Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specific configuration for Filigran #1

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
+619 −6
Open

Specific configuration for Filigran #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
77e9dbf
Create a new config for standalone sentinel
ThibaultFiligran Dec 19, 2024
a0453b4
Rename cilium policy
ThibaultFiligran Dec 19, 2024
2977fc9
Remove redis-data PVC for standalone sentinel
ThibaultFiligran Dec 26, 2024
51a6752
Remove Extra end
ThibaultFiligran Dec 26, 2024
6334469
fix(redis): improve sentinel script and logging
ThibaultFiligran Dec 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions bitnami/redis/Chart.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
repository: file://../common
version: 2.28.0
digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74
generated: "2024-12-10T17:25:56.439817+01:00"
digest: sha256:849f060b6c093a01d629c0276ad0623ba5111dd297147dfe233a15cf03929bee
generated: "2024-12-26T17:30:12.224836557+01:00"
2 changes: 1 addition & 1 deletion bitnami/redis/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ apiVersion: v2
appVersion: 7.4.1
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
repository: "file://../common"
tags:
- bitnami-common
version: 2.x.x
Expand Down
75 changes: 75 additions & 0 deletions bitnami/redis/templates/cilium-networkpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{{- if .Values.ciliumNetworkPolicy.enabled }}
apiVersion: cilium.io/v2
{{- if .Values.ciliumNetworkPolicy.acrossNamespaces }}
kind: CiliumClusterwideNetworkPolicy
{{- else }}
kind: CiliumNetworkPolicy
{{- end}}
metadata:
{{- if .Values.ciliumNetworkPolicy.acrossNamespaces }}
name: {{ .Release.Namespace }}-bitnami-policy
{{- else }}
name: {{ .Release.Name }}-redis-bitnami-policy
{{- end}}
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
io.kubernetes.pod.namespace: {{ .Release.Namespace }}
egress:
- toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
# Allow outbound connections to other cluster pods on sentinel port and redis port
- toEndpoints:
- matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: node
toPorts:
- ports:
- port: "26379"
protocol: TCP
- port: "6379"
protocol: TCP
# Allow outbound connections to other cluster pods on sentinel port (for standalone sentinel)
- toEndpoints:
- matchLabels:
app: redis-replication
{{- if .Values.ciliumNetworkPolicy.onlyBackend }}
io.kubernetes.pod.namespace: {{ .Release.Namespace }}
{{- end}}
toPorts:
- ports:
- port: "26379"
protocol: TCP
{{- if .Values.ciliumNetworkPolicy.additionalEgress }}
{{- toYaml .Values.ciliumNetworkPolicy.additionalEgress | nindent 4 }}
{{- end }}
ingress:
- fromEndpoints:
- matchLabels:
app.kubernetes.io/name: prometheus
io.kubernetes.pod.namespace: {{ .Values.ciliumNetworkPolicy.monitoringNamespace }}
toPorts:
- ports:
- port: {{ .Values.metrics.containerPorts.http | quote }}
protocol: TCP
- fromEndpoints:
- matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
toPorts:
- ports:
- port: "26379"
protocol: TCP
- port: "6379"
protocol: TCP
{{- if .Values.ciliumNetworkPolicy.additionalIngress }}
{{- toYaml .Values.ciliumNetworkPolicy.additionalIngress | nindent 4 }}
{{- end }}

{{- end }}
48 changes: 46 additions & 2 deletions bitnami/redis/templates/scripts-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,7 @@ data:
sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
info "about to run the command: $sentinel_info_command"
retry_while "eval $sentinel_info_command" 2 5
retry_while "eval $sentinel_info_command" 2 10
}

[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
Expand All @@ -354,6 +354,7 @@ data:
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
else
echo "Failed to get master info from sentinel, failback from persisted configuration"
REDIS_MASTER_HOST="$master_in_persisted_conf"
REDIS_MASTER_PORT_NUMBER="$REDISPORT"
fi
Expand All @@ -362,6 +363,8 @@ data:
else
export REDIS_REPLICATION_MODE="replica"
fi
echo "REDIS_REPLICATION_MODE=$REDIS_REPLICATION_MODE"
echo "REDIS_MASTER_HOST=$REDIS_MASTER_HOST"

{{- if or .Values.sentinel.masterService.enabled .Values.sentinel.service.createMaster }}
if [[ "${REDIS_REPLICATION_MODE}" == "master" ]]; then
Expand Down Expand Up @@ -393,6 +396,47 @@ data:
exit 1
fi

if [[ "$REDIS_SENTINEL_STANDALONE" == "true" ]]; then
info "Standalone mode enabled, searching for master..."
master_found=false

# Try sentinel sidecars on statefulset pods
for node in $(seq 0 $(( {{ .Values.replica.replicaCount }} - 1 ))); do
info "Iterating over node-$node sentinel sidecar"
if timeout 5 redis-cli -h {{ template "common.names.fullname" . }}-node-$node.$HEADLESS_SERVICE -p {{ .Values.sentinel.containerPorts.sentinel }} ping > /dev/null 2>&1; then
existing_master=$(redis-cli -h {{ template "common.names.fullname" . }}-node-$node.$HEADLESS_SERVICE -p {{ .Values.sentinel.containerPorts.sentinel }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }} | head -n 1)
if [[ -n "$existing_master" ]]; then
REDIS_MASTER_HOST="$existing_master"
info "Found existing master at $REDIS_MASTER_HOST"
master_found=true
break
fi
fi
done

# If no sentinel found, try Redis nodes directly
if [[ "$master_found" == "false" ]]; then
for node in $(seq 0 $(( {{ .Values.replica.replicaCount }} - 1 ))); do
info "Iterating over node-$node redis node"
if timeout 5 redis-cli -h {{ template "common.names.fullname" . }}-node-$node.$HEADLESS_SERVICE -p $REDIS_MASTER_PORT_NUMBER ping > /dev/null 2>&1; then
role=$(redis-cli -h {{ template "common.names.fullname" . }}-node-$node.$HEADLESS_SERVICE -p $REDIS_MASTER_PORT_NUMBER info replication | grep "^role:" | cut -d: -f2 | tr -d '[:space:]')
if [[ "$role" == "master" ]]; then
REDIS_MASTER_HOST={{ template "common.names.fullname" . }}-node-$node.$HEADLESS_SERVICE
info "Found active master at node-$node"
master_found=true
break
fi
fi
done
fi

# Fallback to node-0 if nothing found
if [[ "$master_found" == "false" ]]; then
REDIS_MASTER_HOST={{ template "common.names.fullname" . }}-node-0.$HEADLESS_SERVICE
info "No active master found, falling back to node-0"
fi
fi

sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"

add_known_sentinel() {
Expand All @@ -413,7 +457,7 @@ data:
}

# Add available hosts on the network as known replicas & sentinels
for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do
for node in $(seq 0 $(( {{ .Values.replica.replicaCount }} - 1 ))); do
hostname="{{ template "common.names.fullname" . }}-node-$node"
ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')"
add_known_sentinel "$hostname" "$ip"
Expand Down
Loading