drycc-addons
diff --git a/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/_helpers.tpl‎
Lines changed: 7 additions & 0 deletions b/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/_helpers.tpl‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/configmap.yaml‎
Lines changed: 89 additions & 0 deletions b/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/configmap.yaml‎
Lines changed: 89 additions & 0 deletions
diff --git a/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/networkpolicy.yaml‎
Lines changed: 1 addition & 0 deletions b/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/networkpolicy.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml‎
Lines changed: 88 additions & 0 deletions b/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-svc.yaml‎
Lines changed: 9 additions & 0 deletions b/‎addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-svc.yaml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎addons/redis-cluster/7.0/chart/redis-cluster/values.yaml‎
Lines changed: 104 additions & 0 deletions b/‎addons/redis-cluster/7.0/chart/redis-cluster/values.yaml‎
Lines changed: 104 additions & 0 deletions
diff --git a/‎addons/redis-cluster/7.0/plans/standard-1024/bind.yaml‎
Lines changed: 6 additions & 0 deletions b/‎addons/redis-cluster/7.0/plans/standard-1024/bind.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎addons/redis-cluster/7.0/plans/standard-1024/values.yaml‎
Lines changed: 17 additions & 1 deletion b/‎addons/redis-cluster/7.0/plans/standard-1024/values.yaml‎
Lines changed: 17 additions & 1 deletion
@@ -7,6 +7,13 @@ Return the proper Redis&reg; image name
 {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
 {{- end -}}
 
+{{/*
+Return the proper Redis&reg; image name
+*/}}
+{{- define "redis-cluster.proxy.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.proxy.image "global" .Values.global) }}
+{{- end -}}
+
 {{/*
 Return the proper image name (for the metrics image)
 */}}
 
@@ -11,6 +11,95 @@ metadata:
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}
 data:
+  {{- if .Values.proxy.enabled }}
+  redis-proxy-default.yaml: |-
+    overload_manager:
+      resource_monitors:
+      - name: "envoy.resource_monitors.global_downstream_max_connections"
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
+          max_active_downstream_connections: 10000
+    static_resources:
+      listeners:
+      - name: redis_listener
+        address:
+          socket_address:
+            address: 0.0.0.0
+            port_value: {{ .Values.proxy.containerPorts.proxy }}
+        filter_chains:
+        - filters:
+          - name: envoy.filters.network.redis_proxy
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy
+              stat_prefix: egress_redis
+              settings:
+                op_timeout: 5s
+              prefix_routes:
+                catch_all_route:
+                  cluster: redis_cluster
+              downstream_auth_username:
+                inline_string: "default"
+              downstream_auth_passwords:
+              - inline_string: {REDIS_PASSWORD}
+          {{- if .Values.tls.enabled }}
+          transport_socket:
+            name: envoy.transport_sockets.tls
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
+              require_client_certificate: true
+              common_tls_context:
+                tls_certificates:
+                - certificate_chain:
+                    filename: {{ template "redis-cluster.tlsCert" . }}
+                  private_key:
+                    filename: {{ template "redis-cluster.tlsCertKey" . }}
+                validation_context:
+                  trusted_ca:
+                    filename: {{ template "redis-cluster.tlsCACert" . }}
+          {{- end }}
+      clusters:
+      - name: redis_cluster
+        cluster_type:
+          name: envoy.clusters.redis
+          typed_config:
+            "@type": type.googleapis.com/google.protobuf.Struct
+            value:
+              cluster_refresh_rate: 10s
+              cluster_refresh_timeout: 4s
+        connect_timeout: 4s
+        dns_lookup_family: V4_ONLY
+        lb_policy: CLUSTER_PROVIDED
+        load_assignment:
+          cluster_name: redis_cluster
+          endpoints:
+            lb_endpoints:
+              endpoint:
+                address:
+                  socket_address: { address: 127.0.0.1, port_value: {{ .Values.redis.containerPorts.redis | quote }} }
+        typed_extension_protocol_options:
+          envoy.filters.network.redis_proxy:
+            "@type": type.googleapis.com/google.protobuf.Struct
+            value:
+              auth_username:
+                inline_string: "default"
+              auth_password:
+                inline_string: {REDIS_PASSWORD}
+        {{- if .Values.tls.enabled }}
+        transport_socket:
+          name: envoy.transport_sockets.tls
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+            common_tls_context:
+              tls_certificates:
+                certificate_chain: 
+                  filename: {{ template "redis-cluster.tlsCert" . }}
+                private_key:
+                  filename: {{ template "redis-cluster.tlsCertKey" . }}
+              validation_context:
+                trusted_ca:
+                  filename: {{ template "redis-cluster.tlsCACert" . }}
+        {{- end }}
+  {{- end }}
   redis-default.conf: |-
     # Redis configuration file example.
     #
 
@@ -28,6 +28,7 @@ spec:
     - ports:
         - port: {{ .Values.redis.containerPorts.redis }}
         - port: {{ .Values.redis.containerPorts.bus }}
+        - port: {{ .Values.proxy.containerPorts.proxy }}
       to:
         - podSelector:
             matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
 
@@ -287,6 +287,94 @@ spec:
             {{- if .Values.redis.extraVolumeMounts }}
             {{- include "common.tplvalues.render" ( dict "value" .Values.redis.extraVolumeMounts "context" $ ) | nindent 12 }}
             {{- end }}
+        {{- if .Values.proxy.enabled }}
+        - name: proxy
+          image: {{ include "redis-cluster.proxy.image" . }}
+          imagePullPolicy: {{ .Values.proxy.image.pullPolicy | quote }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else }}
+          command: ['init-stack', '/bin/bash', '-c']
+          args:
+            - |
+              # Start envoy redis proxy
+              {{- if .Values.usePasswordFile }}
+              export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
+              {{- end }}
+              sed s/{REDIS_PASSWORD}/${REDIS_PASSWORD}/g /opt/drycc/redis/etc/redis-proxy-default.yaml > /opt/drycc/redis/etc/redis-proxy.yaml
+              envoy -c /opt/drycc/redis/etc/redis-proxy.yaml --log-level error --concurrency 0
+          {{- end }}
+          env:
+            {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "redis-cluster.secretName" . }}
+                  key: {{ template "redis-cluster.secretPasswordKey" . }}
+            {{- end }}
+            {{- if .Values.usePasswordFile }}
+            - name: REDIS_PASSWORD_FILE
+              value: "/opt/drycc/redis/secrets/redis-password"
+            {{- end }}
+          ports:
+            - name: tcp-proxy
+              containerPort: {{ .Values.proxy.containerPorts.proxy }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.proxy.livenessProbe.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: tcp-proxy
+            initialDelaySeconds: {{ .Values.proxy.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.proxy.livenessProbe.periodSeconds }}
+            # One second longer than command timeout should prevent generation of zombie processes.
+            timeoutSeconds: {{ add1 .Values.proxy.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.proxy.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.proxy.livenessProbe.failureThreshold }}
+          {{- end }}
+          {{- if .Values.proxy.readinessProbe.enabled }}
+          readinessProbe:
+            tcpSocket:
+              port: tcp-proxy
+            initialDelaySeconds: {{ .Values.proxy.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.proxy.readinessProbe.periodSeconds }}
+            # One second longer than command timeout should prevent generation of zombie processes.
+            timeoutSeconds: {{ add1 .Values.proxy.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.proxy.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.proxy.readinessProbe.failureThreshold }}
+          {{- end }}
+          {{- if .Values.proxy.startupProbe.enabled }}
+          startupProbe:
+            tcpSocket:
+              port: tcp-proxy
+            initialDelaySeconds: {{ .Values.proxy.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.proxy.startupProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.proxy.startupProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.proxy.startupProbe.successThreshold }}
+            failureThreshold: {{ .Values.proxy.startupProbe.failureThreshold }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.proxy.resources }}
+          resources:
+          {{- include "common.tplvalues.render" (dict "value" .Values.proxy.resources "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: default-config
+              mountPath: /opt/drycc/redis/etc/redis-proxy-default.yaml
+              subPath: redis-proxy-default.yaml
+            {{- if .Values.usePasswordFile }}
+            - name: redis-password
+              mountPath: /opt/drycc/redis/secrets/
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: redis-certificates
+              mountPath: /opt/drycc/redis/certs
+              readOnly: true
+            {{- end }}
+        {{- end }}
         {{- if .Values.metrics.enabled }}
         - name: metrics
           image: {{ template "redis-cluster.metrics.image" . }}
 
@@ -47,6 +47,15 @@ spec:
       {{- else if eq .Values.service.type "ClusterIP" }}
       nodePort: null
       {{- end }}
+    - name: tcp-proxy
+      port: {{ .Values.service.ports.proxy }}
+      targetPort: tcp-proxy
+      protocol: TCP
+      {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.proxy)) }}
+      nodePort: {{ .Values.service.nodePorts.proxy }}
+      {{- else if eq .Values.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
     {{- if .Values.service.extraPorts }}
     {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
     {{- end }}
 
@@ -233,12 +233,14 @@ service:
   ##
   ports:
     redis: 6379
+    proxy: 36379
   ## Node ports to expose
   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
   ## @param service.nodePorts.redis Node port for Redis
   ##
   nodePorts:
     redis: ""
+    proxy: ""
   ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
   ##
   extraPorts: []
@@ -723,6 +725,108 @@ updateJob:
     ##
     requests: {}
 
+
+## @section Cluster proxy management parameters
+##
+
+## Redis&reg; Cluster proxy settings
+##
+proxy:
+  enabled: true
+  ## @param proxy.image.registry Redis&reg; exporter image registry
+  ## @param proxy.image.repository Redis&reg; exporter image name
+  ## @param proxy.image.tag Redis&reg; exporter image tag
+  ## @param proxy.image.digest Redis&reg; exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+  ## @param proxy.image.pullPolicy Redis&reg; exporter image pull policy
+  ## @param proxy.image.pullSecrets Specify docker-registry secret names as an array
+  ##
+  image:
+    registry: registry.drycc.cc
+    repository: drycc-addons/redis-cluster
+    tag: "7.0"
+    digest: ""
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ## e.g:
+    ## pullSecrets:
+    ##   - myRegistryKeySecretName
+    ##
+    pullSecrets: []
+  containerPorts:
+    proxy: 36379
+  ## Container resource requests and limits
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## We usually recommend not to specify default resources and to leave this as a conscious
+  ## choice for the user. This also increases chances charts run on environments with little
+  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  ## @param updateJob.resources.limits The resources limits for the container
+  ## @param updateJob.resources.requests The requested resources for the container
+  ##
+  resources:
+    ## Example:
+    ## limits:
+    ##    cpu: 500m
+    ##    memory: 1Gi
+    ##
+    limits: {}
+    ## Examples:
+    ## requests:
+    ##    cpu: 250m
+    ##    memory: 256Mi
+    ##
+    requests: {}
+  ## Configure extra options for Redis&reg; liveness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ## @param redis.livenessProbe.enabled Enable livenessProbe
+  ## @param redis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param redis.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param redis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param redis.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param redis.livenessProbe.successThreshold Success threshold for livenessProbe
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 5
+  ## Configure extra options for Redis&reg; readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ## @param redis.readinessProbe.enabled Enable readinessProbe
+  ## @param redis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param redis.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param redis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param redis.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param redis.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 5
+  ## @param redis.startupProbe.enabled Enable startupProbe
+  ## @param redis.startupProbe.path Path to check for startupProbe
+  ## @param redis.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param redis.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param redis.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param redis.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param redis.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: false
+    path: /
+    initialDelaySeconds: 300
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+
 ## @section Cluster management parameters
 ##
 
 
@@ -19,6 +19,12 @@ credential:
         name: {{ template "common.names.fullname" . }}
         jsonpath: '{ .spec.ports[?(@.name=="tcp-redis")].port }'
 
+  - name: PROXY_PORT
+    valueFrom:
+      serviceRef:
+        name: {{ template "common.names.fullname" . }}
+        jsonpath: '{ .spec.ports[?(@.name=="tcp-proxy")].port }'
+
   {{- if and .Values.usePassword (not .Values.existingSecret) }}
   - name: REDIS_PASSWORD
     valueFrom:
 
@@ -30,4 +30,20 @@ redis:
       memory: 1024Mi
     requests:
       cpu: 20m
-      memory: 512Mi
+      memory: 512Mi
+
+## @section Proxy&reg; statefulset parameters
+##
+proxy:
+  ## Proxy&reg; resource requests and limits
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param proxy.resources.limits The resources limits for the container
+  ## @param proxy.resources.requests The requested resources for the container
+  ##
+  resources:
+    limits:
+      cpu: 100m
+      memory: 256Mi
+    requests:
+      cpu: 10m
+      memory: 64Mi