zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Your commit message

Browse Source
This commit is contained in:
zeaslity
2024-11-27 10:33:20 +08:00
commit 080c7bb97f
911 changed files with 168439 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,117 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- $secretName := include "redis-cluster.secretName" . -}}
{{- $secretPasswordKey := include "redis-cluster.secretPasswordKey" . -}}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
/opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh
{{- else }}
{{ if .Values.usePassword }}
To get your password run:
{{ include "common.utils.secret.getvalue" (dict "secret" $secretName "field" $secretPasswordKey "context" $) }}
{{- end }}
{{- if .Values.cluster.externalAccess.enabled }}
To connect to your Redis&trade; server from outside the cluster check the following information:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
You will have a different external IP for each Redis&trade; node. Get the external ip from `-external` suffixed services: `kubectl get svc`.
Redis&trade; port: {{ .Values.cluster.externalAccess.service.port }}
{{- if not .Values.cluster.externalAccess.service.loadBalancerIP }}
Once the LoadBalancerIPs are ready, you need to provide them and perform a Helm Upgrade:
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set "cluster.externalAccess.enabled=true,cluster.externalAccess.service.type=LoadBalancer{{- $root := . }}{{ $count := .Values.cluster.nodes | int }}{{ range $i, $v := until $count }},cluster.externalAccess.service.loadBalancerIP[{{ $i }}]=load-balancerip-{{- $i }}{{- end }}" bitnami/redis-cluster
Where loadbalancer-ip-i are the LoadBalancerIPs provided by the cluster.
{{- else -}}
{{- if .Values.cluster.init -}}
INFO: The Job to create the cluster will be created.
{{- end -}}
To connect to your database from outside the cluster execute the following commands:
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
redis-cli -c -h $SERVICE_IP -p {{ .Values.service.ports.redis }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
{{- else }}
You have deployed a Redis&trade; Cluster accessible only from within you Kubernetes Cluster.
{{- if .Values.cluster.init -}}
INFO: The Job to create the cluster will be created.
{{- end -}}
To connect to your Redis&trade; cluster:
1. Run a Redis&trade; pod that you can use as a client:
{{- if .Values.tls.enabled }}
kubectl run --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }}-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image {{ template "redis-cluster.image" . }} --command -- sleep infinity
Copy your TLS certificates to the pod:
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert {{ template "common.names.fullname" . }}-client:/tmp/client.cert
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key {{ template "common.names.fullname" . }}-client:/tmp/client.key
kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert {{ template "common.names.fullname" . }}-client:/tmp/CA.cert
Use the following command to attach to the pod:
kubectl exec --tty -i {{ template "common.names.fullname" . }}-client \
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
--namespace {{ .Release.Namespace }} -- bash
{{- else }}
kubectl run --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \
{{ if .Values.usePassword }} --env REDIS_PASSWORD=$REDIS_PASSWORD \{{ end }}
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
--image {{ template "redis-cluster.image" . }} -- bash
{{- end }}
2. Connect using the Redis&trade; CLI:
redis-cli -c -h {{ template "common.names.fullname" . }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
{{ template "common.names.fullname" . }}-client=true"
will be able to connect to redis.
{{- end -}}
{{- end -}}
{{- include "redis-cluster.validateValues" . }}
{{- include "redis-cluster.checkRollingTags" . }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "common.warnings.rollingTag" .Values.sysctlImage }}
{{- if and .Values.usePassword (not .Values.existingSecret) -}}
{{- $requiredPassword := dict "valueKey" "password" "secret" $secretName "field" $secretPasswordKey "context" $ -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredPasswordError) "context" $) -}}
{{- end -}}
{{- end }}

254
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,254 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Redis&trade; image name
*/}}
{{- define "redis-cluster.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the metrics image)
*/}}
{{- define "redis-cluster.metrics.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "redis-cluster.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return sysctl image
*/}}
{{- define "redis-cluster.sysctl.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.sysctlImage "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "redis-cluster.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiGroup for PodSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiGroup" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy" -}}
{{- else -}}
{{- print "extensions" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS secret object should be created
*/}}
{{- define "redis-cluster.createTlsSecret" -}}
{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the secret containing Redis TLS certificates
*/}}
{{- define "redis-cluster.tlsSecretName" -}}
{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the cert file.
*/}}
{{- define "redis-cluster.tlsCert" -}}
{{- if (include "redis-cluster.createTlsSecret" . ) -}}
{{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}}
{{- else -}}
{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the cert key file.
*/}}
{{- define "redis-cluster.tlsCertKey" -}}
{{- if (include "redis-cluster.createTlsSecret" . ) -}}
{{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}}
{{- else -}}
{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the CA cert file.
*/}}
{{- define "redis-cluster.tlsCACert" -}}
{{- if (include "redis-cluster.createTlsSecret" . ) -}}
{{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}}
{{- else -}}
{{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the DH params file.
*/}}
{{- define "redis-cluster.tlsDHParams" -}}
{{- if .Values.tls.dhParamsFilename -}}
{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "redis-cluster.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Get the password secret.
*/}}
{{- define "redis-cluster.secretName" -}}
{{- if .Values.existingSecret -}}
{{- printf "%s" .Values.existingSecret -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the password key to be retrieved from Redis&trade; secret.
*/}}
{{- define "redis-cluster.secretPasswordKey" -}}
{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}}
{{- printf "%s" .Values.existingSecretPasswordKey -}}
{{- else -}}
{{- printf "redis-password" -}}
{{- end -}}
{{- end -}}
{{/*
Return Redis&trade; password
*/}}
{{- define "redis-cluster.password" -}}
{{- if not (empty .Values.global.redis.password) }}
{{- .Values.global.redis.password -}}
{{- else if not (empty .Values.password) -}}
{{- .Values.password -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}
{{/*
Determines whether or not to create the Statefulset
*/}}
{{- define "redis-cluster.createStatefulSet" -}}
{{- if not .Values.cluster.externalAccess.enabled -}}
{{- true -}}
{{- end -}}
{{- if and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/* Check if there are rolling tags in the images */}}
{{- define "redis-cluster.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image -}}
{{- include "common.warnings.rollingTag" .Values.metrics.image -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "redis-cluster.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "redis-cluster.validateValues.updateParameters" .) -}}
{{- $messages := append $messages (include "redis-cluster.validateValues.tlsParameters" .) -}}
{{- $messages := append $messages (include "redis-cluster.validateValues.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&trade; Cluster - check update parameters */}}
{{- define "redis-cluster.validateValues.updateParameters" -}}
{{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) -}}
{{- if .Values.cluster.externalAccess.enabled }}
{{- if not .Values.cluster.update.newExternalIPs -}}
redis-cluster: newExternalIPs
You must provide the newExternalIPs to perform the cluster upgrade when using external access.
{{- end -}}
{{- else }}
{{- if not .Values.cluster.update.currentNumberOfNodes -}}
redis-cluster: currentNumberOfNodes
You must provide the currentNumberOfNodes to perform an upgrade when not using external access.
{{- end -}}
{{- if not .Values.cluster.update.currentNumberOfReplicas -}}
redis-cluster: currentNumberOfReplicas
You must provide the currentNumberOfReplicas to perform an upgrade when not using external access.
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&trade; Cluster - tls settings */}}
{{- define "redis-cluster.validateValues.tlsParameters" -}}
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) }}
{{- if and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) -}}
redis-cluster: TLSSecretMissingSecret
A secret containing the certificates for the TLS traffic is required when TLS is enabled. Please set the tls.existingSecret value
{{- end -}}
{{- if not .Values.tls.certFilename -}}
redis-cluster: TLSSecretMissingCert
A certificate filename is required when TLS is enabled. Please set the tls.certFilename value
{{- end -}}
{{- if not .Values.tls.certKeyFilename -}}
redis-cluster: TLSSecretMissingCertKey
A certificate key filename is required when TLS is enabled. Please set the tls.certKeyFilename value
{{- end -}}
{{- if not .Values.tls.certCAFilename -}}
redis-cluster: TLSSecretMissingCertCA
A certificate CA filename is required when TLS is enabled. Please set the tls.certCAFilename value
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Redis&trade; - PodSecurityPolicy create */}}
{{- define "redis-cluster.validateValues.tls" -}}
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }}
redis-cluster: tls.enabled
In order to enable TLS, you also need to provide
an existing secret containing the TLS certificates or
enable auto-generated certificates.
{{- end -}}
{{- end -}}

1829
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/configmap.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

4
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

24
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/headless-svc.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}-headless
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: tcp-redis
port: {{ .Values.redis.containerPorts.redis }}
targetPort: tcp-redis
- name: tcp-redis-bus
port: {{ .Values.redis.containerPorts.bus }}
targetPort: tcp-redis-bus
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

54
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/metrics-prometheus.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace | quote }}
{{- else}}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
endpoints:
- port: metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: "metrics"
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end -}}

35
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/metrics-svc.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}-metrics
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.service.labels }}
{{ include "common.tplvalues.render" ( dict "value" .Values.metrics.service.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: "metrics"
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.service.annotations }}
{{ include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
{{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.metrics.service.clusterIP }}
{{- end }}
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
{{- end }}
ports:
- name: metrics
port: 9121
targetPort: http-metrics
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
{{- end }}

66
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,66 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
policyTypes:
- Ingress
- Egress
egress:
# Allow dns resolution
- ports:
- port: 53
protocol: UDP
# Allow outbound connections to other cluster pods
- ports:
- port: {{ .Values.redis.containerPorts.redis }}
- port: {{ .Values.redis.containerPorts.bus }}
to:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
ingress:
# Allow inbound connections
- ports:
- port: {{ .Values.redis.containerPorts.redis }}
- port: {{ .Values.redis.containerPorts.bus }}
from:
{{- if not .Values.networkPolicy.allowExternal }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
- podSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: 9121
{{- end }}
{{- end }}

20
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.podDisruptionBudget }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
matchExpressions:
- {key: job-name, operator: NotIn, values: [{{ template "common.names.fullname" . }}-cluster-update]}
{{- toYaml .Values.podDisruptionBudget | nindent 2 }}
{{- end }}

27
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/prometheusrule.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "common.names.fullname" . }}
{{- if .Values.metrics.prometheusRule.namespace }}
namespace: {{ .Values.metrics.prometheusRule.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- with .Values.metrics.prometheusRule.rules }}
groups:
- name: {{ template "common.names.name" $ }}
rules: {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}

46
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/psp.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.podSecurityPolicy.create }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.podSecurityContext.fsGroup }}
max: {{ .Values.podSecurityContext.fsGroup }}
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.podSecurityContext.runAsUser }}
max: {{ .Values.podSecurityContext.runAsUser }}
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: {{ .Values.podSecurityContext.runAsUser }}
max: {{ .Values.podSecurityContext.runAsUser }}
volumes:
- 'configMap'
- 'secret'
- 'emptyDir'
- 'persistentVolumeClaim'
{{- end }}

25
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/redis-role.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.podSecurityPolicy.create }}
- apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "common.names.fullname" . }}]
{{- end -}}
{{- if .Values.rbac.role.rules }}
{{- toYaml .Values.rbac.role.rules | nindent 2 }}
{{- end -}}
{{- end -}}

21
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/redis-rolebinding.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "common.names.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "redis-cluster.serviceAccountName" . }}
{{- end -}}

21
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/redis-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "redis-cluster.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end -}}

449
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/redis-statefulset.yaml Normal file
View File

@@ -0,0 +1,449 @@
{{- if (include "redis-cluster.createStatefulSet" .) }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.redis.updateStrategy }}
updateStrategy: {{- toYaml .Values.redis.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
replicas: {{ .Values.cluster.nodes }}
serviceName: {{ include "common.names.fullname" . }}-headless
podManagementPolicy: {{ .Values.redis.podManagementPolicy }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.redis.podLabels }}
{{- toYaml .Values.redis.podLabels | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
{{- toYaml .Values.metrics.podLabels | nindent 8 }}
{{- end }}
annotations:
checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }}
{{- if not .Values.existingSecret }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if .Values.redis.podAnnotations }}
{{- toYaml .Values.redis.podAnnotations | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
{{- end }}
spec:
hostNetwork: {{ .Values.redis.hostNetwork }}
{{- if semverCompare ">= 1.13" (include "common.capabilities.kubeVersion" .) }}
enableServiceLinks: false
{{- end }}
{{- include "redis-cluster.imagePullSecrets" . | nindent 6 }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "redis-cluster.serviceAccountName" . }}
{{- if .Values.redis.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.redis.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.redis.priorityClassName }}
priorityClassName: {{ .Values.redis.priorityClassName }}
{{- end }}
{{- if .Values.redis.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.redis.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.redis.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.redis.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.redis.nodeAffinityPreset.type "key" .Values.redis.nodeAffinityPreset.key "values" .Values.redis.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.redis.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.redis.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.redis.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.redis.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.redis.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.redis.shareProcessNamespace }}
{{- end }}
{{- if .Values.redis.schedulerName }}
schedulerName: {{ .Values.redis.schedulerName | quote }}
{{- end }}
{{- if .Values.redis.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" ( dict "value" .Values.redis.topologySpreadConstraints "context" $ ) | nindent 8 }}
{{- end }}
containers:
- name: {{ include "common.names.fullname" . }}
image: {{ include "redis-cluster.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.redis.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.redis.command "context" $) | nindent 12 }}
{{- else }}
command: ['/bin/bash', '-c']
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.redis.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.redis.args "context" $) | nindent 12 }}
{{- else if .Values.cluster.externalAccess.enabled }}
args:
- |
# Backwards compatibility change
if ! [[ -f /opt/bitnami/redis/etc/redis.conf ]]; then
cp /opt/bitnami/redis/etc/redis-default.conf /opt/bitnami/redis/etc/redis.conf
fi
pod_index=($(echo "$POD_NAME" | tr "-" "\n"))
pod_index="${pod_index[-1]}"
ips=($(echo "{{ .Values.cluster.externalAccess.service.loadBalancerIP }}" | cut -d [ -f2 | cut -d ] -f 1))
export REDIS_CLUSTER_ANNOUNCE_IP="${ips[$pod_index]}"
export REDIS_NODES="${ips[@]}"
{{- if .Values.cluster.init }}
if [[ "$pod_index" == "0" ]]; then
export REDIS_CLUSTER_CREATOR="yes"
export REDIS_CLUSTER_REPLICAS="{{ .Values.cluster.replicas }}"
fi
{{- end }}
/opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh
{{- else }}
args:
- |
# Backwards compatibility change
if ! [[ -f /opt/bitnami/redis/etc/redis.conf ]]; then
echo COPYING FILE
cp /opt/bitnami/redis/etc/redis-default.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.cluster.init }}
pod_index=($(echo "$POD_NAME" | tr "-" "\n"))
pod_index="${pod_index[-1]}"
if [[ "$pod_index" == "0" ]]; then
export REDIS_CLUSTER_CREATOR="yes"
export REDIS_CLUSTER_REPLICAS="{{ .Values.cluster.replicas }}"
fi
{{- end }}
/opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if .Values.cluster.externalAccess.enabled }}
- name: REDIS_CLUSTER_DYNAMIC_IPS
value: "no"
{{- else }}
- name: REDIS_NODES
value: "{{ $count := .Values.cluster.nodes | int }}{{ range $i, $v := until $count }}{{ include "common.names.fullname" $ }}-{{ $i }}.{{ template "common.names.fullname" $ }}-headless {{ end }}"
{{- end }}
{{- if .Values.usePassword }}
- name: REDISCLI_AUTH
valueFrom:
secretKeyRef:
name: {{ template "redis-cluster.secretName" . }}
key: {{ template "redis-cluster.secretPasswordKey" . }}
{{- if .Values.usePasswordFile }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis-cluster.secretName" . }}
key: {{ template "redis-cluster.secretPasswordKey" . }}
{{- end }}
{{- else }}
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
{{- end }}
- name: REDIS_AOF_ENABLED
value: {{ .Values.redis.useAOFPersistence | quote }}
- name: REDIS_TLS_ENABLED
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_PORT
value: {{ .Values.redis.containerPorts.redis | quote }}
- name: REDIS_TLS_AUTH_CLIENTS
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis-cluster.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis-cluster.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis-cluster.tlsCACert" . }}
{{- if .Values.tls.dhParamsFilename }}
- name: REDIS_TLS_DH_PARAMS_FILE
value: {{ template "redis-cluster.tlsDHParams" . }}
{{- end }}
{{- else }}
- name: REDIS_PORT
value: {{ .Values.redis.containerPorts.redis | quote }}
{{- end }}
{{- if .Values.redis.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.redis.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.redis.extraEnvVarsCM .Values.redis.extraEnvVarsSecret }}
envFrom:
{{- if .Values.redis.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.redis.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.redis.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.redis.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: tcp-redis
containerPort: {{ .Values.redis.containerPorts.redis }}
- name: tcp-redis-bus
containerPort: {{ .Values.redis.containerPorts.bus }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.redis.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }}
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: {{ add1 .Values.redis.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.redis.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /scripts/ping_liveness_local.sh {{ .Values.redis.livenessProbe.timeoutSeconds }}
{{- else if .Values.redis.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.redis.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.redis.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }}
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: {{ add1 .Values.redis.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.redis.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /scripts/ping_readiness_local.sh {{ .Values.redis.readinessProbe.timeoutSeconds }}
{{- else if .Values.redis.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.redis.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.redis.startupProbe.enabled }}
startupProbe:
tcpSocket:
port: tcp-redis
initialDelaySeconds: {{ .Values.redis.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.redis.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.redis.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.redis.startupProbe.successThreshold }}
failureThreshold: {{ .Values.redis.startupProbe.failureThreshold }}
{{- else if .Values.redis.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.redis.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.redis.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.redis.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.redis.resources }}
resources:
{{- include "common.tplvalues.render" (dict "value" .Values.redis.resources "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: scripts
mountPath: /scripts
{{- if .Values.usePasswordFile }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
- name: redis-data
mountPath: {{ .Values.persistence.path }}
subPath: {{ .Values.persistence.subPath }}
- name: default-config
mountPath: /opt/bitnami/redis/etc/redis-default.conf
subPath: redis-default.conf
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.redis.extraVolumeMounts }}
{{- include "common.tplvalues.render" ( dict "value" .Values.redis.extraVolumeMounts "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "redis-cluster.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
- -c
- |
{{- if .Values.usePasswordFile }}
export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
{{- end }}
redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: REDIS_ALIAS
value: {{ template "common.names.fullname" . }}
- name: REDIS_ADDR
value: {{ printf "%s://127.0.0.1:%g" (ternary "rediss" "redis" .Values.tls.enabled) .Values.redis.containerPorts.redis | quote }}
{{- if and .Values.usePassword (not .Values.usePasswordFile) }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "redis-cluster.secretName" . }}
key: {{ template "redis-cluster.secretPasswordKey" . }}
{{- end }}
{{- if .Values.usePasswordFile }}
- name: REDIS_PASSWORD_FILE
value: "/opt/bitnami/redis/secrets/redis-password"
{{- end }}
{{- if .Values.tls.enabled }}
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
value: {{ template "redis-cluster.tlsCertKey" . }}
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
value: {{ template "redis-cluster.tlsCert" . }}
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
value: {{ template "redis-cluster.tlsCACert" . }}
{{- end }}
{{- if or .Values.usePasswordFile .Values.tls.enabled }}
volumeMounts:
{{- if .Values.usePasswordFile }}
- name: redis-password
mountPath: /opt/bitnami/redis/secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- end }}
ports:
- name: http-metrics
containerPort: 9121
resources:
{{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- if .Values.redis.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.redis.sidecars "context" $ ) | nindent 8 }}
{{- end }}
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.containerSecurityContext.enabled }}
{{- if or $needsVolumePermissions .Values.sysctlImage.enabled .Values.redis.initContainers }}
initContainers:
{{- if $needsVolumePermissions }}
- name: volume-permissions
image: {{ include "redis-cluster.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command: ["/bin/chown", "-R", "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}", "{{ .Values.persistence.path }}"]
securityContext:
runAsUser: 0
resources:
{{- toYaml .Values.volumePermissions.resources | nindent 12 }}
volumeMounts:
- name: redis-data
mountPath: {{ .Values.persistence.path }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- if .Values.sysctlImage.enabled }}
- name: init-sysctl
image: {{ template "redis-cluster.sysctl.image" . }}
imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
resources:
{{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- if .Values.sysctlImage.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
command:
{{- toYaml .Values.sysctlImage.command | nindent 12 }}
securityContext:
privileged: true
runAsUser: 0
{{- end }}
{{- if .Values.redis.initContainers }}
{{- toYaml .Values.redis.initContainers | nindent 8 }}
{{- end }}
{{- end }}
volumes:
- name: scripts
configMap:
name: {{ include "common.names.fullname" . }}-scripts
defaultMode: 0755
{{- if .Values.usePasswordFile }}
- name: redis-password
secret:
secretName: {{ include "redis-cluster.secretName" . }}
items:
- key: {{ include "redis-cluster.secretPasswordKey" . }}
path: redis-password
{{- end }}
- name: default-config
configMap:
name: {{ include "common.names.fullname" . }}-default
{{- if .Values.sysctlImage.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
- name: redis-tmp-conf
emptyDir: {}
{{- if .Values.redis.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.redis.extraVolumes "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: redis-certificates
secret:
secretName: {{ include "redis-cluster.tlsSecretName" . }}
defaultMode: 256
{{- end }}
volumeClaimTemplates:
- metadata:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
{{- if .Values.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }}
{{- if or .Values.persistence.matchLabels .Values.persistence.matchExpressions }}
selector:
{{- if .Values.persistence.matchLabels }}
matchLabels:
{{- toYaml .Values.persistence.matchLabels | nindent 12 }}
{{- end -}}
{{- if .Values.persistence.matchExpressions }}
matchExpressions:
{{- toYaml .Values.persistence.matchExpressions | nindent 12 }}
{{- end -}}
{{- end }}
{{- end }}

47
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/redis-svc.yaml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.service.labels -}}
{{ include "common.tplvalues.render" ( dict "value" .Values.service.labels "context" $ ) | nindent 4 }}
{{- end -}}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.service.annotations }}
{{ include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (eq "LoadBalancer" .Values.service.type) .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: tcp-redis
port: {{ .Values.service.ports.redis }}
targetPort: tcp-redis
protocol: TCP
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.redis)) }}
nodePort: {{ .Values.service.nodePorts.redis }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}

111
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/scripts-configmap.yaml Normal file
View File

@@ -0,0 +1,111 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-scripts
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
ping_readiness_local.sh: |-
#!/bin/sh
set -e
REDIS_STATUS_FILE=/tmp/.redis_cluster_check
{{- if .Values.usePasswordFile }}
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDISCLI_AUTH=$password_aux
{{- else }}
if [ ! -z "$REDIS_PASSWORD" ]; then export REDISCLI_AUTH=$REDIS_PASSWORD; fi;
{{- end }}
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
--cert {{ template "redis-cluster.tlsCert" . }} \
--key {{ template "redis-cluster.tlsCertKey" . }} \
--cacert {{ template "redis-cluster.tlsCACert" . }} \
{{- else }}
-p $REDIS_PORT \
{{- end }}
ping
)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
{{- if not .Values.cluster.externalAccess.enabled }}
if [ ! -f "$REDIS_STATUS_FILE" ]; then
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
--cert {{ template "redis-cluster.tlsCert" . }} \
--key {{ template "redis-cluster.tlsCertKey" . }} \
--cacert {{ template "redis-cluster.tlsCACert" . }} \
{{- else }}
-p $REDIS_PORT \
{{- end }}
CLUSTER INFO | grep cluster_state | tr -d '[:space:]'
)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
if [ "$response" != "cluster_state:ok" ]; then
echo "$response"
exit 1
else
touch "$REDIS_STATUS_FILE"
fi
fi
{{- end }}
ping_liveness_local.sh: |-
#!/bin/sh
set -e
{{- if .Values.usePasswordFile }}
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDISCLI_AUTH=$password_aux
{{- else }}
if [ ! -z "$REDIS_PASSWORD" ]; then export REDISCLI_AUTH=$REDIS_PASSWORD; fi;
{{- end }}
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
-p $REDIS_TLS_PORT \
--tls \
--cert {{ template "redis-cluster.tlsCert" . }} \
--key {{ template "redis-cluster.tlsCertKey" . }} \
--cacert {{ template "redis-cluster.tlsCACert" . }} \
{{- else }}
-p $REDIS_PORT \
{{- end }}
ping
)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}')
if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then
echo "$response"
exit 1
fi

17
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/secret.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if and .Values.usePassword (not .Values.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
redis-password: {{ include "redis-cluster.password" . | b64enc | quote }}
{{- end -}}

44
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/svc-cluster-external-access.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if .Values.cluster.externalAccess.enabled }}
{{- $fullName := include "common.names.fullname" . }}
{{- $nodesCount := .Values.cluster.nodes | int }}
{{- $root := . }}
{{- range $i, $e := until $nodesCount }}
{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }}
{{- $_ := set $ "targetPod" $targetPod }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" $ }}-{{ $i }}-svc
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
pod: {{ $targetPod }}
{{- if $root.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if $root.Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if $root.Values.cluster.externalAccess.service.annotations }}
{{ include "common.tplvalues.render" ( dict "value" $root.Values.cluster.externalAccess.service.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ $root.Values.cluster.externalAccess.service.type }}
{{- if $root.Values.cluster.externalAccess.service.loadBalancerIP }}
loadBalancerIP: {{ index $root.Values.cluster.externalAccess.service.loadBalancerIP $i }}
{{- end }}
ports:
- name: tcp-redis
port: {{ $root.Values.cluster.externalAccess.service.port }}
targetPort: tcp-redis
- name: tcp-redis-bus
targetPort: tcp-redis-bus
port: {{ $root.Values.redis.containerPorts.bus }}
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}
statefulset.kubernetes.io/pod-name: {{ $targetPod }}
---
{{- end }}
{{- end }}

27
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/tls-secret.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if (include "redis-cluster.createTlsSecret" .) }}
{{- $ca := genCA "redis-cluster-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $fullname := include "common.names.fullname" . }}
{{- $serviceName := include "common.names.fullname" . }}
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-crt
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}

266
部署应用/Oracle-Cloud/ProjectOctopus/redis-cluster-7.4.8-only-in-k8s-cluster/templates/update-cluster.yaml Normal file
View File

@@ -0,0 +1,266 @@
{{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "common.names.fullname" . }}-cluster-update
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": post-upgrade
{{- if .Values.updateJob.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.updateJob.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
activeDeadlineSeconds: {{ .Values.updateJob.activeDeadlineSeconds }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.updateJob.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.updateJob.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "redis-cluster.imagePullSecrets" . | nindent 6 }}
{{- if .Values.updateJob.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.updateJob.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.updateJob.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.updateJob.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.updateJob.nodeAffinityPreset.type "key" .Values.updateJob.nodeAffinityPreset.key "values" .Values.updateJob.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.updateJob.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.updateJob.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.updateJob.priorityClassName }}
priorityClassName: {{ .Values.updateJob.priorityClassName }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "redis-cluster.serviceAccountName" . }}
{{- if .Values.updateJob.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: trigger
image: {{ include "redis-cluster.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.updateJob.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.command "context" $) | nindent 12 }}
{{- else }}
command: ['/bin/bash', '-c']
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.updateJob.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.args "context" $) | nindent 12 }}
{{- else }}
args:
- |
. /opt/bitnami/scripts/libnet.sh
. /opt/bitnami/scripts/libos.sh
# Backwards compatibility change
if ! [[ -f /opt/bitnami/redis/etc/redis.conf ]]; then
cp /opt/bitnami/redis/etc/redis-default.conf /opt/bitnami/redis/etc/redis.conf
fi
firstNodeIP=$(wait_for_dns_lookup {{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless 120 5)
{{- if .Values.cluster.externalAccess.enabled }}
newNodeCounter=0
for nodeIP in $(echo "{{ .Values.cluster.update.newExternalIPs }}" | cut -d [ -f2 | cut -d ] -f 1 ); do
{{- if .Values.tls.enabled }}
while [[ $(redis-cli -h "$nodeIP" -p "$REDIS_TLS_PORT" --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} ping) != 'PONG' ]]; do
{{- else }}
while [[ $(redis-cli -h "$nodeIP" -p "$REDIS_PORT" ping) != 'PONG' ]]; do
{{- end }}
echo "Node $nodeIP not ready, waiting for all the nodes to be ready..."
sleep 5
done
slave=()
if (( $REDIS_CLUSTER_REPLICAS >= 1 )) && (( newNodeCounter % (( $REDIS_CLUSTER_REPLICAS + 1 )) )); then
slave+=("--cluster-slave")
fi
{{- if .Values.tls.enabled }}
while ! redis-cli --cluster --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} add-node "${nodeIP}:${REDIS_TLS_PORT}" "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_TLS_PORT}" ${slave[@]}; do
{{- else }}
while ! redis-cli --cluster add-node "${nodeIP}:${REDIS_PORT}" "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_PORT}" ${slave[@]}; do
{{- end }}
echo "Add-node ${newNodeIndex} ${newNodeIP} failed, retrying"
sleep 5
done
((newNodeCounter += 1))
done
{{- if .Values.tls.enabled }}
while ! redis-cli --cluster rebalance --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_TLS_PORT}" --cluster-use-empty-masters; do
{{- else }}
while ! redis-cli --cluster rebalance "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_PORT}" --cluster-use-empty-masters; do
{{- end }}
echo "Rebalance failed, retrying"
sleep 5
{{- if .Values.tls.enabled }}
redis-cli --cluster fix --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_TLS_PORT}"
{{- else }}
redis-cli --cluster fix "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_PORT}"
{{- end }}
done
{{- else }}
# number of currently deployed redis master nodes
currentMasterNodesNum="$(( {{ .Values.cluster.update.currentNumberOfNodes }} / (( {{ .Values.cluster.update.currentNumberOfReplicas }} + 1 )) ))"
# end postion of new replicas that should be assigned to original redis master nodes
slaveNodesEndPos="$(( {{ .Values.cluster.update.currentNumberOfNodes }} + (($REDIS_CLUSTER_REPLICAS - {{ .Values.cluster.update.currentNumberOfReplicas }})) * $currentMasterNodesNum ))"
for node in $(seq $((1+{{ .Values.cluster.update.currentNumberOfNodes }})) {{ .Values.cluster.nodes }}); do
newNodeIndex="$(($node - 1))"
newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5)
{{- if .Values.tls.enabled }}
while [[ $(redis-cli -h "$newNodeIP" -p "$REDIS_TLS_PORT" --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} ping) != 'PONG' ]]; do
{{- else }}
while [[ $(redis-cli -h "$newNodeIP" -p "$REDIS_PORT" ping) != 'PONG' ]]; do
{{- end }}
echo "Node $newNodeIP not ready, waiting for all the nodes to be ready..."
newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5)
sleep 5
done
slave=()
# when the index of the new node is less than `slaveNodesEndPos`the added node is a replica that assigned to original redis master node
# when the index of the new node is greater than or equal to `slaveNodesEndPos`and it is not a multiple of `$REDIS_CLUSTER_REPLICAS + 1`, the added node is a replica that assigned to newly added master node
if (( $REDIS_CLUSTER_REPLICAS >= 1 )) && (( (( $newNodeIndex < $slaveNodesEndPos )) || (( (( $newNodeIndex >= $slaveNodesEndPos )) && (( $newNodeIndex % (( $REDIS_CLUSTER_REPLICAS + 1 )) )) )) )); then
slave+=("--cluster-slave")
fi
{{- if .Values.tls.enabled }}
while ! redis-cli --cluster add-node --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "${newNodeIP}:${REDIS_TLS_PORT}" "${firstNodeIP}:${REDIS_TLS_PORT}" ${slave[@]}; do
{{- else }}
while ! redis-cli --cluster add-node "${newNodeIP}:${REDIS_PORT}" "${firstNodeIP}:${REDIS_PORT}" ${slave[@]}; do
{{- end }}
echo "Add-node ${newNodeIndex} ${newNodeIP} failed, retrying"
sleep 5
firstNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless" 120 5)
newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5)
done
done
{{- if .Values.tls.enabled }}
while ! redis-cli --cluster rebalance --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "${firstNodeIP}:${REDIS_TLS_PORT}" --cluster-use-empty-masters; do
{{- else }}
while ! redis-cli --cluster rebalance "${firstNodeIP}:${REDIS_PORT}" --cluster-use-empty-masters; do
{{- end }}
echo "Rebalance failed, retrying"
sleep 5
firstNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless" 120 5)
{{- if .Values.tls.enabled }}
redis-cli --cluster fix --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "${firstNodeIP}:${REDIS_TLS_PORT}"
{{- else }}
redis-cli --cluster fix "${firstNodeIP}:${REDIS_PORT}"
{{- end }}
done
{{- end }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
{{- if .Values.cluster.externalAccess.enabled }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis-cluster.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis-cluster.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis-cluster.tlsCACert" . }}
- name: REDIS_TLS_PORT
{{- else }}
- name: REDIS_PORT
{{- end }}
value: {{ .Values.cluster.externalAccess.service.port | quote }}
{{- else }}
{{- if .Values.tls.enabled }}
- name: REDIS_TLS_CERT_FILE
value: {{ template "redis-cluster.tlsCert" . }}
- name: REDIS_TLS_KEY_FILE
value: {{ template "redis-cluster.tlsCertKey" . }}
- name: REDIS_TLS_CA_FILE
value: {{ template "redis-cluster.tlsCACert" . }}
- name: REDIS_TLS_PORT
{{- else }}
- name: REDIS_PORT
{{- end }}
value: {{ .Values.redis.containerPorts.redis | quote }}
{{- end }}
- name: REDIS_CLUSTER_REPLICAS
value: {{ .Values.cluster.replicas | quote }}
{{- if .Values.usePassword }}
- name: REDISCLI_AUTH
valueFrom:
secretKeyRef:
name: {{ template "redis-cluster.secretName" . }}
key: {{ template "redis-cluster.secretPasswordKey" . }}
{{- end }}
{{- if .Values.updateJob.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.updateJob.extraEnvVarsCM .Values.updateJob.extraEnvVarsSecret }}
envFrom:
{{- if .Values.updateJob.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.updateJob.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.updateJob.resources }}
resources: {{- toYaml .Values.updateJob.resources | nindent 12 }}
{{- end }}
{{- if or .Values.tls.enabled .Values.updateJob.extraVolumeMounts }}
volumeMounts:
{{- if .Values.tls.enabled }}
- name: redis-certificates
mountPath: /opt/bitnami/redis/certs
readOnly: true
{{- end }}
{{- if .Values.updateJob.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- end }}
restartPolicy: OnFailure
{{- if or .Values.tls.enabled .Values.updateJob.extraVolumes }}
volumes:
{{- if .Values.tls.enabled }}
- name: redis-certificates
secret:
secretName: {{ include "common.tplvalues.render" (dict "value" .Values.tls.certificatesSecret "context" $) }}
{{- end }}
{{- if .Values.updateJob.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraVolumes "context" $) | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}