added all config files to a configmap and updated everything to use it.

fixed haproxy so at least it isn't stuck in a restart loop. (doesn't know about the redis pods yet though)

added all config files to a configmap and updated everything to use it.
fixed haproxy so at least it isn't stuck in a restart loop. (doesn't know about the redis pods yet though)
c5ee83a8 · Edward Hicks · 209ba10a · c5ee83a8 · c5ee83a8 · c5ee83a8
Commit c5ee83a8 authored 6 years ago by Edward Hicks
--- a/haproxy.cfg
+++ b/haproxy.cfg
+global
+  log 127.0.0.1 local0
+  log 127.0.0.1 local1 notice
+  log-send-hostname
+  maxconn 4096
+  pidfile /var/run/haproxy.pid
+  user nobody
+  group nogroup
+  daemon
+  ssl-default-bind-options no-sslv3
+  ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA
+defaults
+  balance roundrobin
+  log global
+  mode tcp
+  option tcplog
+  option dontlognull
+  option dontlog-normal
+  timeout tunnel 86400s
+listen redis
+  bind :6379 ssl crt /etc/ssl/private/tls.crt
+  mode tcp
+  option tcp-check
+  tcp-check connect
+  tcp-check send AUTH\ [[PASSWORD]]\r\n
+  tcp-check expect string +OK
+  tcp-check send PING\r\n
+  tcp-check expect string +PONG
+  tcp-check send INFO\ REPLICATION\r\n
+  tcp-check expect string role:master
+  tcp-check send QUIT\r\n
+# server redis-abrc_redis3.1.rqmjhwfyzxqx518el0qzp72km 10.0.1.10:6379 check
+# server redis-abrc_redis2.1.zywyxgr6gciu4gm7xw9qxy7hc 10.0.1.26:6379 check
--- a/redis.template.conf
+++ b/redis.template.conf
+loglevel notice
+protected-mode no
+dir /data
+maxclients 2048
+timeout 86400
+requirepass "[[PASSWORD]]"
+masterauth "[[PASSWORD]]"
--- a/sentinel.template.conf
+++ b/sentinel.template.conf
+port 26379
+protected-mode no
+dir /data
+
+sentinel monitor [[APPNAME]] osuredis-[[APPNAME]]-0.[[NAMESPACE]].svc.cluster.local 6379 2
+sentinel down-after-milliseconds [[APPNAME]] 5000
+sentinel failover-timeout [[APPNAME]] 10000
+sentinel auth-pass [[APPNAME]] [[PASSWORD]]
--- a/templates/config.yaml
+++ b/templates/config.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "osuredis-{{.Values.appName}}-config"
+  labels:
+    app.kubernetes.io/name: "osuredis-{{.Values.appName}}"
+    app.kubernetes.io/instance: "{{.Release.Name}}"
+    app.kubernetes.io/managed-by: "{{.Release.Service}}"
+data:
+  haproxy.cfg: |-
+    {{- .Files.Get "haproxy.cfg" | replace "[[PASSWORD]]" .Values.appPassword | nindent 4 }}
+  redis.template.conf: |-
+    {{- .Files.Get "redis.template.conf" | replace "[[PASSWORD]]" .Values.appPassword | nindent 4 }}
+  sentinel.template.conf: |-
+    {{- .Files.Get "sentinel.template.conf" | replace "[[APPNAME]]" .Values.appName | replace "[[PASSWORD]]" .Values.appPassword | replace "[[NAMESPACE]]" .Release.Namespace | nindent 4 }}
--- a/templates/proxy-deploy.yaml
+++ b/templates/proxy-deploy.yaml
@@ -21,29 +21,30 @@ spec:
        app.kubernetes.io/name: "osuredis-{{.Values.appName}}"
        app.kubernetes.io/instance: "{{.Release.Name}}"
    spec:
+      restartPolicy: Always
      volumes:
        - name: "tls-secret"
          secret:
            secretName: "{{.Values.proxy.tlsSecret}}"
+        - name: "config"
+          configMap:
+            name: "osuredis-{{.Values.appName}}-config"
      containers:
        - name: "proxy"
          image: "{{.Values.proxy.repository}}:{{.Values.proxy.tag}}"
          imagePullPolicy: {{.Values.proxy.pullPolicy}}
+          args:
+            - "-f"
+            - "/config/haproxy.cfg"
          volumeMounts:
            - name: "tls-secret"
              mountPath: "/etc/ssl/private"
              readOnly: true
+            - name: "config"
+              mountPath: "/config"
          ports:
            - name: "redis"
              containerPort: 6379
-          env:
-            - name: "APPNAME"
-              value: "{{.Values.appName}}"
-# I really have no idea here
-#  - CERT_FOLDER=/etc/ssl/private/tls.(crt|key)
-#  - MODE=tcp
-#  - OPTION=tcplog,dontlognull,dontlog-normal
-#  - TIMEOUT=tunnel 86400s
          livenessProbe:
            initialDelaySeconds: 60
            periodSeconds: 30

--- a/templates/redis-ss.yaml
+++ b/templates/redis-ss.yaml
@@ -32,47 +32,32 @@ spec:
        app.kubernetes.io/instance: "{{.Release.Name}}"
    spec:
      restartPolicy: Always
+      volumes:
+        - name: "templates"
+          configMap:
+            name: "osuredis-{{.Values.appName}}-config"
      initContainers:
-        - name: "buildconfig-redis"
-          image: "alpine:3.6"
+        - name: "buildconfigs"
+          image: "alpine"
          imagePullPolicy: IfNotPresent
          securityContext:
            runAsUser: 6379
          command:
            - "sh"
            - "-c"
-            - "echo -n $HOSTNAME | sed 's/.*\\-\\([0-9]\\+\\)$/\\1/g' >/data/nodeid.txt;
-               echo 'loglevel notice' >/data/redis.conf;
-               echo 'protected-mode no' >>/data/redis.conf;
-               echo 'dir /data' >>/data/redis.conf;
-               echo 'maxclients 2048' >>/data/redis.conf;
-               echo 'timeout 86400' >>/data/redis.conf;
-               echo 'requirepass \"{{.Values.appPassword}}\"' >>/data/redis.conf;
-               echo 'masterauth \"{{.Values.appPassword}}\"' >>/data/redis.conf;
-               if [ \"$(cat /data/nodeid.txt)\" != '0' ]; then
-                 echo 'slaveof osuredis-{{.Values.appName}}-0.default.svc.cluster.local 6379' >>/data/redis.conf;
+            - "cp /templates/redis.template.conf /data/redis.conf;
+               cp /templates/sentinel.template.conf /data/sentinel.conf;
+               echo '' >>/data/redis.conf;
+               NODEID=$(echo -n $HOSTNAME | sed 's/.*\\-\\([0-9]\\+\\)$/\\1/g');
+               if [ \"$NODEID\" != '0' ]; then
+                 echo 'slaveof osuredis-{{.Values.appName}}-0.{{.Release.Namespace}}.svc.cluster.local 6379' >>/data/redis.conf;
               fi"
          volumeMounts:
            - name: "persistent-data"
              mountPath: "/data"
-        - name: "buildconfig-sentinel"
-          image: "alpine:3.6"
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            runAsUser: 6379
-          command:
-            - "sh"
-            - "-c"
-            - "echo 'port 26379' >/data/sentinel.conf;
-               echo 'protected-mode no' >>/data/sentinel.conf;
-               echo 'dir /data' >>/data/sentinel.conf;
-               echo 'sentinel monitor {{.Values.appName}} osuredis-{{.Values.appName}}-0.default.svc.cluster.local 6379 2' >>/data/sentinel.conf;
-               echo 'sentinel down-after-milliseconds {{.Values.appName}} 5000' >>/data/sentinel.conf;
-               echo 'sentinel failover-timeout {{.Values.appName}} 10000' >>/data/sentinel.conf;
-               echo 'sentinel auth-pass {{.Values.appName}} {{.Values.appPassword}}' >>/data/sentinel.conf"
-          volumeMounts:
-            - name: "persistent-data"
-              mountPath: "/data"
+            - name: "templates"
+              mountPath: "/templates"
+              readOnly: true
      containers:
        - name: "redis"
          image: "{{.Values.redis.repository}}:{{.Values.redis.tag}}"
@@ -87,20 +72,6 @@ spec:
          volumeMounts:
            - name: "persistent-data"
              mountPath: "/data"
-          env:
-            - name: "APPNAME"
-              value: "{{.Values.appName}}"
-# I really have no idea here
-#  - name: OPTION
-#    value: "tcp-check"
-#  - name: EXTRA_SETTINGS
-#    value: "tcp-check connect,tcp-check send AUTH\ [[PASSWORD]]\r\n,tcp-check expect string +OK,tcp-check send PING\r\n,tcp-check expect string +PONG,tcp-check send INFO\ REPLICATION\r\n,tcp-check expect string role:master,tcp-check send QUIT\r\n,tcp-check expect string +OK"
-#  - name: HEALTH_CHECK
-#    value: "check"
-#  - name: SERVICE_PORTS
-#    value: "6379"
-#  - name: TCP_PORTS
-#    value: "6379/ssl"
          livenessProbe:
            initialDelaySeconds: 120
            periodSeconds: 30
@@ -110,7 +81,7 @@ spec:
              port: 6379
          resources:
            {{- toYaml .Values.redis.resources | nindent 12 }}
-        - name: sentinel
+        - name: "sentinel"
          image: "{{.Values.sentinel.repository}}:{{.Values.sentinel.tag}}"
          imagePullPolicy: {{.Values.sentinel.pullPolicy}}
          securityContext:
@@ -122,10 +93,7 @@ spec:
            - containerPort: 26379
          volumeMounts:
            - name: "persistent-data"
-              mountPath: /data
-          env:
-            - name: "APPNAME"
-              value: "{{.Values.appName}}"
+              mountPath: "/data"
          livenessProbe:
            initialDelaySeconds: 120
            periodSeconds: 30

--- a/values.yaml
+++ b/values.yaml
@@ -17,11 +17,17 @@ proxy:
  repository: haproxy
  tag: latest
  pullPolicy: Always
+  resources: {}
+
+  # How many HAProxy replicas should be running?  (HA requires at least 2)
  replicaCount: 2
-  nodePort: 30379
-  tlsSecret: redis-tls-cert
+
+  # This is the external port Redis will be available on
+  nodePort: 36379
+
  # Create a standard TLS secret prior to helm deploy via kubectl
-  resources: {}
+  tlsSecret: redis-tls-cert
+

 # Example resources:
 #