From f76ba0ae9250d32941fd836019feff585a2ccfc3 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Fri, 12 Nov 2021 18:28:36 +0100 Subject: [PATCH] feat(Redis): add redis App (#1309) * feat(Redis): add redis App * Fixup questions.yaml for redis and add common injector * fix lint --- charts/incubator/redis/.helmignore | 24 ++ charts/incubator/redis/Chart.yaml | 31 ++ charts/incubator/redis/questions.yaml | 314 ++++++++++++++++++ charts/incubator/redis/templates/common.yaml | 2 + .../redis/templates/health-configmap.yaml | 79 +++++ charts/incubator/redis/templates/secret.yaml | 13 + charts/incubator/redis/values.yaml | 136 ++++++++ charts/library/common/Chart.yaml | 2 +- .../common/templates/lib/chart/_setup.tpl | 3 + .../lib/dependencies/_redisInjector.tpl | 36 ++ charts/library/common/values.yaml | 8 + 11 files changed, 647 insertions(+), 1 deletion(-) create mode 100644 charts/incubator/redis/.helmignore create mode 100644 charts/incubator/redis/Chart.yaml create mode 100644 charts/incubator/redis/questions.yaml create mode 100644 charts/incubator/redis/templates/common.yaml create mode 100644 charts/incubator/redis/templates/health-configmap.yaml create mode 100644 charts/incubator/redis/templates/secret.yaml create mode 100644 charts/incubator/redis/values.yaml create mode 100644 charts/library/common/templates/lib/dependencies/_redisInjector.tpl diff --git a/charts/incubator/redis/.helmignore b/charts/incubator/redis/.helmignore new file mode 100644 index 00000000000..e559de0a012 --- /dev/null +++ b/charts/incubator/redis/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS diff --git a/charts/incubator/redis/Chart.yaml b/charts/incubator/redis/Chart.yaml new file mode 100644 index 00000000000..108367da834 --- /dev/null +++ b/charts/incubator/redis/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +appVersion: "14.0.0" +dependencies: +- name: common + repository: https://truecharts.org + version: 8.5.4 +deprecated: false +description: Open source, advanced key-value store. +home: https://github.com/truecharts/apps/tree/master/stable/redis +icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png +keywords: + - redis + - keyvalue + - database +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: truecharts.org +name: redis +sources: + - https://github.com/bitnami/bitnami-docker-redis + - http://redis.io/ +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - database + - cache + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/charts/incubator/redis/questions.yaml b/charts/incubator/redis/questions.yaml new file mode 100644 index 00000000000..4bd9b69ed65 --- /dev/null +++ b/charts/incubator/redis/questions.yaml @@ -0,0 +1,314 @@ +# Include{groups} +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: false +# Include{global} + - variable: controller + group: "Controller" + label: "" + schema: + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "statefulset" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "RollingUpdate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" +# Include{controllerExpert} + + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + type: dict + attrs: +# Include{fixedEnv} + +# Include{containerConfig} + + - variable: redisPassword + group: "App Configuration" + label: "Redis Password" + schema: + type: string + default: "" + required: true + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + type: dict + attrs: +# Include{serviceSelector} + - variable: main + label: "Main Service Port Configuration" + schema: + type: dict + attrs: + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 6379 + + - variable: port + label: "Container Port" + schema: + type: int + default: 6379 + editable: true + required: true + + + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + +# Include{serviceExpert} + +# Include{serviceList} + + - variable: volumeClaimTemplates + label: "Integrated Persistent Storage" + description: "Integrated Persistent Storage" + group: "Storage and Persistence" + schema: + type: dict + attrs: + - variable: data + label: "App Data Storage" + description: "Stores the Application Data." + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "pvc" + description: "pvc" +# Include{persistenceBasic} + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "/bitnami/redis" + hidden: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" +# Include{persistenceAdvanced} + +# Include{persistenceList} + +# Include{ingressList} + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: The groupID this App of the user running the application" + schema: + type: int + default: 0 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: supplementalGroups + label: "supplemental Groups" + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: "supplemental Group" + schema: + type: int + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: "OnRootMismatch" + enum: + - value: "OnRootMismatch" + description: "OnRootMismatch" + - value: "Always" + description: "Always" + +# Include{resources} + +# Include{advanced} + +# Include{addons} diff --git a/charts/incubator/redis/templates/common.yaml b/charts/incubator/redis/templates/common.yaml new file mode 100644 index 00000000000..9705d4f5fa6 --- /dev/null +++ b/charts/incubator/redis/templates/common.yaml @@ -0,0 +1,2 @@ + +{{ include "common.all" . }} diff --git a/charts/incubator/redis/templates/health-configmap.yaml b/charts/incubator/redis/templates/health-configmap.yaml new file mode 100644 index 00000000000..88e7fc35692 --- /dev/null +++ b/charts/incubator/redis/templates/health-configmap.yaml @@ -0,0 +1,79 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-health + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +data: + ping_readiness_local.sh: |- + #!/bin/bash + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$response" != "PONG" ]; then + echo "failed to connect using password: $REDIS_PASSWORD response: $response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then + echo "$response" + exit 1 + fi + ping_readiness_master.sh: |- + #!/bin/bash + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_master.sh: |- + #!/bin/bash + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status diff --git a/charts/incubator/redis/templates/secret.yaml b/charts/incubator/redis/templates/secret.yaml new file mode 100644 index 00000000000..ab61d7b0b08 --- /dev/null +++ b/charts/incubator/redis/templates/secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: + redis-password: {{ ( .Values.redisPassword | default "nothing" ) | b64enc | quote }} diff --git a/charts/incubator/redis/values.yaml b/charts/incubator/redis/values.yaml new file mode 100644 index 00000000000..ea2e3d6dbc7 --- /dev/null +++ b/charts/incubator/redis/values.yaml @@ -0,0 +1,136 @@ +image: + repository: bitnami/redis + pullPolicy: IfNotPresent + tag: 6.2.6@sha256:cfbc3cf717ea121c3c40a841646280d326c68b4818e893139d2550c10827d4d5 + +controller: + # -- Set the controller type. + # Valid options are deployment, daemonset or statefulset + type: statefulset + # -- Number of desired pods + replicas: 1 + # -- Set the controller upgrade strategy + # For Deployments, valid values are Recreate (default) and RollingUpdate. + # For StatefulSets, valid values are OnDelete and RollingUpdate (default). + # DaemonSets ignore this. + strategy: RollingUpdate + rollingUpdate: + # -- Set deployment RollingUpdate max unavailable + unavailable: 1 + # -- Set deployment RollingUpdate max surge + surge: + # -- Set statefulset RollingUpdate partition + partition: + # -- ReplicaSet revision history limit + revisionHistoryLimit: 3 + +securityContext: + readOnlyRootFilesystem: false + +podSecurityContext: + runAsGroup: 0 + +env: + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + +envTpl: + REDIS_PORT: "{{ .Values.service.main.ports.main.targetPort }}" + +redisPassword: "testpass" +existingSecret: "" + +envValueFrom: + REDIS_PASSWORD: + secretKeyRef: + name: '{{ ( tpl .Values.existingSecret $ ) | default ( include "common.names.fullname" . ) }}' + key: "redis-password" + +service: + main: + ports: + main: + port: 6379 + targetPort: 6379 + +volumeClaimTemplates: + data: + enabled: true + mountPath: "/bitnami/redis" + type: pvc + accessMode: ReadWriteOnce + size: "100Gi" + +# -- Probe configuration +# -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) +# @default -- See below +probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + # -- Enable the liveness probe + enabled: true + # -- Set this to `true` if you wish to specify your own livenessProbe + custom: true + # -- The spec field contains the values for the default livenessProbe. + # If you selected `custom: true`, this field holds the definition of the livenessProbe. + # @default -- See below + spec: + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 2 + + # -- Redainess probe configuration + # @default -- See below + readiness: + # -- Enable the readiness probe + enabled: true + # -- Set this to `true` if you wish to specify your own readinessProbe + custom: true + # -- The spec field contains the values for the default readinessProbe. + # If you selected `custom: true`, this field holds the definition of the readinessProbe. + # @default -- See below + spec: + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 2 + # -- Startup probe configuration + # @default -- See below + startup: + # -- Enable the startup probe + enabled: true + custom: true + # -- The spec field contains the values for the default livenessProbe. + # If you selected `custom: true`, this field holds the definition of the livenessProbe. + # @default -- See below + spec: + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 2 + +persistence: + # -- redis-health configmap mount + # @default -- See below + redis-health: + enabled: true + type: custom + # -- Where to mount the volume in the main container. + # Defaults to `/`, + # setting to '-' creates the volume but disables the volumeMount. + mountPath: /health + # -- Specify if the volume should be mounted read-only. + readOnly: false + # -- Define the custom Volume spec here + # [[ref]](https://kubernetes.io/docs/concepts/storage/volumes/) + volumeSpec: + configMap: + defaultMode: 0755 + name: redis-health diff --git a/charts/library/common/Chart.yaml b/charts/library/common/Chart.yaml index 22b85f9f6ab..158c8566395 100644 --- a/charts/library/common/Chart.yaml +++ b/charts/library/common/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: common sources: null type: library -version: 8.5.5 +version: 8.5.6 diff --git a/charts/library/common/templates/lib/chart/_setup.tpl b/charts/library/common/templates/lib/chart/_setup.tpl index bcdff22b3d4..e0213f8e675 100644 --- a/charts/library/common/templates/lib/chart/_setup.tpl +++ b/charts/library/common/templates/lib/chart/_setup.tpl @@ -4,4 +4,7 @@ {{- /* Autogenerate postgresql passwords if needed */ -}} {{- include "common.dependencies.postgresql.injector" . }} + +{{- /* Autogenerate redis passwords if needed */ -}} +{{- include "common.dependencies.redis.injector" . }} {{- end -}} diff --git a/charts/library/common/templates/lib/dependencies/_redisInjector.tpl b/charts/library/common/templates/lib/dependencies/_redisInjector.tpl new file mode 100644 index 00000000000..51046bfaf0e --- /dev/null +++ b/charts/library/common/templates/lib/dependencies/_redisInjector.tpl @@ -0,0 +1,36 @@ +{{/* +This template generates a random password and ensures it persists across updates/edits to the chart +*/}} +{{- define "common.dependencies.redis.injector" -}} +{{- $pghost := printf "%v-%v" .Release.Name "redis" }} + +{{- if .Values.redis.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "common.labels" . | nindent 4 }} + name: rediscreds +{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "rediscreds" }} +{{- $dbPass := "" }} +data: +{{- if $dbprevious }} + {{- $dbPass = ( index $dbprevious.data "redis-password" ) | b64dec }} + redis-password: {{ ( index $dbprevious.data "redis-password" ) }} +{{- else }} + {{- $dbPass = randAlphaNum 50 }} + redis-password: {{ $dbPass | b64enc | quote }} +{{- end }} + url: {{ ( printf "redis://%v:%v@%v-redis:5432/%v" .Values.redis.redisUsername $dbPass .Release.Name .Values.redis.redisDatabase ) | b64enc | quote }} + plainporthost: {{ ( printf "%v-%v" .Release.Name "redis" ) | b64enc | quote }} + plainhost: {{ ( printf "%v-%v" .Release.Name "redis" ) | b64enc | quote }} +type: Opaque +{{- $_ := set .Values.redis "redisPassword" ( $dbPass | quote ) }} +{{- $_ := set .Values.redis.url "plain" ( ( printf "%v-%v" .Release.Name "redis" ) | quote ) }} +{{- $_ := set .Values.redis.url "plainhost" ( ( printf "%v-%v" .Release.Name "redis" ) | quote ) }} +{{- $_ := set .Values.redis.url "plainport" ( ( printf "%v-%v:5432" .Release.Name "redis" ) | quote ) }} +{{- $_ := set .Values.redis.url "plainporthost" ( ( printf "%v-%v:5432" .Release.Name "redis" ) | quote ) }} + +{{- end }} +{{- end -}} diff --git a/charts/library/common/values.yaml b/charts/library/common/values.yaml index 221576f4f45..6a31655077b 100644 --- a/charts/library/common/values.yaml +++ b/charts/library/common/values.yaml @@ -946,3 +946,11 @@ postgresql: existingSecret: "dbcreds" # -- can be used to make an easy accessable note which URLS to use to access the DB. url: {} + +# -- Redis dependency configuration +# @default -- See below +redis: + enabled: false + existingSecret: "rediscreds" + # -- can be used to make an easy accessable note which URLS to use to access the DB. + url: {}