feat(Redis): add redis App (#1309)

* feat(Redis): add redis App

* Fixup questions.yaml for redis and add common injector

* fix lint
This commit is contained in:
Kjeld Schouten-Lebbing
2021-11-12 18:28:36 +01:00
committed by GitHub
parent 4a59520644
commit f76ba0ae92
11 changed files with 647 additions and 1 deletions

View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS

View File

@@ -0,0 +1,31 @@
apiVersion: v2
appVersion: "14.0.0"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.5.4
deprecated: false
description: Open source, advanced key-value store.
home: https://github.com/truecharts/apps/tree/master/stable/redis
icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png
keywords:
- redis
- keyvalue
- database
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
name: redis
sources:
- https://github.com/bitnami/bitnami-docker-redis
- http://redis.io/
type: application
version: 0.0.1
annotations:
truecharts.org/catagories: |
- database
- cache
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@@ -0,0 +1,314 @@
# Include{groups}
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: false
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "statefulset"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "RollingUpdate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
type: dict
attrs:
# Include{fixedEnv}
# Include{containerConfig}
- variable: redisPassword
group: "App Configuration"
label: "Redis Password"
schema:
type: string
default: ""
required: true
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
type: dict
attrs:
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "TCP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 6379
- variable: port
label: "Container Port"
schema:
type: int
default: 6379
editable: true
required: true
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
- variable: volumeClaimTemplates
label: "Integrated Persistent Storage"
description: "Integrated Persistent Storage"
group: "Storage and Persistence"
schema:
type: dict
attrs:
- variable: data
label: "App Data Storage"
description: "Stores the Application Data."
schema:
type: dict
attrs:
- variable: enabled
label: "Enable the storage"
schema:
type: boolean
default: true
hidden: true
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "pvc"
description: "pvc"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: mountPath
label: "mountPath"
description: "Path inside the container the storage is mounted"
schema:
type: string
default: "/bitnami/redis"
hidden: true
valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
# Include{persistenceList}
# Include{ingressList}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: true
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
- variable: supplementalGroups
label: "supplemental Groups"
schema:
type: list
default: []
items:
- variable: supplementalGroupsEntry
label: "supplemental Group"
schema:
type: int
- variable: fsGroupChangePolicy
label: "When should we take ownership?"
schema:
type: string
default: "OnRootMismatch"
enum:
- value: "OnRootMismatch"
description: "OnRootMismatch"
- value: "Always"
description: "Always"
# Include{resources}
# Include{advanced}
# Include{addons}

View File

@@ -0,0 +1,2 @@
{{ include "common.all" . }}

View File

@@ -0,0 +1,79 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-health
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- with .Values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
ping_readiness_local.sh: |-
#!/bin/bash
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "failed to connect using password: $REDIS_PASSWORD response: $response"
exit 1
fi
ping_liveness_local.sh: |-
#!/bin/bash
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_master.sh: |-
#!/bin/bash
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
#!/bin/bash
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status

View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- with .Values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
type: Opaque
data:
redis-password: {{ ( .Values.redisPassword | default "nothing" ) | b64enc | quote }}

View File

@@ -0,0 +1,136 @@
image:
repository: bitnami/redis
pullPolicy: IfNotPresent
tag: 6.2.6@sha256:cfbc3cf717ea121c3c40a841646280d326c68b4818e893139d2550c10827d4d5
controller:
# -- Set the controller type.
# Valid options are deployment, daemonset or statefulset
type: statefulset
# -- Number of desired pods
replicas: 1
# -- Set the controller upgrade strategy
# For Deployments, valid values are Recreate (default) and RollingUpdate.
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
# DaemonSets ignore this.
strategy: RollingUpdate
rollingUpdate:
# -- Set deployment RollingUpdate max unavailable
unavailable: 1
# -- Set deployment RollingUpdate max surge
surge:
# -- Set statefulset RollingUpdate partition
partition:
# -- ReplicaSet revision history limit
revisionHistoryLimit: 3
securityContext:
readOnlyRootFilesystem: false
podSecurityContext:
runAsGroup: 0
env:
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
envTpl:
REDIS_PORT: "{{ .Values.service.main.ports.main.targetPort }}"
redisPassword: "testpass"
existingSecret: ""
envValueFrom:
REDIS_PASSWORD:
secretKeyRef:
name: '{{ ( tpl .Values.existingSecret $ ) | default ( include "common.names.fullname" . ) }}'
key: "redis-password"
service:
main:
ports:
main:
port: 6379
targetPort: 6379
volumeClaimTemplates:
data:
enabled: true
mountPath: "/bitnami/redis"
type: pvc
accessMode: ReadWriteOnce
size: "100Gi"
# -- Probe configuration
# -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
# @default -- See below
probes:
# -- Liveness probe configuration
# @default -- See below
liveness:
# -- Enable the liveness probe
enabled: true
# -- Set this to `true` if you wish to specify your own livenessProbe
custom: true
# -- The spec field contains the values for the default livenessProbe.
# If you selected `custom: true`, this field holds the definition of the livenessProbe.
# @default -- See below
spec:
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 2
# -- Redainess probe configuration
# @default -- See below
readiness:
# -- Enable the readiness probe
enabled: true
# -- Set this to `true` if you wish to specify your own readinessProbe
custom: true
# -- The spec field contains the values for the default readinessProbe.
# If you selected `custom: true`, this field holds the definition of the readinessProbe.
# @default -- See below
spec:
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 2
# -- Startup probe configuration
# @default -- See below
startup:
# -- Enable the startup probe
enabled: true
custom: true
# -- The spec field contains the values for the default livenessProbe.
# If you selected `custom: true`, this field holds the definition of the livenessProbe.
# @default -- See below
spec:
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 2
persistence:
# -- redis-health configmap mount
# @default -- See below
redis-health:
enabled: true
type: custom
# -- Where to mount the volume in the main container.
# Defaults to `/<name_of_the_volume>`,
# setting to '-' creates the volume but disables the volumeMount.
mountPath: /health
# -- Specify if the volume should be mounted read-only.
readOnly: false
# -- Define the custom Volume spec here
# [[ref]](https://kubernetes.io/docs/concepts/storage/volumes/)
volumeSpec:
configMap:
defaultMode: 0755
name: redis-health

View File

@@ -15,4 +15,4 @@ maintainers:
name: common
sources: null
type: library
version: 8.5.5
version: 8.5.6

View File

@@ -4,4 +4,7 @@
{{- /* Autogenerate postgresql passwords if needed */ -}}
{{- include "common.dependencies.postgresql.injector" . }}
{{- /* Autogenerate redis passwords if needed */ -}}
{{- include "common.dependencies.redis.injector" . }}
{{- end -}}

View File

@@ -0,0 +1,36 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "common.dependencies.redis.injector" -}}
{{- $pghost := printf "%v-%v" .Release.Name "redis" }}
{{- if .Values.redis.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
name: rediscreds
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "rediscreds" }}
{{- $dbPass := "" }}
data:
{{- if $dbprevious }}
{{- $dbPass = ( index $dbprevious.data "redis-password" ) | b64dec }}
redis-password: {{ ( index $dbprevious.data "redis-password" ) }}
{{- else }}
{{- $dbPass = randAlphaNum 50 }}
redis-password: {{ $dbPass | b64enc | quote }}
{{- end }}
url: {{ ( printf "redis://%v:%v@%v-redis:5432/%v" .Values.redis.redisUsername $dbPass .Release.Name .Values.redis.redisDatabase ) | b64enc | quote }}
plainporthost: {{ ( printf "%v-%v" .Release.Name "redis" ) | b64enc | quote }}
plainhost: {{ ( printf "%v-%v" .Release.Name "redis" ) | b64enc | quote }}
type: Opaque
{{- $_ := set .Values.redis "redisPassword" ( $dbPass | quote ) }}
{{- $_ := set .Values.redis.url "plain" ( ( printf "%v-%v" .Release.Name "redis" ) | quote ) }}
{{- $_ := set .Values.redis.url "plainhost" ( ( printf "%v-%v" .Release.Name "redis" ) | quote ) }}
{{- $_ := set .Values.redis.url "plainport" ( ( printf "%v-%v:5432" .Release.Name "redis" ) | quote ) }}
{{- $_ := set .Values.redis.url "plainporthost" ( ( printf "%v-%v:5432" .Release.Name "redis" ) | quote ) }}
{{- end }}
{{- end -}}

View File

@@ -946,3 +946,11 @@ postgresql:
existingSecret: "dbcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}
# -- Redis dependency configuration
# @default -- See below
redis:
enabled: false
existingSecret: "rediscreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}