From 5d5ef7345ee6c205125ff341667025708b2134fc Mon Sep 17 00:00:00 2001 From: jshre898 Date: Fri, 12 Jul 2024 15:31:38 +0530 Subject: [PATCH 1/3] Redis Helm and app version upgrade --- examples/complete/aws/main.tf | 2 +- helm/values/values.yaml | 778 ++++++++++++++++++++++++++++++---- variables.tf | 4 +- 3 files changed, 689 insertions(+), 95 deletions(-) diff --git a/examples/complete/aws/main.tf b/examples/complete/aws/main.tf index 45e81cb..a5b1ec1 100644 --- a/examples/complete/aws/main.tf +++ b/examples/complete/aws/main.tf @@ -33,7 +33,7 @@ module "redis" { name = local.name values_yaml = file("./helm/values.yaml") environment = local.environment - app_version = "6.2.7-debian-11-r11" + app_version = "7.2.5-debian-12-r2" architecture = "replication" slave_volume_size = "10Gi" master_volume_size = "10Gi" diff --git a/helm/values/values.yaml b/helm/values/values.yaml index 6655a80..526857f 100644 --- a/helm/values/values.yaml +++ b/helm/values/values.yaml @@ -1,3 +1,6 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -47,7 +50,15 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - +## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address +## +useHostnames: true +## @param nameResolutionThreshold Failure threshold for internal hostnames resolution +## +nameResolutionThreshold: 5 +## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution +## +nameResolutionTimeout: 5 ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -62,15 +73,15 @@ diagnosticMode: ## args: - infinity - ## @section Redis® Image parameters ## ## Bitnami Redis® image ## ref: https://hub.docker.com/r/bitnami/redis/tags/ -## @param image.registry Redis® image registry -## @param image.repository Redis® image repository -## @param image.tag Redis® image tag (immutable tags are recommended) +## @param image.registry [default: REGISTRY_NAME] Redis® image registry +## @param image.repository [default: REPOSITORY_NAME/redis] Redis® image repository +## @skip image.tag Redis® image tag (immutable tags are recommended) +## @param image.digest Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.pullPolicy Redis® image pull policy ## @param image.pullSecrets Redis® image pull secrets ## @param image.debug Enable image debug mode @@ -79,9 +90,10 @@ image: registry: docker.io repository: bitnami/redis tag: ${app_version} + digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -95,16 +107,15 @@ image: ## Enable debug mode ## debug: false - ## @section Redis® common configuration parameters -## https://github.com/bitnami/bitnami-docker-redis#configuration +## https://github.com/bitnami/containers/tree/main/bitnami/redis#configuration ## ## @param architecture Redis® architecture. Allowed values: `standalone` or `replication` ## architecture: ${architecture} ## Redis® Authentication parameters -## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run +## ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run ## auth: ## @param auth.enabled Enable password authentication @@ -128,7 +139,9 @@ auth: ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable ## usePasswordFiles: false - + ## @param auth.usePasswordFileFromSecret Mount password file from secret + ## + usePasswordFileFromSecret: true ## @param commonConfiguration [string] Common configuration to be added into the ConfigMap ## ref: https://redis.io/topics/config ## @@ -141,14 +154,15 @@ commonConfiguration: |- ## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes ## existingConfigmap: "" - ## @section Redis® master configuration parameters ## - master: ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration) ## count: 1 + ## @param master.revisionHistoryLimit The number of old history to retain to allow rollback + ## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback + revisionHistoryLimit: 10 ## @param master.configuration Configuration for Redis® master nodes ## ref: https://redis.io/topics/config ## @@ -166,6 +180,9 @@ master: ## @param master.args Override default container args (useful when using custom images) ## args: [] + ## @param master.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true ## @param master.preExecCmds Additional commands to run prior to starting Redis® master ## preExecCmds: [] @@ -262,20 +279,42 @@ master: ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param master.podSecurityContext.enabled Enabled Redis® master pods' Security Context + ## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param master.podSecurityContext.fsGroup Set Redis® master pod's Security Context fsGroup ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param master.containerSecurityContext.enabled Enabled Redis® master containers' Security Context + ## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param master.containerSecurityContext.runAsUser Set Redis® master containers' Security Context runAsUser + ## @param master.containerSecurityContext.runAsGroup Set Redis® master containers' Security Context runAsGroup + ## @param master.containerSecurityContext.runAsNonRoot Set Redis® master containers' Security Context runAsNonRoot + ## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis® pod(s) privileges + ## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param master.containerSecurityContext.seccompProfile.type Set Redis® master containers' Security Context seccompProfile + ## @param master.containerSecurityContext.capabilities.drop Set Redis® master containers' Security Context capabilities to drop ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 - ## @param master.kind Use either Deployment or StatefulSet (default) + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + ## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ ## kind: StatefulSet @@ -289,13 +328,18 @@ master: ## updateStrategy: ## StrategyType - ## Can be set to RollingUpdate or OnDelete + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) ## type: RollingUpdate - rollingUpdate: {} + ## @param master.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 ## @param master.priorityClassName Redis® master pods' priorityClassName ## priorityClassName: "" + ## @param master.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param master.hostAliases Redis® master pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -345,7 +389,7 @@ master: ## affinity: {} ## @param master.nodeSelector Node labels for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param master.tolerations Tolerations for Redis® master pods assignment @@ -365,6 +409,7 @@ master: ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsPolicy: ClusterFirst + ## dnsPolicy: "" ## @param master.dnsConfig DNS Configuration for Redis® master pod ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ @@ -374,6 +419,7 @@ master: ## - name: ndots ## value: "4" ## - name: single-request-reopen + ## dnsConfig: {} ## @param master.lifecycleHooks for the Redis® master container(s) to automate configuration before or after startup ## @@ -406,7 +452,7 @@ master: ## initContainers: [] ## Persistence parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims @@ -426,6 +472,9 @@ master: ## NOTE: Useful in dev environments ## subPath: "" + ## @param master.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis® master containers + ## + subPathExpr: "" ## @param master.persistence.storageClass Persistent Volume storage class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -442,6 +491,9 @@ master: ## @param master.persistence.annotations Additional custom annotations for the PVC ## annotations: {} + ## @param master.persistence.labels Additional custom labels for the PVC + ## + labels: {} ## @param master.persistence.selector Additional labels to match for the PVC ## e.g: ## selector: @@ -456,12 +508,26 @@ master: ## NOTE: requires master.persistence.enabled: true ## existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain ## Redis® master service parameters ## service: ## @param master.service.type Redis® master service type ## type: ClusterIP + ## @param master.service.portNames.redis Redis® master service port name + ## + portNames: + redis: "tcp-redis" ## @param master.service.ports.redis Redis® master service port ## ports: @@ -490,6 +556,10 @@ master: ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" + ## @param master.service.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" ## @param master.service.loadBalancerSourceRanges Redis® master service Load Balancer sources ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g. @@ -497,6 +567,14 @@ master: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] + ## @param master.service.externalIPs Redis® master service External IPs + ## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## e.g. + ## externalIPs: + ## - 10.10.10.1 + ## - 201.22.30.1 + ## + externalIPs: [] ## @param master.service.annotations Additional custom annotations for Redis® master service ## annotations: {} @@ -514,14 +592,46 @@ master: ## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods ## terminationGracePeriodSeconds: 30 - + ## ServiceAccount configuration + ## + serviceAccount: + ## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param master.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false + ## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param master.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param master.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled + ## @param master.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `master.pdb.minAvailable` and `master.pdb.maxUnavailable` are empty. + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" ## @section Redis® replicas configuration parameters ## - replica: + ## @param replica.kind Use either DaemonSet or StatefulSet (default) + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + ## + kind: StatefulSet ## @param replica.replicaCount Number of Redis® replicas to deploy ## replicaCount: ${slave_replicacount} + ## @param replica.revisionHistoryLimit The number of old history to retain to allow rollback + ## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback + revisionHistoryLimit: 10 ## @param replica.configuration Configuration for Redis® replicas nodes ## ref: https://redis.io/topics/config ## @@ -539,6 +649,9 @@ replica: ## @param replica.args Override default container args (useful when using custom images) ## args: [] + ## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true ## @param replica.preExecCmds Additional commands to run prior to starting Redis® replicas ## preExecCmds: [] @@ -629,9 +742,9 @@ replica: ## customReadinessProbe: {} ## Redis® replicas resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param replica.resources.limits The resources limits for the Redis® replicas containers - ## @param replica.resources.requests The requested resources for the Redis® replicas containers + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resources: # We usually recommend not to specify default resources and to leave this as a conscious @@ -644,22 +757,45 @@ replica: requests: cpu: 100m memory: 250Mi + ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param replica.podSecurityContext.enabled Enabled Redis® replicas pods' Security Context + ## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param replica.podSecurityContext.fsGroup Set Redis® replicas pod's Security Context fsGroup ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param replica.containerSecurityContext.enabled Enabled Redis® replicas containers' Security Context + ## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param replica.containerSecurityContext.runAsUser Set Redis® replicas containers' Security Context runAsUser + ## @param replica.containerSecurityContext.runAsGroup Set Redis® replicas containers' Security Context runAsGroup + ## @param replica.containerSecurityContext.runAsNonRoot Set Redis® replicas containers' Security Context runAsNonRoot + ## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis® replicas pod's Security Context allowPrivilegeEscalation + ## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param replica.containerSecurityContext.seccompProfile.type Set Redis® replicas containers' Security Context seccompProfile + ## @param replica.containerSecurityContext.capabilities.drop Set Redis® replicas containers' Security Context capabilities to drop ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -670,10 +806,12 @@ replica: ## updateStrategy: ## StrategyType - ## Can be set to RollingUpdate or OnDelete + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) ## type: RollingUpdate - rollingUpdate: {} + ## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 ## @param replica.priorityClassName Redis® replicas pods' priorityClassName ## priorityClassName: "" @@ -681,6 +819,9 @@ replica: ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: "" + ## @param replica.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param replica.hostAliases Redis® replicas pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -730,7 +871,7 @@ replica: ## affinity: {} ## @param replica.nodeSelector Node labels for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param replica.tolerations Tolerations for Redis® replicas pods assignment @@ -750,6 +891,7 @@ replica: ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsPolicy: ClusterFirst + ## dnsPolicy: "" ## @param replica.dnsConfig DNS Configuration for Redis® replica pods ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ @@ -759,6 +901,7 @@ replica: ## - name: ndots ## value: "4" ## - name: single-request-reopen + ## dnsConfig: {} ## @param replica.lifecycleHooks for the Redis® replica container(s) to automate configuration before or after startup ## @@ -791,7 +934,7 @@ replica: ## initContainers: [] ## Persistence Parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: ## @param replica.persistence.enabled Enable persistence on Redis® replicas nodes using Persistent Volume Claims @@ -811,6 +954,9 @@ replica: ## NOTE: Useful in dev environments ## subPath: "" + ## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis® replicas containers + ## + subPathExpr: "" ## @param replica.persistence.storageClass Persistent Volume storage class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -827,6 +973,9 @@ replica: ## @param replica.persistence.annotations Additional custom annotations for the PVC ## annotations: {} + ## @param replica.persistence.labels Additional custom labels for the PVC + ## + labels: {} ## @param replica.persistence.selector Additional labels to match for the PVC ## e.g: ## selector: @@ -841,6 +990,16 @@ replica: ## NOTE: requires replica.persistence.enabled: true ## existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain ## Redis® replicas service parameters ## service: @@ -875,6 +1034,10 @@ replica: ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" + ## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" ## @param replica.service.loadBalancerSourceRanges Redis® replicas service Load Balancer sources ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g. @@ -917,7 +1080,33 @@ replica: ## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling ## targetMemory: "" - + ## ServiceAccount configuration + ## + serviceAccount: + ## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param replica.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false + ## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param replica.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param replica.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled + ## @param replica.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" ## @section Redis® Sentinel configuration parameters ## @@ -929,9 +1118,10 @@ sentinel: enabled: false ## Bitnami Redis® Sentinel image version ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/ - ## @param sentinel.image.registry Redis® Sentinel image registry - ## @param sentinel.image.repository Redis® Sentinel image repository - ## @param sentinel.image.tag Redis® Sentinel image tag (immutable tags are recommended) + ## @param sentinel.image.registry [default: REGISTRY_NAME] Redis® Sentinel image registry + ## @param sentinel.image.repository [default: REPOSITORY_NAME/redis-sentinel] Redis® Sentinel image repository + ## @skip sentinel.image.tag Redis® Sentinel image tag (immutable tags are recommended) + ## @param sentinel.image.digest Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param sentinel.image.pullPolicy Redis® Sentinel image pull policy ## @param sentinel.image.pullSecrets Redis® Sentinel image pull secrets ## @param sentinel.image.debug Enable image debug mode @@ -939,10 +1129,11 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 6.2.7-debian-11-r12 + tag: 7.2.5-debian-12-r2 + digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -956,6 +1147,9 @@ sentinel: ## Enable debug mode ## debug: false + ## @param sentinel.annotations Additional custom annotations for Redis® Sentinel resource + ## + annotations: {} ## @param sentinel.masterSet Master set name ## masterSet: mymaster @@ -963,19 +1157,22 @@ sentinel: ## quorum: 2 ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out. - ## NOTE: This is directly related to the startupProbes which are configured to run every 10 seconds for a total of 22 failures. If adjusting this value, also adjust the startupProbes. - getMasterTimeout: 220 + ## + getMasterTimeout: 90 ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. ## automateClusterRecovery: false + ## @param sentinel.redisShutdownWaitFailover Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). + ## + redisShutdownWaitFailover: true ## Sentinel timing restrictions ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis® node is down ## @param sentinel.failoverTimeout Timeout for performing a election failover ## downAfterMilliseconds: 60000 - failoverTimeout: 18000 + failoverTimeout: 180000 ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover ## parallelSyncs: 1 @@ -989,6 +1186,9 @@ sentinel: ## @param sentinel.args Override default container args (useful when using custom images) ## args: [] + ## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis® Sentinel ## preExecCmds: [] @@ -1043,10 +1243,10 @@ sentinel: livenessProbe: enabled: true initialDelaySeconds: 20 - periodSeconds: 5 + periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 - failureThreshold: 5 + failureThreshold: 6 ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis® Sentinel nodes ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe @@ -1071,7 +1271,7 @@ sentinel: ## customReadinessProbe: {} ## Persistence parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: ## @param sentinel.persistence.enabled Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) @@ -1093,6 +1293,9 @@ sentinel: ## @param sentinel.persistence.annotations Additional custom annotations for the PVC ## annotations: {} + ## @param sentinel.persistence.labels Additional custom labels for the PVC + ## + labels: {} ## @param sentinel.persistence.selector Additional labels to match for the PVC ## e.g: ## selector: @@ -1106,6 +1309,19 @@ sentinel: ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes. ## medium: "" + ## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain ## Redis® Sentinel resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param sentinel.resources.limits The resources limits for the Redis® Sentinel containers @@ -1121,11 +1337,27 @@ sentinel: ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param sentinel.containerSecurityContext.enabled Enabled Redis® Sentinel containers' Security Context + ## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser + ## @param sentinel.containerSecurityContext.runAsGroup Set Redis® Sentinel containers' Security Context runAsGroup + ## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis® Sentinel containers' Security Context runAsNonRoot + ## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation + ## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis® Sentinel containers' Security Context seccompProfile + ## @param sentinel.containerSecurityContext.capabilities.drop Set Redis® Sentinel containers' Security Context capabilities to drop ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup ## lifecycleHooks: {} @@ -1136,7 +1368,7 @@ sentinel: ## extraVolumeMounts: [] ## Redis® Sentinel service parameters - ## + ## Note: values passed in this section also configure the master service, unless the sentinel.masterService is explicitly overridden. service: ## @param sentinel.service.type Redis® Sentinel service type ## @@ -1167,10 +1399,19 @@ sentinel: ## @param sentinel.service.clusterIP Redis® Sentinel service Cluster IP ## clusterIP: "" + ## @param sentinel.service.createMaster Enable master service pointing to the current master (experimental) + ## NOTE: rbac.create need to be set to true + ## + createMaster: false + ## @param sentinel.service.loadBalancerIP Redis® Sentinel service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" + ## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" ## @param sentinel.service.loadBalancerSourceRanges Redis® Sentinel service Load Balancer sources ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g. @@ -1192,13 +1433,85 @@ sentinel: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param sentinel.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + + ## Redis® master service parameters + ## + masterService: + ## @param sentinel.masterService.enabled Enable master service pointing to the current master (experimental) + ## NOTE: rbac.create need to be set to true + ## + enabled: false + ## @param sentinel.masterService.type Redis® Sentinel master service type + ## + type: ClusterIP + ## @param sentinel.masterService.ports.redis Redis® service port for Redis® + ## + ports: + redis: 6379 + ## @param sentinel.masterService.nodePorts.redis Node port for Redis® + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## NOTE: By leaving these values blank, they will be generated by ports-configmap + ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port + ## + nodePorts: + redis: "" + ## @param sentinel.masterService.externalTrafficPolicy Redis® master service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: "" + ## @param sentinel.masterService.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param sentinel.masterService.clusterIP Redis® master service Cluster IP + ## + clusterIP: "" + ## @param sentinel.masterService.loadBalancerIP Redis® master service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param sentinel.masterService.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" + ## @param sentinel.masterService.loadBalancerSourceRanges Redis® master service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param sentinel.masterService.annotations Additional custom annotations for Redis® master service + ## + annotations: {} + ## @param sentinel.masterService.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param sentinel.masterService.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods ## terminationGracePeriodSeconds: 30 - ## @section Other Parameters ## +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false ## Network Policy configuration ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -1212,6 +1525,9 @@ networkPolicy: ## (with the correct destination port). ## allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy ## e.g: ## extraIngress: @@ -1251,6 +1567,16 @@ networkPolicy: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} + metrics: + ## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint + ## When set to false, only pods with the correct client label will have network access to the metrics port + ## + allowExternal: true + ## @param networkPolicy.metrics.ingressNSMatchLabels Labels to match to allow traffic from other namespaces to metrics endpoint + ## @param networkPolicy.metrics.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces to metrics endpoint + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## PodSecurityPolicy configuration ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## @@ -1339,26 +1665,26 @@ tls: ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) ## dhParamsFilename: "" - ## @section Metrics Parameters ## - metrics: ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis® metrics ## enabled: ${redis_exporter_enabled} ## Bitnami Redis® Exporter image ## ref: https://hub.docker.com/r/bitnami/redis-exporter/tags/ - ## @param metrics.image.registry Redis® Exporter image registry - ## @param metrics.image.repository Redis® Exporter image repository - ## @param metrics.image.tag Redis® Redis® Exporter image tag (immutable tags are recommended) + ## @param metrics.image.registry [default: REGISTRY_NAME] Redis® Exporter image registry + ## @param metrics.image.repository [default: REPOSITORY_NAME/redis-exporter] Redis® Exporter image repository + ## @skip metrics.image.tag Redis® Exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.pullPolicy Redis® Exporter image pull policy ## @param metrics.image.pullSecrets Redis® Exporter image pull secrets ## image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.43.0-debian-11-r4 + tag: 1.61.0-debian-12-r2 + digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1368,6 +1694,63 @@ metrics: ## - myRegistryKeySecretName ## pullSecrets: [] + ## @param metrics.containerPorts.http Metrics HTTP container port + ## + containerPorts: + http: 9121 + ## Configure extra options for Redis® containers' liveness, readiness & startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ## @param metrics.startupProbe.enabled Enable startupProbe on Redis® replicas nodes + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param metrics.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} ## @param metrics.command Override default metrics container init command (useful when using custom images) ## command: [] @@ -1391,11 +1774,27 @@ metrics: ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param metrics.containerSecurityContext.enabled Enabled Redis® exporter containers' Security Context + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser Set Redis® exporter containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsGroup Set Redis® exporter containers' Security Context runAsGroup + ## @param metrics.containerSecurityContext.runAsNonRoot Set Redis® exporter containers' Security Context runAsNonRoot + ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis® exporter containers' Security Context allowPrivilegeEscalation + ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param metrics.containerSecurityContext.seccompProfile.type Set Redis® exporter containers' Security Context seccompProfile + ## @param metrics.containerSecurityContext.capabilities.drop Set Redis® exporter containers' Security Context capabilities to drop ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar ## extraVolumes: [] @@ -1403,13 +1802,22 @@ metrics: ## extraVolumeMounts: [] ## Redis® exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param metrics.resources.limits The resources limits for the Redis® exporter container - ## @param metrics.resources.requests The requested resources for the Redis® exporter container - ## - resources: - limits: {} - requests: {} + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param metrics.podLabels Extra labels for Redis® exporter pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## @@ -1423,12 +1831,16 @@ metrics: ## Redis® exporter service parameters ## service: + ## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor + ## + enabled: true ## @param metrics.service.type Redis® exporter service type ## type: ClusterIP - ## @param metrics.service.port Redis® exporter service port + ## @param metrics.service.ports.http Redis® exporter service port ## - port: 9121 + ports: + http: 9121 ## @param metrics.service.externalTrafficPolicy Redis® exporter service external traffic policy ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## @@ -1440,6 +1852,10 @@ metrics: ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" + ## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" ## @param metrics.service.loadBalancerSourceRanges Redis® exporter service Load Balancer sources ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g. @@ -1450,11 +1866,17 @@ metrics: ## @param metrics.service.annotations Additional custom annotations for Redis® exporter service ## annotations: {} + ## @param metrics.service.clusterIP Redis® exporter service Cluster IP + ## + clusterIP: "" ## Prometheus Service Monitor ## ref: https://github.com/coreos/prometheus-operator ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## serviceMonitor: + ## @param metrics.serviceMonitor.port the service port to scrape metrics from + ## + port: http-metrics ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator ## enabled: true @@ -1467,7 +1889,10 @@ metrics: ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended ## scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping. + ## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead. ## relabellings: [] ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. @@ -1480,6 +1905,85 @@ metrics: ## additionalLabels: release: prometheus-operator + ## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics + ## + podTargetLabels: [] + ## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod + ## + sampleLimit: false + ## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped + ## + targetLimit: false + ## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) + ## + additionalEndpoints: [] + # uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Redis container metrics + # add metricRelabelings with label like app=redis to main redis pod-monitor port + # - interval: "30s" + # path: "/scrape" + # port: "metrics" + # params: + # target: ["localhost:26379"] + # metricRelabelings: + # - targetLabel: "app" + # replacement: "sentinel" + ## Prometheus Pod Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor + ## + podMonitor: + ## @param metrics.podMonitor.port the pod port to scrape metrics from + ## + port: metrics + ## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.podMonitor.namespace The namespace in which the PodMonitor will be created + ## + namespace: "" + ## @param metrics.podMonitor.interval The interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended + ## + scrapeTimeout: "" + ## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead. + ## + relabellings: [] + ## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - targetLabel: "app" + # replacement: "redis" + ## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.podMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics + ## + podTargetLabels: [] + ## @param metrics.podMonitor.sampleLimit Limit of how many samples should be scraped from every Pod + ## + sampleLimit: false + ## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped + ## + targetLimit: false + ## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) + ## + additionalEndpoints: [] + # - interval: "30s" + # path: "/scrape" + # port: "metrics" + # params: + # target: ["localhost:26379"] + # metricRelabelings: + # - targetLabel: "app" + # replacement: "sentinel" ## Custom PrometheusRule to be defined ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions ## @@ -1529,7 +2033,6 @@ metrics: ## Redis® instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. ## rules: [] - ## @section Init Container Parameters ## @@ -1541,18 +2044,20 @@ volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param volumePermissions.image.registry Bitnami Shell image registry - ## @param volumePermissions.image.repository Bitnami Shell image repository - ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy - ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets ## image: registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r11 + repository: bitnami/os-shell + tag: 12-debian-12-r24 + digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1563,23 +2068,101 @@ volumePermissions: ## pullSecrets: [] ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: + seLinuxOptions: {} runAsUser: 0 +## Kubectl InitContainer +## used by Sentinel to update the isMaster label on the Redis(TM) pods +## +kubectl: + ## Bitnami Kubectl image version + ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/ + ## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry + ## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository + ## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version + ## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param kubectl.image.pullPolicy Kubectl image pull policy + ## @param kubectl.image.pullSecrets Kubectl pull secrets + ## + image: + registry: docker.io + repository: bitnami/kubectl + tag: 1.30.2-debian-12-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param kubectl.command kubectl command to execute + ## + command: ["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"] + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context + ## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser + ## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup + ## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot + ## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation + ## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile + ## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + ## Bitnami Kubectl resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param kubectl.resources.limits The resources limits for the kubectl containers + ## @param kubectl.resources.requests The requested resources for the kubectl containers + ## + resources: + limits: {} + requests: {} + ## init-sysctl container parameters ## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) ## @@ -1587,18 +2170,20 @@ sysctl: ## @param sysctl.enabled Enable init container to modify Kernel settings ## enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param sysctl.image.registry Bitnami Shell image registry - ## @param sysctl.image.repository Bitnami Shell image repository - ## @param sysctl.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param sysctl.image.pullPolicy Bitnami Shell image pull policy - ## @param sysctl.image.pullSecrets Bitnami Shell image pull secrets + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param sysctl.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param sysctl.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip sysctl.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param sysctl.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param sysctl.image.pullPolicy OS Shell + Utility image pull policy + ## @param sysctl.image.pullSecrets OS Shell + Utility image pull secrets ## image: registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r11 + repository: bitnami/os-shell + tag: 12-debian-12-r24 + digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1615,23 +2200,32 @@ sysctl: ## mountHostSys: false ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param sysctl.resources.limits The resources limits for the init container - ## @param sysctl.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} - + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @section useExternalDNS Parameters ## ## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. ## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. -## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. +## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. ## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. ## useExternalDNS: enabled: false suffix: "" annotationKey: external-dns.alpha.kubernetes.io/ - additionalAnnotations: {} \ No newline at end of file + additionalAnnotations: {} + diff --git a/variables.tf b/variables.tf index 4796762..df9721f 100644 --- a/variables.tf +++ b/variables.tf @@ -5,7 +5,7 @@ variable "redis_config" { environment = "" master_volume_size = "" architecture = "replication" - app_version = "6.2.7-debian-11-r11" + app_version = "7.2.5-debian-12-r2" slave_replica_count = 1 slave_volume_size = "" storage_class_name = "" @@ -17,7 +17,7 @@ variable "redis_config" { variable "chart_version" { type = string - default = "16.13.2" + default = "19.6.1" description = "Version of the chart for the Redis application that will be deployed." } From 3846d9f0904ec3c39a2825ec6685d2c6338abfa9 Mon Sep 17 00:00:00 2001 From: jshre898 Date: Sat, 13 Jul 2024 13:13:30 +0530 Subject: [PATCH 2/3] Pre-commit run --- IAM.md | 2 +- README.md | 5 ++- examples/complete/aws/README.md | 4 +-- examples/complete/aws/helm/values.yaml | 4 +-- examples/complete/azure/README.md | 37 ++++++++++++++++++++- examples/complete/gcp/README.md | 3 +- examples/complete/gcp/main.tf | 6 ++-- examples/complete/gcp/provider.tf | 2 +- helm/values/values.yaml | 3 +- modules/resources/azure/README.md | 46 +++++++++++++++++++++++++- modules/resources/azure/main.tf | 2 +- modules/resources/azure/variables.tf | 2 +- modules/resources/gcp/main.tf | 2 +- 13 files changed, 97 insertions(+), 21 deletions(-) diff --git a/IAM.md b/IAM.md index 9b029a9..ec903a5 100644 --- a/IAM.md +++ b/IAM.md @@ -46,4 +46,4 @@ The Policy required to deploy this module: "Microsoft.Resources/subscriptions/resourcegroups/read"] not_actions = [] } -``` \ No newline at end of file +``` diff --git a/README.md b/README.md index 7f38aec..97a831c 100644 --- a/README.md +++ b/README.md @@ -117,15 +117,14 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [app\_version](#input\_app\_version) | Version of the Redis application that will be deployed. | `string` | `"6.2.7-debian-11-r11"` | no | -| [chart\_version](#input\_chart\_version) | Version of the chart for the Redis application that will be deployed. | `string` | `"16.13.2"` | no | +| [chart\_version](#input\_chart\_version) | Version of the chart for the Redis application that will be deployed. | `string` | `"19.6.1"` | no | | [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no | | [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | 
{
  "password": ""
}
| no | | [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no | | [grafana\_monitoring\_enabled](#input\_grafana\_monitoring\_enabled) | Specify whether or not to deploy Redis exporter to collect Redis metrics for monitoring in Grafana. | `bool` | `false` | no | | [namespace](#input\_namespace) | Namespace where the Redis resources will be deployed. | `string` | `"redis"` | no | | [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before it can delete the secret. The value can be 0 to force deletion without recovery, or a range from 7 to 30 days. | `number` | `0` | no | -| [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values. | `any` | 
{
  "architecture": "replication",
  "environment": "",
  "master_volume_size": "",
  "name": "",
  "slave_replica_count": 1,
  "slave_volume_size": "",
  "storage_class_name": "",
  "store_password_to_secret_manager": true,
  "values_yaml": ""
}
| no | +| [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values. | `any` | 
{
  "app_version": "7.2.5-debian-12-r2",
  "architecture": "replication",
  "environment": "",
  "master_volume_size": "",
  "name": "",
  "slave_replica_count": 1,
  "slave_volume_size": "",
  "storage_class_name": "",
  "store_password_to_secret_manager": true,
  "values_yaml": ""
}
| no | | [redis\_password](#input\_redis\_password) | n/a | `string` | `""` | no | ## Outputs diff --git a/examples/complete/aws/README.md b/examples/complete/aws/README.md index 8cd6f7e..1e1ff2c 100644 --- a/examples/complete/aws/README.md +++ b/examples/complete/aws/README.md @@ -17,10 +17,12 @@ No requirements. | Name | Version | |------|---------| | [aws](#provider\_aws) | n/a | + ## Modules | Name | Source | Version | |------|--------|---------| +| [aws](#module\_aws) | squareops/redis/kubernetes//modules/resources/aws | n/a | | [redis](#module\_redis) | squareops/redis/kubernetes | n/a | ## Resources @@ -29,8 +31,6 @@ No requirements. |------|------| | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | | [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | -| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source | -| [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source | ## Inputs diff --git a/examples/complete/aws/helm/values.yaml b/examples/complete/aws/helm/values.yaml index 27312b2..a169ff0 100644 --- a/examples/complete/aws/helm/values.yaml +++ b/examples/complete/aws/helm/values.yaml @@ -24,6 +24,6 @@ replica: commonConfiguration: |- # Enable AOF https://redis.io/topics/persistence#append-only-file appendonly yes - maxclients 2000 + maxclients 2000 # Disable RDB persistence, AOF persistence already enabled. - save "" \ No newline at end of file + save "" diff --git a/examples/complete/azure/README.md b/examples/complete/azure/README.md index db07f24..10eee62 100644 --- a/examples/complete/azure/README.md +++ b/examples/complete/azure/README.md @@ -41,4 +41,39 @@ No inputs. |------|-------------| | [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. | | [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. | - \ No newline at end of file + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [azure](#module\_azure) | squareops/redis/kubernetes//modules/resources/azure | n/a | +| [redis](#module\_redis) | squareops/redis/kubernetes | n/a | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. | +| [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. | + diff --git a/examples/complete/gcp/README.md b/examples/complete/gcp/README.md index 5840c03..57d7f84 100644 --- a/examples/complete/gcp/README.md +++ b/examples/complete/gcp/README.md @@ -22,14 +22,13 @@ No requirements. | Name | Source | Version | |------|--------|---------| +| [gcp](#module\_gcp) | squareops/redis/kubernetes//modules/resources/gcp | n/a | | [redis](#module\_redis) | squareops/redis/kubernetes | n/a | ## Resources | Name | Type | |------|------| -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | -| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | | [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source | | [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source | diff --git a/examples/complete/gcp/main.tf b/examples/complete/gcp/main.tf index 0362110..46b40f8 100644 --- a/examples/complete/gcp/main.tf +++ b/examples/complete/gcp/main.tf @@ -10,7 +10,7 @@ locals { create_namespace = true namespace = "redis" store_password_to_secret_manager = true - custom_credentials_enabled = true + custom_credentials_enabled = true custom_credentials_config = { password = "aajdhgduy3873683dh" } @@ -45,6 +45,6 @@ module "redis" { } grafana_monitoring_enabled = true custom_credentials_enabled = local.custom_credentials_enabled - custom_credentials_config = local.custom_credentials_config - redis_password = local.custom_credentials_enabled ? "" : module.gcp.redis_password + custom_credentials_config = local.custom_credentials_config + redis_password = local.custom_credentials_enabled ? "" : module.gcp.redis_password } diff --git a/examples/complete/gcp/provider.tf b/examples/complete/gcp/provider.tf index 686255d..d08fdf6 100644 --- a/examples/complete/gcp/provider.tf +++ b/examples/complete/gcp/provider.tf @@ -18,4 +18,4 @@ provider "helm" { token = data.google_client_config.default.access_token cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate) } -} \ No newline at end of file +} diff --git a/helm/values/values.yaml b/helm/values/values.yaml index 526857f..9be9a20 100644 --- a/helm/values/values.yaml +++ b/helm/values/values.yaml @@ -148,7 +148,7 @@ auth: commonConfiguration: |- # Enable AOF https://redis.io/topics/persistence#append-only-file appendonly yes - maxclients 2000 + maxclients 2000 # Disable RDB persistence, AOF persistence already enabled. save "" ## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes @@ -2228,4 +2228,3 @@ useExternalDNS: suffix: "" annotationKey: external-dns.alpha.kubernetes.io/ additionalAnnotations: {} - diff --git a/modules/resources/azure/README.md b/modules/resources/azure/README.md index 566ef82..8eb4847 100644 --- a/modules/resources/azure/README.md +++ b/modules/resources/azure/README.md @@ -43,4 +43,48 @@ No modules. | Name | Description | |------|-------------| | [redis\_password](#output\_redis\_password) | n/a | - \ No newline at end of file + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_key_vault.redis-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource | +| [azurerm_key_vault_secret.redis-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [random_password.redis_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | 
{
  "password": ""
}
| no | +| [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no | +| [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no | +| [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no | +| [resource\_group\_location](#input\_resource\_group\_location) | Azure resource group location | `string` | `""` | no | +| [resource\_group\_name](#input\_resource\_group\_name) | Azure resource group name | `string` | `""` | no | +| [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [redis\_password](#output\_redis\_password) | n/a | + diff --git a/modules/resources/azure/main.tf b/modules/resources/azure/main.tf index c03e2ac..15261d6 100644 --- a/modules/resources/azure/main.tf +++ b/modules/resources/azure/main.tf @@ -55,4 +55,4 @@ resource "azurerm_key_vault_secret" "redis-secret" { output "redis_password" { value = var.custom_credentials_enabled ? null : nonsensitive(random_password.redis_password[0].result) -} \ No newline at end of file +} diff --git a/modules/resources/azure/variables.tf b/modules/resources/azure/variables.tf index 7c9f431..7812555 100644 --- a/modules/resources/azure/variables.tf +++ b/modules/resources/azure/variables.tf @@ -40,4 +40,4 @@ variable "custom_credentials_config" { password = "" } description = "Specify the configuration settings for Redis to pass custom credentials during creation." -} \ No newline at end of file +} diff --git a/modules/resources/gcp/main.tf b/modules/resources/gcp/main.tf index 94d9213..3b9b4f6 100644 --- a/modules/resources/gcp/main.tf +++ b/modules/resources/gcp/main.tf @@ -31,4 +31,4 @@ resource "google_secret_manager_secret_version" "redis_secret" { output "redis_password" { value = var.custom_credentials_enabled ? null : nonsensitive(random_password.redis_password[0].result) -} \ No newline at end of file +} From 1939b1dc8b42afcb35ad65d368fd0ad332eb00aa Mon Sep 17 00:00:00 2001 From: jshre898 Date: Mon, 15 Jul 2024 15:01:58 +0530 Subject: [PATCH 3/3] Versions Updated --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 97a831c..370fe90 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ This module creates a Redis master and one or more Redis slaves, depending on th | Redis Helm Chart Version | K8s supported version (EKS, AKS & GKE) | | :-----: | :--- | -| **16.13.2** | **1.23,1.24,1.25,1.26,1.27** | +| **19.6.1** | **1.23,1.24,1.25,1.26,1.27,1.28,1.29** | ## Usage Example