartref" -}}
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "redis-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "redis-ha.masterGroupName" -}}
{{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}}
{{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}}
{{- if $validMasterGroupName -}}
{{ $masterGroupName }}
{{- else -}}
{{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for poddisruptionbudget.
*/}}
{{- define "redis-ha.podDisruptionBudget.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
{{- print "policy/v1" -}}
{{- else -}}
{{- print "policy/v1beta1" -}}
{{- end -}}
{{- end -}}

15
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-auth-secret.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if and .Values.auth (not .Values.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
type: Opaque
data:
{{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }}
{{- end -}}

60
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-announce-service.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- $fullName := include "redis-ha.fullname" . }}
{{- $namespace := .Release.Namespace -}}
{{- $replicas := int (toString .Values.replicas) }}
{{- $root := . }}
{{- range $i := until $replicas }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}-announce-{{ $i }}
namespace: {{ $namespace | quote}}
labels:
{{ include "labels.standard" $root | indent 4 }}
{{- range $key, $value := $root.Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
{{- if $root.Values.serviceAnnotations }}
{{ toYaml $root.Values.serviceAnnotations | indent 4 }}
{{- end }}
spec:
publishNotReadyAddresses: true
type: ClusterIP
ports:
{{- if ne (int $root.Values.redis.port) 0 }}
- name: tcp-server
port: {{ $root.Values.redis.port }}
protocol: TCP
targetPort: redis
{{- end }}
{{- if $root.Values.redis.tlsPort }}
- name: server-tls
port: {{ $root.Values.redis.tlsPort }}
protocol: TCP
targetPort: redis-tls
{{- end }}
{{- if ne (int $root.Values.sentinel.port) 0 }}
- name: tcp-sentinel
port: {{ $root.Values.sentinel.port }}
protocol: TCP
targetPort: sentinel
{{- end }}
{{- if $root.Values.sentinel.tlsPort }}
- name: sentinel-tls
port: {{ $root.Values.sentinel.tlsPort }}
protocol: TCP
targetPort: sentinel-tls
{{- end }}
{{- if $root.Values.exporter.enabled }}
- name: http-exporter
port: {{ $root.Values.exporter.port }}
protocol: TCP
targetPort: {{ $root.Values.exporter.portName }}
{{- end }}
selector:
release: {{ $root.Release.Name }}
app: {{ include "redis-ha.name" $root }}
"statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }}
{{- end }}

37
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-configmap.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-configmap
namespace: {{ .Release.Namespace | quote }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- range $key, $value := .Values.configmap.labels }}
{{ $key }}: {{ $value | toString }}
{{- end }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
data:
redis.conf: |
{{- include "config-redis.conf" . }}
sentinel.conf: |
{{- include "config-sentinel.conf" . }}
init.sh: |
{{- include "config-init.sh" . }}
fix-split-brain.sh: |
{{- include "fix-split-brain.sh" . }}
{{ if .Values.haproxy.enabled }}
haproxy.cfg: |
{{- include "config-haproxy.cfg" . }}
{{- end }}
haproxy_init.sh: |
{{- include "config-haproxy_init.sh" . }}
trigger-failover-if-master.sh: |
{{- include "trigger-failover-if-master.sh" . }}

14
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.exporter.script }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
data:
script: {{ toYaml .Values.exporter.script | indent 2 }}
{{- end }}

20
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-health-configmap.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-health-configmap
namespace: {{ .Release.Namespace | quote }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
data:
redis_liveness.sh: |
{{- include "redis_liveness.sh" . }}
redis_readiness.sh: |
{{- include "redis_readiness.sh" . }}
sentinel_liveness.sh: |
{{- include "sentinel_liveness.sh" . }}

87
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-network-policy.yaml Normal file
View File

@ -0,0 +1,87 @@
{{- if .Values.networkPolicy.enabled }}
{{- $root := . }}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ template "redis-ha.fullname" . }}-network-policy
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.networkPolicy.annotations }}
annotations:
{{- range $key, $value := .Values.networkPolicy.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.networkPolicy.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
podSelector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
policyTypes:
- Ingress
- Egress
egress:
- to:
- podSelector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
ports:
- port: {{ .Values.redis.port }}
protocol: TCP
- port: {{ .Values.sentinel.port }}
protocol: TCP
- to:
- namespaceSelector: {}
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
{{- range $rule := .Values.networkPolicy.egressRules }}
- to:
{{ (tpl (toYaml $rule.selectors) $) | indent 7 }}
ports:
{{ toYaml $rule.ports | indent 7 }}
{{- end }}
ingress:
- from:
- podSelector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
ports:
- port: {{ .Values.redis.port }}
protocol: TCP
- port: {{ .Values.sentinel.port }}
protocol: TCP
{{- if .Values.haproxy.enabled }}
- from:
- podSelector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}-haproxy
ports:
- port: {{ .Values.redis.port }}
protocol: TCP
- port: {{ .Values.sentinel.port }}
protocol: TCP
{{- end }}
{{- range $rule := .Values.networkPolicy.ingressRules }}
- from:
{{ (tpl (toYaml $rule.selectors) $) | indent 7 }}
ports:
{{- if $rule.ports }}
{{ toYaml $rule.ports | indent 7 }}
{{- else }}
- port: {{ $root.Values.redis.port }}
protocol: TCP
- port: {{ $root.Values.sentinel.port }}
protocol: TCP
{{- end }}
{{- end }}
{{- end }}

21
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-pdb.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.podDisruptionBudget -}}
apiVersion: {{ template "redis-ha.podDisruptionBudget.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "redis-ha.fullname" . }}-pdb
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
selector:
matchLabels:
# The replica label is set on StatefulSet pods but not the Test pods
# We want to avoid including the Test pods in the budget
{{ template "redis-ha.fullname" . }}: replica
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end -}}

17
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "redis-ha.fullname" . }}
{{- if .Values.prometheusRule.namespace }}
namespace: {{ .Values.prometheusRule.namespace }}
{{- end }}
labels: {{- toYaml .Values.prometheusRule.additionalLabels | nindent 4 }}
spec:
groups:
- name: {{ template "redis-ha.fullname" . }}
{{- if .Values.prometheusRule.interval }}
interval: {{ .Values.prometheusRule.interval }}
{{- end }}
rules: {{- tpl (toYaml .Values.prometheusRule.rules) . | nindent 8 }}
{{- end }}

19
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-role.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
{{- end }}

19
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-rolebinding.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "redis-ha.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "redis-ha.fullname" . }}
{{- end }}

32
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-secret.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if not .Values.restore.existingSecret }}
{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}
{{- $regexRestoreSSH := "^.+@.+:.+" -}}
{{- if or (regexFind $regexRestoreSSH (toString .Values.restore.ssh.source)) (regexFind $regexRestoreS3 (toString .Values.restore.s3.source)) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "redis-ha.fullname" . }}-secret
namespace: {{ .Release.Namespace | quote }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
type: Opaque
data:
{{- if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }}
SSH_KEY: "{{ .Values.restore.ssh.key | b64enc }}"
{{- end }}
{{- if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }}
AWS_SECRET_ACCESS_KEY: "{{ .Values.restore.s3.secret_key | b64enc }}"
AWS_ACCESS_KEY_ID: "{{ .Values.restore.s3.access_key | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

57
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-service.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- if .Values.exporter.enabled }}
exporter: enabled
{{- end }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.serviceLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
{{- if .Values.serviceAnnotations }}
{{ toYaml .Values.serviceAnnotations | indent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
{{- if ne (int .Values.redis.port) 0 }}
- name: tcp-server
port: {{ .Values.redis.port }}
protocol: TCP
targetPort: redis
{{- end }}
{{- if .Values.redis.tlsPort }}
- name: server-tls
port: {{ .Values.redis.tlsPort }}
protocol: TCP
targetPort: redis-tls
{{- end }}
{{- if ne (int .Values.sentinel.port) 0 }}
- name: tcp-sentinel
port: {{ .Values.sentinel.port }}
protocol: TCP
targetPort: sentinel
{{- end }}
{{- if .Values.sentinel.tlsPort }}
- name: sentinel-tls
port: {{ .Values.sentinel.tlsPort }}
protocol: TCP
targetPort: sentinel-tls
{{- end }}
{{- if .Values.exporter.enabled }}
- name: http-exporter-port
port: {{ .Values.exporter.port }}
protocol: TCP
targetPort: {{ .Values.exporter.portName }}
{{- end }}
selector:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}

27
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-serviceaccount.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "redis-ha.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if or .Values.auth .Values.sentinel.auth }}
secrets:
{{- end }}
{{- if .Values.auth }}
- name: {{ default (include "redis-ha.fullname" .) .Values.existingSecret }}
{{- end }}
{{- if .Values.sentinel.auth }}
- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) .Values.sentinel.existingSecret }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 0 }}
{{- end }}
{{- end }}

36
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-servicemonitor.yaml Normal file
View File

@ -0,0 +1,36 @@
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Values.exporter.serviceMonitor.namespace | default .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.exporter.serviceMonitor.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
endpoints:
- targetPort: {{ .Values.exporter.port }}
{{- if .Values.exporter.serviceMonitor.interval }}
interval: {{ .Values.exporter.serviceMonitor.interval }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.telemetryPath }}
path: {{ .Values.exporter.serviceMonitor.telemetryPath }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.timeout }}
scrapeTimeout: {{ .Values.exporter.serviceMonitor.timeout }}
{{- end }}
jobLabel: {{ template "redis-ha.fullname" . }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
exporter: enabled
{{- end }}

589
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-statefulset.yaml Normal file
View File

@ -0,0 +1,589 @@
{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}
{{- $regexRestoreSSH := "^.+@.+:.+" -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "redis-ha.fullname" . }}-server
namespace: {{ .Release.Namespace | quote }}
labels:
{{ template "redis-ha.fullname" . }}: replica
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{ include "labels.standard" . | indent 4 }}
annotations:
{{ toYaml .Values.redis.annotations | indent 4 }}
spec:
selector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
serviceName: {{ template "redis-ha.fullname" . }}
replicas: {{ .Values.replicas }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy:
type: {{ .Values.redis.updateStrategy.type }}
template:
metadata:
annotations:
checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-sentinel.conf" .) (include "config-init.sh" .) (include "fix-split-brain.sh" .) (include "redis_liveness.sh" .) (include "redis_readiness.sh" .) (include "sentinel_liveness.sh" .) (include "trigger-failover-if-master.sh" .)| sha256sum }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
{{- if and (.Values.exporter.enabled) (not .Values.exporter.serviceMonitor.enabled) }}
prometheus.io/port: "{{ .Values.exporter.port }}"
prometheus.io/scrape: "true"
prometheus.io/path: {{ .Values.exporter.scrapePath }}
{{- end }}
labels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
{{ template "redis-ha.fullname" . }}: replica
{{- range $key, $value := .Values.labels }}
{{ $key }}: {{ $value | toString }}
{{- end }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.redis.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if .Values.affinity }}
{{- with .Values.affinity }}
{{ tpl . $ | indent 8 }}
{{- end }}
{{- else }}
{{- if .Values.additionalAffinities }}
{{ toYaml .Values.additionalAffinities | indent 8 }}
{{- end }}
podAntiAffinity:
{{- if .Values.hardAntiAffinity }}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: kubernetes.io/hostname
{{- else }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: kubernetes.io/hostname
{{- end }}
{{- end }}
{{- if .Values.topologySpreadConstraints.enabled }}
topologySpreadConstraints:
- maxSkew: {{ .Values.topologySpreadConstraints.maxSkew | default 1 }}
topologyKey: {{ .Values.topologySpreadConstraints.topologyKey | default "topology.kubernetes.io/zone" }}
whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable | default "ScheduleAnyway" }}
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
securityContext: {{ toYaml .Values.securityContext | nindent 8 }}
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountToken }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
- name: init-sysctl
image: {{ template "redis.sysctl.image" . }}
imagePullPolicy: {{ .Values.sysctlImage.pullPolicy }}
resources: {{ toYaml .Values.sysctlImage.resources | nindent 10 }}
{{- if .Values.sysctlImage.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
command: {{ toYaml .Values.sysctlImage.command | nindent 10 }}
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if and .Values.hostPath.path .Values.hostPath.chown }}
- name: hostpath-chown
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
command:
- chown
- "{{ .Values.containerSecurityContext.runAsUser }}"
- /data
volumeMounts:
- name: data
mountPath: /data
{{- end }}
- name: config-init
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.init.resources | indent 10 }}
command:
- sh
args:
- /readonly-config/init.sh
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
env:
{{- $replicas := int (toString .Values.replicas) -}}
{{- range $i := until $replicas }}
- name: SENTINEL_ID_{{ $i }}
value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha256sum | trunc 40 }}
{{- end }}
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
{{- if .Values.sentinel.auth }}
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
key: {{ .Values.sentinel.authKey }}
{{- end }}
volumeMounts:
- name: config
mountPath: /readonly-config
readOnly: true
- name: data
mountPath: /data
{{- if .Values.redis.tlsPort }}
- mountPath: /tls-certs
name: tls-certs
{{- end}}
{{ if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }}
- name: restore-s3
image: s3cmd/s3cmd:latest
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.init.resources | indent 10 }}
command:
- sh
args:
- "-c"
- "timeout -t {{ .Values.restore.timeout }} \
s3cmd get {{ if .Values.restore.s3.region }}--region {{ .Values.restore.s3.region }} {{ end }}--force '{{ .Values.restore.s3.source }}' /data/dump.rdb_ \
&& test -s /data/dump.rdb_ \
&& if test -s /data/dump.rdb; \
then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \
&& mv -v /data/dump.rdb_ /data/dump.rdb"
envFrom:
- secretRef:
{{- if .Values.restore.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ include "redis-ha.fullname" . }}-secret
{{- end }}
volumeMounts:
- name: data
mountPath: /data
{{- end }}
{{ if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }}
- name: restore-ssh
image: lgatica/openssh-client:latest
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.init.resources | indent 10 }}
command:
- sh
args:
- "-c"
- "rm -f key && echo -e \"${SSH_KEY}\" >key \
&& chmod 400 key \
&& timeout {{ .Values.restore.timeout }} \
scp -i key \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
'{{ .Values.restore.ssh.source }}' \
/data/dump.rdb_ \
&& test -s /data/dump.rdb_ \
&& if test -s /data/dump.rdb; \
then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \
&& mv -v /data/dump.rdb_ /data/dump.rdb"
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
envFrom:
- secretRef:
{{- if .Values.restore.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ include "redis-ha.fullname" . }}-secret
{{- end }}
volumeMounts:
- name: data
mountPath: /data
{{- end }}
{{- if .Values.extraInitContainers }}
{{- toYaml .Values.extraInitContainers | nindent 6 }}
{{- end }}
containers:
- name: redis
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- redis-server
args:
- /data/conf/redis.conf
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
{{- if .Values.auth }}
env:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
livenessProbe:
initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.redis.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/redis_liveness.sh
readinessProbe:
initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.redis.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/redis_readiness.sh
resources:
{{ toYaml .Values.redis.resources | indent 10 }}
ports:
{{- if ne (int .Values.redis.port) 0 }}
- name: redis
containerPort: {{ .Values.redis.port }}
{{- end }}
{{- if .Values.redis.tlsPort }}
- name: redis-tls
containerPort: {{ .Values.redis.tlsPort }}
{{- end }}
volumeMounts:
- name: config
mountPath: /readonly-config
readOnly: true
- mountPath: /data
name: data
{{- if .Values.redis.tlsPort }}
- mountPath: /tls-certs
name: tls-certs
{{- end}}
- mountPath: /health
name: health
{{- if .Values.redis.extraVolumeMounts }}
{{- toYaml .Values.redis.extraVolumeMounts | nindent 8 }}
{{- end }}
lifecycle:
{{ toYaml .Values.redis.lifecycle | indent 10 }}
- name: sentinel
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- redis-sentinel
args:
- /data/conf/sentinel.conf
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
{{- if or .Values.auth .Values.sentinel.auth}}
env:
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
{{- if .Values.sentinel.auth }}
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
key: {{ .Values.sentinel.authKey }}
{{- end }}
{{- end }}
livenessProbe:
initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/sentinel_liveness.sh
readinessProbe:
initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/sentinel_liveness.sh
resources:
{{ toYaml .Values.sentinel.resources | indent 10 }}
ports:
{{- if ne (int .Values.sentinel.port) 0 }}
- name: sentinel
containerPort: {{ .Values.sentinel.port }}
{{- end }}
{{- if .Values.sentinel.tlsPort }}
- name: sentinel-tls
containerPort: {{ .Values.sentinel.tlsPort }}
{{- end }}
volumeMounts:
- mountPath: /data
name: data
{{- if .Values.redis.tlsPort }}
- mountPath: /tls-certs
name: tls-certs
{{- end }}
- mountPath: /health
name: health
{{- if .Values.sentinel.extraVolumeMounts }}
{{- toYaml .Values.sentinel.extraVolumeMounts | nindent 8 }}
{{- end }}
lifecycle:
{{ toYaml .Values.sentinel.lifecycle | indent 10 }}
- name: split-brain-fix
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
args:
- /readonly-config/fix-split-brain.sh
securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}
env:
{{- $replicas := int (toString .Values.replicas) -}}
{{- range $i := until $replicas }}
- name: SENTINEL_ID_{{ $i }}
value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha256sum | trunc 40 }}
{{- end }}
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
{{- if .Values.sentinel.auth }}
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
key: {{ .Values.sentinel.authKey }}
{{- end }}
resources:
{{- toYaml .Values.splitBrainDetection.resources | nindent 10 }}
volumeMounts:
- name: config
mountPath: /readonly-config
readOnly: true
- mountPath: /data
name: data
{{- if .Values.redis.tlsPort }}
- mountPath: /tls-certs
name: tls-certs
{{- end }}
{{- if .Values.exporter.enabled }}
- name: redis-exporter
image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}"
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
args:
{{- range $key, $value := .Values.exporter.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
env:
- name: REDIS_ADDR
{{- if .Values.exporter.sslEnabled }}
value: rediss://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.tlsPort }}
{{- else }}
value: redis://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.port }}
{{- end }}
{{- if .Values.auth }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
{{- if .Values.exporter.script }}
- name: REDIS_EXPORTER_SCRIPT
value: /script/script.lua
{{- end }}
{{- if .Values.exporter.sslEnabled }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: /tls-certs/{{ .Values.tls.keyFile }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: /tls-certs/{{ .Values.tls.certFile }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: /tls-certs/{{ .Values.tls.caCertFile }}
{{- end }}
livenessProbe:
httpGet:
path: {{ .Values.exporter.scrapePath }}
port: {{ .Values.exporter.port }}
initialDelaySeconds: {{ .Values.exporter.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.exporter.livenessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.exporter.livenessProbe.periodSeconds }}
readinessProbe:
httpGet:
path: {{ .Values.exporter.scrapePath }}
port: {{ .Values.exporter.port }}
initialDelaySeconds: {{ .Values.exporter.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.exporter.readinessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.exporter.readinessProbe.periodSeconds }}
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
ports:
- name: {{ .Values.exporter.portName }}
containerPort: {{ .Values.exporter.port }}
volumeMounts:
{{- if .Values.exporter.script }}
- mountPath: /script
name: script-mount
{{- end }}
{{- if .Values.exporter.sslEnabled }}
- mountPath: /tls-certs
name: tls-certs
{{- end }}
{{- end }}
{{- if .Values.extraContainers }}
{{- toYaml .Values.extraContainers | nindent 6 }}
{{- end -}}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap
{{- if .Values.sysctlImage.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
{{- if .Values.exporter.script }}
- name: script-mount
configMap:
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
items:
- key: script
path: script.lua
{{- end }}
{{- if .Values.redis.tlsPort }}
- name: tls-certs
secret:
{{- if .Values.tls.secretName }}
secretName: {{ .Values.tls.secretName }}
{{- else }}
secretName: {{ template "redis-ha.fullname" . }}-tls-secret
{{- end }}
{{- end }}
- name: health
configMap:
name: {{ template "redis-ha.fullname" . }}-health-configmap
defaultMode: 0755
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 6 }}
{{- end -}}
{{- if .Values.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: data
annotations:
{{- range $key, $value := .Values.persistentVolume.annotations }}
{{ $key }}: {{ $value }}
{{- end }}
labels: {{- toYaml .Values.persistentVolume.labels | nindent 8 }}
spec:
accessModes:
{{- range .Values.persistentVolume.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistentVolume.size | quote }}
{{- if .Values.persistentVolume.storageClass }}
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- else if .Values.hostPath.path }}
- name: data
hostPath:
path: {{ tpl .Values.hostPath.path .}}
{{- else }}
- name: data
emptyDir:
{{ toYaml .Values.emptyDir | indent 10 }}
{{- end }}

201
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-haproxy-deployment.yaml Normal file
View File

@ -0,0 +1,201 @@
{{- if .Values.haproxy.enabled }}
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
strategy:
type: RollingUpdate
revisionHistoryLimit: 1
replicas: {{ .Values.haproxy.replicas }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
labels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
revision: "{{ .Release.Revision }}"
{{- range $key, $value := .Values.haproxy.labels }}
{{ $key }}: {{ $value | toString }}
{{- end }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
{{- if and (.Values.haproxy.metrics.enabled) (not .Values.haproxy.metrics.serviceMonitor.enabled) }}
prometheus.io/port: "{{ .Values.haproxy.metrics.port }}"
prometheus.io/scrape: "true"
prometheus.io/path: "{{ .Values.haproxy.metrics.scrapePath }}"
{{- end }}
checksum/config: {{ print (include "config-haproxy.cfg" .) (include "config-haproxy_init.sh" .) | sha256sum }}
{{- if .Values.haproxy.annotations }}
{{ toYaml .Values.haproxy.annotations | indent 8 }}
{{- end }}
spec:
# Needed when using unmodified rbac-setup.yml
{{ if .Values.haproxy.serviceAccount.create }}
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}-haproxy
{{- else }}
serviceAccountName: {{ .Values.haproxy.serviceAccountName }}
{{- end }}
securityContext: {{ toYaml .Values.haproxy.securityContext | nindent 8 }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
affinity:
{{- if .Values.haproxy.affinity }}
{{- with .Values.haproxy.affinity }}
{{ tpl . $ | indent 8 }}
{{- end }}
{{- else }}
{{- if .Values.haproxy.additionalAffinities }}
{{ toYaml .Values.haproxy.additionalAffinities | indent 8 }}
{{- end }}
podAntiAffinity:
{{- if .Values.haproxy.hardAntiAffinity }}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
revision: "{{ .Release.Revision }}"
topologyKey: kubernetes.io/hostname
{{- else }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
revision: "{{ .Release.Revision }}"
topologyKey: kubernetes.io/hostname
{{- end }}
{{- end }}
{{- if .Values.topologySpreadConstraints.enabled }}
topologySpreadConstraints:
- maxSkew: {{ .Values.topologySpreadConstraints.maxSkew | default 1 }}
topologyKey: {{ .Values.topologySpreadConstraints.topologyKey | default "topology.kubernetes.io/zone" }}
whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable | default "ScheduleAnyway" }}
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
revision: "{{ .Release.Revision }}"
{{- end }}
initContainers:
- name: config-init
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
resources:
{{ toYaml .Values.haproxy.init.resources | indent 10 }}
command:
- sh
args:
- /readonly/haproxy_init.sh
securityContext: {{ toYaml .Values.haproxy.containerSecurityContext | nindent 10 }}
volumeMounts:
- name: config-volume
mountPath: /readonly
readOnly: true
- name: data
mountPath: /data
{{- if .Values.haproxy.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }}
{{- end }}
containers:
- name: haproxy
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
securityContext: {{ toYaml .Values.haproxy.containerSecurityContext | nindent 10 }}
{{- if or .Values.auth .Values.sentinel.auth}}
env:
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
{{- if .Values.sentinel.auth }}
- name: SENTINELAUTH
valueFrom:
secretKeyRef:
{{- if .Values.sentinel.existingSecret }}
name: {{ .Values.sentinel.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}-sentinel
{{- end }}
key: {{ .Values.sentinel.authKey }}
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 5
periodSeconds: 3
readinessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 5
periodSeconds: 3
ports:
- name: redis
containerPort: {{ default "6379" .Values.haproxy.containerPort }}
{{- if .Values.haproxy.readOnly.enabled }}
- name: readonlyport
containerPort: {{ default "6380" .Values.haproxy.readOnly.port }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
- name: metrics-port
containerPort: {{ default "9101" .Values.haproxy.metrics.port }}
{{- end }}
resources:
{{ toYaml .Values.haproxy.resources | indent 10 }}
volumeMounts:
- name: data
mountPath: /usr/local/etc/haproxy
- name: shared-socket
mountPath: /run/haproxy
{{- if .Values.haproxy.tls.enabled }}
- name: pemfile
mountPath: {{ .Values.haproxy.tls.certMountPath }}
{{- end }}
lifecycle:
{{ toYaml .Values.haproxy.lifecycle | indent 10 }}
{{- if .Values.haproxy.priorityClassName }}
priorityClassName: {{ .Values.haproxy.priorityClassName }}
{{- end }}
volumes:
{{- if .Values.haproxy.tls.enabled }}
- name: pemfile
secret:
secretName: {{ .Values.haproxy.tls.secretName }}
{{- end }}
- name: config-volume
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap
- name: shared-socket
emptyDir:
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
- name: data
emptyDir:
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More