chore(redis): support redis sentinel proxy

Author: jianxiaoguo

addons/redis/7.0/chart/redis/templates/_helpers.tpl

@@ -14,6 +14,13 @@ Return the proper Redis Sentinel image name
 {{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }}
 {{- end -}}
 
+{{/*
+Return the proper Redis Proxy image name
+*/}}
+{{- define "redis.proxy.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.proxy.image "global" .Values.global) }}
+{{- end -}}
+
 {{/*
 Return the proper image name (for the metrics image)
 */}}

addons/redis/7.0/chart/redis/templates/networkpolicy.yaml

@@ -30,6 +30,9 @@ spec:
         {{- if .Values.sentinel.enabled }}
         - port: {{ .Values.sentinel.containerPorts.sentinel }}
         {{- end }}
+        {{- if .Values.proxy.enabled }}
+        - port: {{ .Values.proxy.containerPorts.proxy }}
+        {{- end }}
       to:
         - podSelector:
             matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
@@ -48,6 +51,9 @@ spec:
         {{- if .Values.sentinel.enabled }}
         - port: {{ .Values.sentinel.containerPorts.sentinel }}
         {{- end }}
+        {{- if .Values.proxy.enabled }}
+        - port: {{ .Values.proxy.containerPorts.proxy }}
+        {{- end }}
       {{- if not .Values.networkPolicy.allowExternal }}
       from:
         - podSelector:

addons/redis/7.0/chart/redis/templates/sentinel/node-services.yaml

@@ -6,9 +6,11 @@
 
 {{ $sentinelport := 0}}
 {{ $redisport := 0}}
+{{ $proxyport := 0}}
 {{- if $portsmap }}
 {{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel") }}
 {{ $redisport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "redis") }}
+{{ $proxyport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "proxy") }}
 {{- else }}
 {{- end }}
 
@@ -45,6 +47,16 @@ spec:
     {{- end }}
     protocol: TCP
     targetPort: {{ $.Values.sentinel.containerPorts.sentinel }}
+  - name: proxy
+    {{- if $.Values.sentinel.service.nodePorts.proxy  }}
+    nodePort: {{ (add $.Values.sentinel.service.nodePorts.proxy $i 1) }}
+    port: {{ (add $.Values.sentinel.service.nodePorts.proxy $i 1) }}
+    {{- else }}
+    nodePort: {{ $proxyport }}
+    port: {{ $proxyport }}
+    {{- end }}
+    protocol: TCP
+    targetPort: {{ $.Values.proxy.containerPorts.proxy }}
   - name: redis
     {{- if $.Values.sentinel.service.nodePorts.redis }}
     nodePort: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }}
@@ -60,6 +72,11 @@ spec:
     port: {{ $.Values.sentinel.containerPorts.sentinel }}
     protocol: TCP
     targetPort: {{ $.Values.sentinel.containerPorts.sentinel }}
+  - name: proxy-internal
+    nodePort: null
+    port: {{ $.Values.proxy.containerPorts.proxy }}
+    protocol: TCP
+    targetPort: {{ $.Values.proxy.containerPorts.proxy }}
   - name: redis-internal
     nodePort: null
     port: {{ $.Values.replica.containerPorts.redis }}

addons/redis/7.0/chart/redis/templates/sentinel/service.yaml

@@ -5,9 +5,11 @@
 {{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
 
 {{ $sentinelport := 0}}
+{{ $proxyport := 0}}
 {{ $redisport := 0}}
 {{- if $portsmap }}
 {{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel") }}
+{{ $proxyport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "proxy") }}
 {{ $redisport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "redis") }}
 {{- else }}
 {{- end }}
@@ -78,6 +80,22 @@ spec:
       {{- else if eq .Values.sentinel.service.type "NodePort" }}
       nodePort:  {{ $sentinelport }}
       {{- end }}
+    - name: tcp-proxy
+      {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.proxy }}
+      port: {{ .Values.sentinel.service.nodePorts.proxy }}
+      {{- else if eq .Values.sentinel.service.type "NodePort" }}
+      port:  {{ $proxyport }}
+      {{- else }}
+      port: {{ .Values.sentinel.service.ports.proxy }}
+      {{- end }}
+      targetPort: {{ .Values.proxy.containerPorts.proxy }}
+      {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.proxy }}
+      nodePort: {{ .Values.sentinel.service.nodePorts.proxy }}
+      {{- else if eq .Values.sentinel.service.type "ClusterIP" }}
+      nodePort: null
+      {{- else if eq .Values.sentinel.service.type "NodePort" }}
+      nodePort:  {{ $proxyport }}
+      {{- end }}
     {{- if eq .Values.sentinel.service.type "NodePort" }}
     - name: sentinel-internal
       nodePort: null

addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml

@@ -443,6 +443,90 @@ spec:
             {{- if .Values.sentinel.extraVolumeMounts }}
             {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }}
             {{- end }}
+        {{- if .Values.proxy.enabled }}
+        - name: proxy
+          image: {{ template "redis.proxy.image" . }}
+          imagePullPolicy: {{ .Values.proxy.image.pullPolicy | quote }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else }}
+          command:
+            - init-stack
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            - bash
+            - -ec
+            - |
+              [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
+              /opt/drycc/redis-sentinel/bin/reids-sentinel-proxy \
+                -listen :{{ .Values.proxy.containerPorts.proxy }} \
+                -master {{ .Values.sentinel.masterSet }} \
+                -sentinel-addr ${POD_IP}:{{ .Values.sentinel.containerPorts.sentinel }} \
+                -sentinel-pass $(REDIS_PASSWORD) \
+                -sentinel-user ""
+          {{- end }}
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            {{- if .Values.auth.enabled }}
+            {{- if .Values.auth.usePasswordFiles }}
+            - name: REDIS_PASSWORD_FILE
+              value: "/opt/drycc/redis/secrets/redis-password"
+            {{- else }}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "redis.secretName" . }}
+                  key: {{ template "redis.secretPasswordKey" . }}
+            {{- end }}
+            {{- else }}
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "yes"
+            {{- end }}
+          ports:
+            - name: redis-proxy
+              containerPort: {{ .Values.proxy.containerPorts.proxy }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.proxy.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }}
+            tcpSocket:
+              port: redis-proxy
+          {{- end }}
+          {{- if .Values.proxy.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.proxy.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.proxy.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.proxy.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.proxy.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.proxy.livenessProbe.failureThreshold }}
+            tcpSocket:                                
+              port: redis-proxy
+          {{- end }}
+          {{- if .Values.proxy.readinessProbe.enabled }}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.proxy.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.proxy.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.proxy.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.proxy.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.proxy.readinessProbe.failureThreshold }}
+            tcpSocket:                                
+              port: redis-proxy
+          {{- end }}
+          {{- end }}
+          {{- if .Values.proxy.resources }}
+          resources: {{- toYaml .Values.proxy.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.auth.usePasswordFiles }}
+          volumeMounts:
+            - name: redis-password
+              mountPath: /opt/drycc/redis/secrets/
+          {{- end }}
+        {{- end }}
         {{- if .Values.metrics.enabled }}
         - name: metrics
           image: {{ template "redis.metrics.image" . }}

addons/redis/7.0/chart/redis/values.yaml

@@ -1120,6 +1120,7 @@ sentinel:
     ports:
       redis: 6379
       sentinel: 26379
+      proxy: 36379
     ## @param sentinel.service.nodePorts.redis Node port for Redis™
     ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
@@ -1129,6 +1130,7 @@ sentinel:
     ##
     nodePorts:
       redis: ""
+      proxy: ""
       sentinel: ""
     ## @param sentinel.service.externalTrafficPolicy Redis™ Sentinel service external traffic policy
     ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
@@ -1158,6 +1160,119 @@ sentinel:
   ##
   terminationGracePeriodSeconds: 30
 
+## @section Redis™ Sentinel configuration parameters
+##
+
+proxy:
+  ## @param sentinel.enabled Use Redis™ Sentinel on Redis™ pods.
+  ## IMPORTANT: this will disable the master and replicas services and
+  ## create a single Redis™ service exposing both the Redis and Sentinel ports
+  ##
+  enabled: true
+  ## Bitnami Redis™ Sentinel image version
+  ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/
+  ## @param sentinel.image.registry Redis™ Sentinel image registry
+  ## @param sentinel.image.repository Redis™ Sentinel image repository
+  ## @param sentinel.image.tag Redis™ Sentinel image tag (immutable tags are recommended)
+  ## @param sentinel.image.pullPolicy Redis™ Sentinel image pull policy
+  ## @param sentinel.image.pullSecrets Redis™ Sentinel image pull secrets
+  ## @param sentinel.image.debug Enable image debug mode
+  ##
+  ## todo: support both of amd64 and arm64
+  image:
+    registry: registry.drycc.cc
+    repository: drycc-addons/redis-sentinel
+    tag: "7.0"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ## e.g:
+    ## pullSecrets:
+    ##   - myRegistryKeySecretName
+    ##
+    pullSecrets: []
+    ## Enable debug mode
+    ##
+    debug: false
+  ## @param sentinel.command Override default container command (useful when using custom images)
+  ##
+  command: []
+  ## @param sentinel.args Override default container args (useful when using custom images)
+  ##
+  args: []
+  ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis™ Sentinel
+  ##
+  preExecCmds: []
+  ## Configure extra options for Redis™ containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+  ## @param sentinel.startupProbe.enabled Enable startupProbe on Redis™ Sentinel nodes
+  ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: true
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 22
+  ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis™ Sentinel nodes
+  ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 20
+    periodSeconds: 5
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 5
+  ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis™ Sentinel nodes
+  ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 20
+    periodSeconds: 5
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 5
+  ## Redis™ Sentinel resource requests and limits
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param sentinel.resources.limits The resources limits for the Redis™ Sentinel containers
+  ## @param sentinel.resources.requests The requested resources for the Redis™ Sentinel containers
+  ##
+  resources:
+    limits: {}
+    requests: {}
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param sentinel.containerSecurityContext.enabled Enabled Redis™ Sentinel containers' Security Context
+  ## @param sentinel.containerSecurityContext.runAsUser Set Redis™ Sentinel containers' Security Context runAsUser
+  ##
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+  ## @param proxy.containerPorts.proxy Container port to open on Redis™ Sentinel nodes
+  ##
+  containerPorts:
+    proxy: 36379
+
 ## @section Other Parameters
 ##
 

addons/redis/7.0/meta.yaml

@@ -33,6 +33,9 @@ allow_parameters:
 - name: "sentinel.enabled"
   required: false
   description: "sentinel enabled type config for values.yaml"
+- name: "proxy.enabled"
+  required: false
+  description: "proxy enabled type config for values.yaml"
 - name: "metrics.enable"
   required: false
   description: "metrics enable or not config for values.yaml"