apiVersion: v1 kind: Secret metadata: name: redis namespace: redis annotations: kube-1password: o6gzlxq2zkgpdkndulz3htbt3y kube-1password/vault: Kubernetes kube-1password/password-key: redis-password labels: app.kubernetes.io/name: redis type: Opaque --- apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: true metadata: name: redis namespace: redis labels: app.kubernetes.io/name: redis --- apiVersion: v1 kind: ConfigMap metadata: name: redis-configuration namespace: redis labels: app.kubernetes.io/name: redis data: redis.conf: |- # User-supplied common configuration: # Enable AOF https://redis.io/topics/persistence#append-only-file appendonly yes # Disable RDB persistence, AOF persistence already enabled. save "" # End of common configuration master.conf: |- dir /data # User-supplied master configuration: rename-command FLUSHDB "" rename-command FLUSHALL "" # End of master configuration replica.conf: |- dir /data # User-supplied replica configuration: rename-command FLUSHDB "" rename-command FLUSHALL "" # End of replica configuration --- apiVersion: v1 kind: ConfigMap metadata: name: redis-health namespace: redis labels: app.kubernetes.io/name: redis data: ping_readiness_local.sh: |- #!/bin/bash [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_local.sh: |- #!/bin/bash [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then echo "$response" exit 1 fi ping_readiness_master.sh: |- #!/bin/bash [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_master.sh: |- #!/bin/bash [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" response=$( timeout -s 3 $1 \ redis-cli \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$?" -eq "124" ]; then echo "Timed out" exit 1 fi responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then echo "$response" exit 1 fi ping_readiness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? exit $exit_status ping_liveness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? exit $exit_status --- apiVersion: v1 kind: ConfigMap metadata: name: redis-scripts namespace: redis labels: app.kubernetes.io/name: redis data: start-master.sh: | #!/bin/bash [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf fi if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf fi ARGS=("--port" "${REDIS_PORT}") ARGS+=("--requirepass" "${REDIS_PASSWORD}") ARGS+=("--masterauth" "${REDIS_PASSWORD}") ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") exec redis-server "${ARGS[@]}" start-replica.sh: | #!/bin/bash get_port() { hostname="$1" type="$2" port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") port=${!port_var} if [ -z "$port" ]; then case $type in "SENTINEL") echo 26379 ;; "REDIS") echo 6379 ;; esac else echo $port fi } get_full_hostname() { hostname="$1" echo "${hostname}.${HEADLESS_SERVICE}" } REDISPORT=$(get_port "$HOSTNAME" "REDIS") [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf fi if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf fi echo "" >> /opt/bitnami/redis/etc/replica.conf echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf ARGS=("--port" "${REDIS_PORT}") ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") ARGS+=("--requirepass" "${REDIS_PASSWORD}") ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") exec redis-server "${ARGS[@]}" --- apiVersion: v1 kind: Service metadata: name: redis-headless namespace: redis labels: app.kubernetes.io/name: redis spec: type: ClusterIP clusterIP: None ports: - name: tcp-redis port: 6379 targetPort: redis selector: app.kubernetes.io/name: redis --- apiVersion: v1 kind: Service metadata: name: redis-master namespace: redis labels: app.kubernetes.io/name: redis app.kubernetes.io/component: master spec: type: ClusterIP internalTrafficPolicy: Cluster sessionAffinity: None ports: - name: tcp-redis port: 6379 targetPort: redis nodePort: null selector: app.kubernetes.io/name: redis app.kubernetes.io/component: master --- apiVersion: v1 kind: Service metadata: name: redis-replicas namespace: redis labels: app.kubernetes.io/name: redis app.kubernetes.io/component: replica spec: type: ClusterIP internalTrafficPolicy: Cluster sessionAffinity: None ports: - name: tcp-redis port: 6379 targetPort: redis nodePort: null selector: app.kubernetes.io/name: redis app.kubernetes.io/component: replica --- apiVersion: apps/v1 kind: StatefulSet metadata: name: redis-master namespace: redis labels: app.kubernetes.io/name: redis app.kubernetes.io/component: master spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/component: master serviceName: redis-headless updateStrategy: rollingUpdate: {} type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: redis app.kubernetes.io/component: master spec: securityContext: fsGroup: 1001 serviceAccountName: redis affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/component: master namespaces: - "default" topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: terminationGracePeriodSeconds: 30 containers: - name: redis image: docker.io/bitnami/redis:7.0.4-debian-11-r11 imagePullPolicy: "IfNotPresent" securityContext: runAsUser: 1001 command: - /bin/bash args: - -c - /opt/bitnami/scripts/start-scripts/start-master.sh env: - name: BITNAMI_DEBUG value: "false" - name: REDIS_REPLICATION_MODE value: master - name: ALLOW_EMPTY_PASSWORD value: "yes" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: redis key: redis-password - name: REDIS_TLS_ENABLED value: "no" - name: REDIS_PORT value: "6379" ports: - name: redis containerPort: 6379 livenessProbe: initialDelaySeconds: 20 periodSeconds: 5 # One second longer than command timeout should prevent generation of zombie processes. timeoutSeconds: 6 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_liveness_local.sh 5 readinessProbe: initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 2 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_readiness_local.sh 1 resources: limits: {} requests: {} volumeMounts: - name: start-scripts mountPath: /opt/bitnami/scripts/start-scripts - name: health mountPath: /health - name: redis-data mountPath: /data subPath: - name: config mountPath: /opt/bitnami/redis/mounted-etc - name: redis-tmp-conf mountPath: /opt/bitnami/redis/etc/ - name: tmp mountPath: /tmp volumes: - name: start-scripts configMap: name: redis-scripts defaultMode: 0755 - name: health configMap: name: redis-health defaultMode: 0755 - name: config configMap: name: redis-configuration - name: redis-tmp-conf emptyDir: {} - name: tmp emptyDir: {} volumeClaimTemplates: - metadata: name: redis-data labels: app.kubernetes.io/name: redis app.kubernetes.io/component: master spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "4Gi" --- apiVersion: apps/v1 kind: StatefulSet metadata: name: redis-replicas namespace: redis labels: app.kubernetes.io/name: redis app.kubernetes.io/component: replica spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/component: replica serviceName: redis-headless updateStrategy: rollingUpdate: {} type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: redis app.kubernetes.io/component: replica spec: securityContext: fsGroup: 1001 serviceAccountName: redis affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/component: replica namespaces: - "default" topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: terminationGracePeriodSeconds: 30 containers: - name: redis image: docker.io/bitnami/redis:7.0.4-debian-11-r11 imagePullPolicy: "IfNotPresent" securityContext: runAsUser: 1001 command: - /bin/bash args: - -c - /opt/bitnami/scripts/start-scripts/start-replica.sh env: - name: BITNAMI_DEBUG value: "false" - name: REDIS_REPLICATION_MODE value: slave - name: REDIS_MASTER_HOST value: redis-master-0.redis-headless.redis.svc.cluster.local - name: REDIS_MASTER_PORT_NUMBER value: "6379" - name: ALLOW_EMPTY_PASSWORD value: "yes" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: redis key: redis-password - name: REDIS_MASTER_PASSWORD valueFrom: secretKeyRef: name: redis key: redis-password - name: REDIS_TLS_ENABLED value: "no" - name: REDIS_PORT value: "6379" ports: - name: redis containerPort: 6379 startupProbe: failureThreshold: 22 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 tcpSocket: port: redis livenessProbe: initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 6 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_liveness_local_and_master.sh 5 readinessProbe: initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 2 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_readiness_local_and_master.sh 1 resources: limits: {} requests: {} volumeMounts: - name: start-scripts mountPath: /opt/bitnami/scripts/start-scripts - name: health mountPath: /health - name: redis-data mountPath: /data subPath: - name: config mountPath: /opt/bitnami/redis/mounted-etc - name: redis-tmp-conf mountPath: /opt/bitnami/redis/etc volumes: - name: start-scripts configMap: name: redis-scripts defaultMode: 0755 - name: health configMap: name: redis-health defaultMode: 0755 - name: config configMap: name: redis-configuration - name: redis-tmp-conf emptyDir: {} volumeClaimTemplates: - metadata: name: redis-data labels: app.kubernetes.io/name: redis app.kubernetes.io/component: replica spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "2Gi"