[stable/redis] Support for istio

[glentakahashi]

Is your feature request related to a problem? Please describe.
Right now the Egress rules if you set networkPolicy = true don't work for Istio.

Describe the solution you'd like
I'm not 100% sure what the egress ports needed for istio are, but once I figure them out I can submit another PR. I'm also not sure if we would also maybe want to use a namespace selector for kube-system here? Or potentially even blanket allow egress to the kube-system egress

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

[juan131]

Hi @glentakahashi

I guess it could be related with Redis chart services not following the Istio specifications for port names on services.

Check for instance the changes we did on PostgreSQL to comply with Istio requirements:

• [stable/postgresql] Prefix port names with protocol to comply with Istio #19249

[zeph]

I got it working with Istio istio/istio#8374 (comment) , but... I miserably stumbled on the cluster-announce-ip issue: there is no way to let SENTINEL announce the istio-ingressgateway's IPs redis/redis#2527

even if you hack the redis configuration in a pod... you won't manage to get all the ingressgateways listed, as it is designed for only one IP at a time... so, the only chance would be to have a LB in front

[zeph]

p.s. might be that giving an IP/fqdn of a loadbalancer in the configuration, will cause sentinel's designed mechanisms of monitoring and fail over to go wild, @antirez?

[zeph]

for everyone else... SENTINEL, if asked about the instances... it won't answer with the IPs the client shall connect to from outside the cluster, but each POD's private IP... which would not be reachable from an application outside the cluster... the logic will fail

dst-knode04:26379> SENTINEL slaves mymaster
1)  1) "name"
    2) "172.31.113.123:6379"
    3) "ip"
    4) "172.31.113.123"
    5) "port"
    6) "6379"

thanks @szottE for guiding me through this ;)

[zeph]

@glentakahashi I'm not 100% (re-reading ur ticket) if I tackled your same problem, since you are talking of Egress, instead I have in inbound connectivity/logic issue of the application (redis/sentinel) itself

[zeph]

RTFM https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

[juan131]

I would like to mention that this chart has been deprecated and moved to https://github.com/bitnami/charts/tree/master/bitnami/redis

Find more information at https://github.com/helm/charts/tree/master/stable/redis#this-helm-chart-is-deprecated

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

[stale]

This issue is being automatically closed due to inactivity.