From 05e64fda8560b797613f27f0b413389d1f19316f Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 20 Aug 2022 18:19:03 +0100 Subject: [PATCH] Added Redis Signed-off-by: Marcus Noble --- manifests/_apps/redis.yaml | 24 ++ manifests/redis/redis.yaml | 581 +++++++++++++++++++++++++++++++++++++ 2 files changed, 605 insertions(+) create mode 100644 manifests/_apps/redis.yaml create mode 100644 manifests/redis/redis.yaml diff --git a/manifests/_apps/redis.yaml b/manifests/_apps/redis.yaml new file mode 100644 index 0000000..054db0d --- /dev/null +++ b/manifests/_apps/redis.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: redis + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: cluster.fun + destination: + namespace: redis + name: cluster-fun (scaleway) + source: + path: manifests/redis + repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" + targetRevision: HEAD + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true + ignoreDifferences: + - kind: Secret + jsonPointers: + - /data diff --git a/manifests/redis/redis.yaml b/manifests/redis/redis.yaml new file mode 100644 index 0000000..a24a779 --- /dev/null +++ b/manifests/redis/redis.yaml @@ -0,0 +1,581 @@ +apiVersion: v1 +kind: Secret +metadata: + name: redis + namespace: redis + annotations: + kube-1password: o6gzlxq2zkgpdkndulz3htbt3y + kube-1password/vault: Kubernetes + kube-1password/password-key: redis-password + labels: + app.kubernetes.io/name: redis +type: Opaque +--- +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: redis + namespace: redis + labels: + app.kubernetes.io/name: redis +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-configuration + namespace: redis + labels: + app.kubernetes.io/name: redis +data: + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-health + namespace: redis + labels: + app.kubernetes.io/name: redis +data: + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-scripts + namespace: redis + labels: + app.kubernetes.io/name: redis +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_PASSWORD}") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" + start-replica.sh: | + #!/bin/bash + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo 26379 + ;; + "REDIS") + echo 6379 + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + echo "${hostname}.${HEADLESS_SERVICE}" + } + + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then + cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf + fi + if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + + echo "" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + exec redis-server "${ARGS[@]}" +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-headless + namespace: redis + labels: + app.kubernetes.io/name: redis +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/name: redis +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-master + namespace: redis + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +spec: + type: ClusterIP + internalTrafficPolicy: Cluster + sessionAffinity: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + nodePort: null + selector: + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-replicas + namespace: redis + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica +spec: + type: ClusterIP + internalTrafficPolicy: Cluster + sessionAffinity: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + nodePort: null + selector: + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica +--- + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis-master + namespace: redis + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + serviceName: redis-headless + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + spec: + securityContext: + fsGroup: 1001 + serviceAccountName: redis + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + terminationGracePeriodSeconds: 30 + containers: + - name: redis + image: docker.io/bitnami/redis:7.0.4-debian-11-r11 + imagePullPolicy: "IfNotPresent" + securityContext: + runAsUser: 1001 + command: + - /bin/bash + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis + key: redis-password + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + resources: + limits: {} + requests: {} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: redis-data + mountPath: /data + subPath: + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: redis-tmp-conf + mountPath: /opt/bitnami/redis/etc/ + - name: tmp + mountPath: /tmp + volumes: + - name: start-scripts + configMap: + name: redis-scripts + defaultMode: 0755 + - name: health + configMap: + name: redis-health + defaultMode: 0755 + - name: config + configMap: + name: redis-configuration + - name: redis-tmp-conf + emptyDir: {} + - name: tmp + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: redis-data + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "4Gi" + +--- + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis-replicas + namespace: redis + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica + serviceName: redis-headless + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica + spec: + securityContext: + fsGroup: 1001 + serviceAccountName: redis + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + terminationGracePeriodSeconds: 30 + containers: + - name: redis + image: docker.io/bitnami/redis:7.0.4-debian-11-r11 + imagePullPolicy: "IfNotPresent" + securityContext: + runAsUser: 1001 + command: + - /bin/bash + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-replica.sh + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: slave + - name: REDIS_MASTER_HOST + value: redis-master-0.redis-headless.redis.svc.cluster.local + - name: REDIS_MASTER_PORT_NUMBER + value: "6379" + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis + key: redis-password + - name: REDIS_MASTER_PASSWORD + valueFrom: + secretKeyRef: + name: redis + key: redis-password + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + startupProbe: + failureThreshold: 22 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + tcpSocket: + port: redis + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_liveness_local_and_master.sh 5 + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_readiness_local_and_master.sh 1 + resources: + limits: {} + requests: {} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: redis-data + mountPath: /data + subPath: + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: redis-tmp-conf + mountPath: /opt/bitnami/redis/etc + volumes: + - name: start-scripts + configMap: + name: redis-scripts + defaultMode: 0755 + - name: health + configMap: + name: redis-health + defaultMode: 0755 + - name: config + configMap: + name: redis-configuration + - name: redis-tmp-conf + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: redis-data + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "2Gi"