chore(redis-cluster): optimize redis-cluster-proxy

Author: jianxiaoguo

addons/redis-cluster/7.0/chart/redis-cluster/templates/configmap.yaml

@@ -12,93 +12,39 @@ metadata:
   {{- end }}
 data:
   {{- if .Values.proxy.enabled }}
-  redis-proxy-default.yaml: |-
-    overload_manager:
-      resource_monitors:
-      - name: "envoy.resource_monitors.global_downstream_max_connections"
-        typed_config:
-          "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
-          max_active_downstream_connections: 10000
-    static_resources:
-      listeners:
-      - name: redis_listener
-        address:
-          socket_address:
-            address: 0.0.0.0
-            port_value: {{ .Values.proxy.containerPorts.proxy }}
-        filter_chains:
-        - filters:
-          - name: envoy.filters.network.redis_proxy
-            typed_config:
-              "@type": type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy
-              stat_prefix: egress_redis
-              settings:
-                op_timeout: 5s
-              prefix_routes:
-                catch_all_route:
-                  cluster: redis_cluster
-              downstream_auth_username:
-                inline_string: "default"
-              downstream_auth_passwords:
-              - inline_string: {REDIS_PASSWORD}
-          {{- if .Values.tls.enabled }}
-          transport_socket:
-            name: envoy.transport_sockets.tls
-            typed_config:
-              "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
-              require_client_certificate: true
-              common_tls_context:
-                tls_certificates:
-                - certificate_chain:
-                    filename: {{ template "redis-cluster.tlsCert" . }}
-                  private_key:
-                    filename: {{ template "redis-cluster.tlsCertKey" . }}
-                validation_context:
-                  trusted_ca:
-                    filename: {{ template "redis-cluster.tlsCACert" . }}
-          {{- end }}
-      clusters:
-      - name: redis_cluster
-        cluster_type:
-          name: envoy.clusters.redis
-          typed_config:
-            "@type": type.googleapis.com/google.protobuf.Struct
-            value:
-              cluster_refresh_rate: 10s
-              cluster_refresh_timeout: 4s
-        connect_timeout: 4s
-        dns_lookup_family: V4_ONLY
-        lb_policy: CLUSTER_PROVIDED
-        load_assignment:
-          cluster_name: redis_cluster
-          endpoints:
-            lb_endpoints:
-              endpoint:
-                address:
-                  socket_address: { address: 127.0.0.1, port_value: {{ .Values.redis.containerPorts.redis | quote }} }
-        typed_extension_protocol_options:
-          envoy.filters.network.redis_proxy:
-            "@type": type.googleapis.com/google.protobuf.Struct
-            value:
-              auth_username:
-                inline_string: "default"
-              auth_password:
-                inline_string: {REDIS_PASSWORD}
-        {{- if .Values.tls.enabled }}
-        transport_socket:
-          name: envoy.transport_sockets.tls
-          typed_config:
-            "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
-            common_tls_context:
-              tls_certificates:
-                certificate_chain: 
-                  filename: {{ template "redis-cluster.tlsCert" . }}
-                private_key:
-                  filename: {{ template "redis-cluster.tlsCertKey" . }}
-              validation_context:
-                trusted_ca:
-                  filename: {{ template "redis-cluster.tlsCACert" . }}
-        {{- end }}
+  redis-proxy-default.toml: |-
+    [log]
+    level = "libredis_proxy=warn" # "trace" "info" "debug" "warn" "error"
+    ansi = true  # support ANSI colors
+    stdout = true # print logs to stdout
+    directory = "/tmp" # log file directory
+    file_name = "redis-proxy.log" # log file name
+
+    [metrics]
+    port = 2110
+
+    [[clusters]]
+    name = "redis-cluster-proxy"
+    listen_addr = "0.0.0.0:{{ .Values.proxy.containerPorts.proxy }}"
+    hash_tag = "{}"
+    thread = 1
+    cache_type = "redis_cluster"
+    servers = ["127.0.0.1:{{ .Values.redis.containerPorts.redis }}"]
+
+    fetch_interval = 1800000 # 1800s , 30 minutes
+    fetch_since_latest_cmd = 1000 # 3600s , 1 hour
+    read_from_slave = false
+
+    ping_fail_limit = 10
+    ping_interval = 300
+
+    read_timeout = 1000
+    write_timeout = 1000
+    dial_timeout = 500
+    listen_proto = "tcp"
+    node_connections = 1
+
+    auth = {REDIS_PASSWORD}
   {{- end }}
   redis-default.conf: |-
     # Redis configuration file example.

addons/redis-cluster/7.0/chart/redis-cluster/templates/headless-svc.yaml

@@ -21,4 +21,7 @@ spec:
     - name: tcp-redis-bus
       port: {{ .Values.redis.containerPorts.bus }}
       targetPort: tcp-redis-bus
+    - name: tcp-redis-proxy
+      port: {{ .Values.proxy.containerPorts.proxy }}
+      targetPort: tcp-redis-proxy
   selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

addons/redis-cluster/7.0/chart/redis-cluster/templates/networkpolicy.yaml

@@ -40,6 +40,7 @@ spec:
     - ports:
         - port: {{ .Values.redis.containerPorts.redis }}
         - port: {{ .Values.redis.containerPorts.bus }}
+        - port: {{ .Values.proxy.containerPorts.proxy }}
       from:
         {{- if .Values.networkPolicy.allowCurrentNamespace }}
         - namespaceSelector:

addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml

@@ -301,12 +301,19 @@ spec:
           command: ['init-stack', '/bin/bash', '-c']
           args:
             - |
-              # Start envoy redis proxy
+              while true; do
+                sleep 1
+                /scripts/ping_readiness_local.sh 1
+                if [ $? -eq 0 ]; then
+                  break
+                fi
+              done
+              # Start redis cluster proxy
               {{- if .Values.usePasswordFile }}
               export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
               {{- end }}
-              sed s/{REDIS_PASSWORD}/${REDIS_PASSWORD}/g /opt/drycc/redis/etc/redis-proxy-default.yaml > /opt/drycc/redis/etc/redis-proxy.yaml
-              envoy -c /opt/drycc/redis/etc/redis-proxy.yaml --log-level error --concurrency 0
+              sed s/{REDIS_PASSWORD}/\"${REDIS_PASSWORD}\"/g /opt/drycc/redis/etc/redis-proxy-default.toml > /opt/drycc/redis/etc/redis-proxy.toml
+              redis-cluster-proxy /opt/drycc/redis/etc/redis-proxy.toml
           {{- end }}
           env:
             {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
@@ -320,6 +327,8 @@ spec:
             - name: REDIS_PASSWORD_FILE
               value: "/opt/drycc/redis/secrets/redis-password"
             {{- end }}
+            - name: REDIS_PORT
+              value: {{ .Values.redis.containerPorts.redis | quote }}
           ports:
             - name: tcp-proxy
               containerPort: {{ .Values.proxy.containerPorts.proxy }}
@@ -362,9 +371,11 @@ spec:
           {{- include "common.tplvalues.render" (dict "value" .Values.proxy.resources "context" $) | nindent 12 }}
           {{- end }}
           volumeMounts:
+            - name: scripts
+              mountPath: /scripts
             - name: default-config
-              mountPath: /opt/drycc/redis/etc/redis-proxy-default.yaml
-              subPath: redis-proxy-default.yaml
+              mountPath: /opt/drycc/redis/etc/redis-proxy-default.toml
+              subPath: redis-proxy-default.toml
             {{- if .Values.usePasswordFile }}
             - name: redis-password
               mountPath: /opt/drycc/redis/secrets/

addons/redis-cluster/7.0/chart/redis-cluster/templates/scripts-configmap.yaml

@@ -26,7 +26,7 @@ data:
     response=$(
       timeout -s 3 $1 \
       redis-cli \
-        -h localhost \
+        -h 127.0.0.1 \
 {{- if .Values.tls.enabled }}
         -p $REDIS_TLS_PORT \
         --tls \
@@ -51,7 +51,7 @@ data:
       response=$(
         timeout -s 3 $1 \
         redis-cli \
-          -h localhost \
+          -h 127.0.0.1 \
   {{- if .Values.tls.enabled }}
           -p $REDIS_TLS_PORT \
           --tls \
@@ -88,7 +88,7 @@ data:
     response=$(
       timeout -s 3 $1 \
       redis-cli \
-        -h localhost \
+        -h 127.0.0.1 \
 {{- if .Values.tls.enabled }}
         -p $REDIS_TLS_PORT \
         --tls \