github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/redis/templates/clusterdefinition.yaml (about) 1 apiVersion: apps.kubeblocks.io/v1alpha1 2 kind: ClusterDefinition 3 metadata: 4 name: redis 5 labels: 6 {{- include "redis.labels" . | nindent 4 }} 7 spec: 8 type: redis 9 connectionCredential: 10 username: default 11 password: "$(RANDOM_PASSWD)" 12 endpoint: "$(SVC_FQDN):$(SVC_PORT_redis)" 13 host: "$(SVC_FQDN)" 14 port: "$(SVC_PORT_redis)" 15 componentDefs: 16 - name: redis-proxy 17 workloadType: Stateful 18 characterType: redis 19 service: 20 ports: 21 - name: redis-proxy 22 targetPort: redis-proxy 23 port: 22121 24 scriptSpecs: 25 - name: redis-scripts 26 templateRef: redis-scripts 27 namespace: {{ .Release.Namespace }} 28 volumeName: scripts 29 defaultMode: 0555 30 volumeTypes: 31 - name: data 32 type: data 33 podSpec: 34 initContainers: 35 - name: init-redis-proxy 36 imagePullPolicy: IfNotPresent 37 volumeMounts: 38 - name: data 39 mountPath: {{ .Values.dataMountPath }} 40 - name: redis-config 41 mountPath: /etc/conf 42 - name: proxy-conf 43 mountPath: /etc/proxy 44 - name: scripts 45 mountPath: /scripts 46 command: ["/scripts/redis-proxy-setup.sh"] 47 containers: 48 - name: redis-proxy 49 imagePullPolicy: IfNotPresent 50 ports: 51 - containerPort: 22121 52 name: redis-proxy 53 volumeMounts: 54 - name: data 55 mountPath: {{ .Values.dataMountPath }} 56 - name: redis-config 57 mountPath: /etc/conf 58 - name: proxy-conf 59 mountPath: /etc/proxy 60 - name: scripts 61 mountPath: /scripts 62 command: ["sh", "-c", "nutcracker -c /etc/proxy/nutcracker.conf -v 4 -m 16384"] 63 - name: redis 64 workloadType: Replication 65 characterType: redis 66 probes: 67 roleProbe: 68 failureThreshold: 2 69 periodSeconds: 2 70 timeoutSeconds: 1 71 service: 72 ports: 73 - name: redis 74 port: 6379 75 targetPort: redis 76 configSpecs: 77 - name: redis-replication-config 78 templateRef: redis7-config-template 79 constraintRef: redis7-config-constraints 80 namespace: {{ .Release.Namespace }} 81 volumeName: redis-config 82 - name: redis-metrics-config 83 templateRef: redis-metrics-config 84 namespace: {{ .Release.Namespace }} 85 volumeName: redis-metrics-config 86 defaultMode: 0444 87 scriptSpecs: 88 - name: redis-scripts 89 templateRef: redis-scripts 90 namespace: {{ .Release.Namespace }} 91 volumeName: scripts 92 defaultMode: 0555 93 monitor: 94 builtIn: false 95 exporterConfig: 96 scrapePort: {{ .Values.metrics.service.port }} 97 scrapePath: "/metrics" 98 logConfigs: 99 {{- range $name,$pattern := .Values.logConfigs }} 100 - name: {{ $name }} 101 filePathPattern: {{ $pattern }} 102 {{- end }} 103 volumeTypes: 104 - name: data 105 type: data 106 podSpec: 107 containers: 108 - name: redis 109 ports: 110 - name: redis 111 containerPort: 6379 112 volumeMounts: 113 - name: data 114 mountPath: {{ .Values.dataMountPath }} 115 - name: redis-config 116 mountPath: /etc/conf 117 - name: scripts 118 mountPath: /scripts 119 - name: redis-conf 120 mountPath: /etc/redis 121 - name: pod-info 122 mountPath: /kb-podinfo 123 env: 124 - name: SERVICE_PORT 125 value: "6379" 126 - name: REDIS_REPL_USER 127 value: "kbreplicator" 128 - name: REDIS_REPL_PASSWORD 129 valueFrom: 130 secretKeyRef: 131 name: $(CONN_CREDENTIAL_SECRET_NAME) 132 key: password 133 optional: false 134 - name: REDIS_DEFAULT_USER 135 valueFrom: 136 secretKeyRef: 137 name: $(CONN_CREDENTIAL_SECRET_NAME) 138 key: username 139 optional: false 140 - name: REDIS_DEFAULT_PASSWORD 141 valueFrom: 142 secretKeyRef: 143 name: $(CONN_CREDENTIAL_SECRET_NAME) 144 key: password 145 optional: false 146 - name: REDIS_SENTINEL_USER 147 value: "$(REDIS_REPL_USER)-sentinel" 148 - name: REDIS_SENTINEL_PASSWORD 149 valueFrom: 150 secretKeyRef: 151 name: $(CONN_CREDENTIAL_SECRET_NAME) 152 key: password 153 optional: false 154 - name: REDIS_ARGS 155 value: "--requirepass $(REDIS_PASSWORD)" 156 command: ["/scripts/redis-start.sh"] 157 readinessProbe: 158 initialDelaySeconds: 10 159 periodSeconds: 5 160 timeoutSeconds: 1 161 successThreshold: 1 162 failureThreshold: 5 163 exec: 164 command: 165 - sh 166 - -c 167 - /scripts/redis-ping.sh 1 168 lifecycle: 169 preStop: 170 exec: 171 command: 172 - /bin/bash 173 - -c 174 - /scripts/redis-preStop.sh 175 - name: metrics 176 image: {{ .Values.metrics.image.registry | default "docker.io" }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }} 177 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} 178 securityContext: 179 runAsNonRoot: true 180 runAsUser: 1001 181 env: 182 - name: ENDPOINT 183 value: {{ printf "localhost:6379" }} 184 - name: REDIS_USER 185 valueFrom: 186 secretKeyRef: 187 name: $(CONN_CREDENTIAL_SECRET_NAME) 188 key: username 189 optional: false 190 - name: REDIS_PASSWORD 191 valueFrom: 192 secretKeyRef: 193 name: $(CONN_CREDENTIAL_SECRET_NAME) 194 key: password 195 optional: false 196 command: 197 - "/bin/agamotto" 198 - "--config=/opt/conf/metrics-config.yaml" 199 ports: 200 - name: http-metrics 201 containerPort: {{ .Values.metrics.service.port }} 202 volumeMounts: 203 - name: redis-metrics-config 204 mountPath: /opt/conf 205 volumes: 206 - name: pod-info 207 downwardAPI: 208 items: 209 - path: "pod-role" 210 fieldRef: 211 fieldPath: metadata.labels['kubeblocks.io/role'] 212 - path: "primary-pod" 213 fieldRef: 214 fieldPath: metadata.annotations['rs.apps.kubeblocks.io/primary'] 215 - path: "component-replicas" 216 fieldRef: 217 fieldPath: metadata.annotations['apps.kubeblocks.io/component-replicas'] 218 systemAccounts: 219 # Seems redis-cli has its own mechanism to parse input tokens and there is no elegant way 220 # to pass $(KB_ACCOUNT_STATEMENT) to redis-cli without causing parsing error. 221 # Instead, using a shell script to wrap redis-cli and pass $(KB_ACCOUNT_STATEMENT) to it will do. 222 cmdExecutorConfig: 223 image: {{ include "redis.image" . }} 224 env: 225 - name: REDIS_DEFAULT_PASSWORD 226 valueFrom: 227 secretKeyRef: 228 name: $(CONN_CREDENTIAL_SECRET_NAME) 229 key: password 230 optional: false 231 command: 232 - sh 233 - -c 234 args: 235 - "redis-cli -h $(KB_ACCOUNT_ENDPOINT) -a $REDIS_DEFAULT_PASSWORD $(KB_ACCOUNT_STATEMENT) && redis-cli -h $(KB_ACCOUNT_ENDPOINT) -a $REDIS_DEFAULT_PASSWORD acl save " 236 passwordConfig: 237 length: 10 238 numDigits: 5 239 numSymbols: 0 240 letterCase: MixedCases 241 accounts: 242 - name: kbadmin 243 provisionPolicy: &kbadminAcctRef 244 type: CreateByStmt 245 scope: AllPods 246 statements: 247 creation: ACL SETUSER $(USERNAME) ON \>$(PASSWD) allcommands allkeys 248 update: ACL SETUSER $(USERNAME) ON \>$(PASSWD) 249 - name: kbdataprotection 250 provisionPolicy: *kbadminAcctRef 251 - name: kbmonitoring 252 provisionPolicy: &kbReadOnlyAcctRef 253 type: CreateByStmt 254 scope: AllPods 255 statements: 256 creation: ACL SETUSER $(USERNAME) ON \>$(PASSWD) allkeys +get 257 update: ACL SETUSER $(USERNAME) ON \>$(PASSWD) 258 - name: kbprobe 259 provisionPolicy: *kbReadOnlyAcctRef 260 - name: redis-sentinel 261 workloadType: Stateful 262 characterType: redis 263 service: 264 ports: 265 - name: redis-sentinel 266 targetPort: redis-sentinel 267 port: 26379 268 configSpecs: 269 - name: redis-replication-config 270 templateRef: redis7-config-template 271 constraintRef: redis7-config-constraints 272 namespace: {{ .Release.Namespace }} 273 volumeName: redis-config 274 scriptSpecs: 275 - name: redis-scripts 276 templateRef: redis-scripts 277 namespace: {{ .Release.Namespace }} 278 volumeName: scripts 279 defaultMode: 0555 280 volumeTypes: 281 - name: data 282 type: data 283 podSpec: 284 initContainers: 285 - name: init-redis-sentinel 286 imagePullPolicy: IfNotPresent 287 volumeMounts: 288 - name: data 289 mountPath: {{ .Values.dataMountPath }} 290 - name: redis-config 291 mountPath: /etc/conf 292 - name: sentinel-conf 293 mountPath: /etc/sentinel 294 - name: scripts 295 mountPath: /scripts 296 command: [ "/scripts/redis-sentinel-setup.sh" ] 297 env: 298 - name: REDIS_REPL_USER 299 value: "kbreplicator" 300 - name: REDIS_REPL_PASSWORD 301 valueFrom: 302 secretKeyRef: 303 name: $(CONN_CREDENTIAL_SECRET_NAME) 304 key: password 305 optional: false 306 - name: REDIS_DEFAULT_PASSWORD 307 valueFrom: 308 secretKeyRef: 309 name: $(CONN_CREDENTIAL_SECRET_NAME) 310 key: password 311 optional: false 312 - name: REDIS_SENTINEL_USER 313 value: "$(REDIS_REPL_USER)-sentinel" 314 - name: REDIS_SENTINEL_PASSWORD 315 valueFrom: 316 secretKeyRef: 317 name: $(CONN_CREDENTIAL_SECRET_NAME) 318 key: password 319 optional: false 320 - name: SENTINEL_USER 321 value: "default" 322 - name: SENTINEL_PASSWORD 323 valueFrom: 324 secretKeyRef: 325 name: $(CONN_CREDENTIAL_SECRET_NAME) 326 key: password 327 optional: false 328 containers: 329 - name: redis-sentinel 330 imagePullPolicy: IfNotPresent 331 ports: 332 - containerPort: 26379 333 name: redis-sentinel 334 volumeMounts: 335 - name: data 336 mountPath: {{ .Values.dataMountPath }} 337 - name: redis-config 338 mountPath: /etc/conf 339 - name: sentinel-conf 340 mountPath: /etc/sentinel 341 - name: scripts 342 mountPath: /scripts 343 env: 344 - name: REDIS_REPL_USER 345 value: "kbreplicator" 346 - name: REDIS_REPL_PASSWORD 347 valueFrom: 348 secretKeyRef: 349 name: $(CONN_CREDENTIAL_SECRET_NAME) 350 key: password 351 optional: false 352 - name: REDIS_DEFAULT_PASSWORD 353 valueFrom: 354 secretKeyRef: 355 name: $(CONN_CREDENTIAL_SECRET_NAME) 356 key: password 357 optional: false 358 - name: REDIS_SENTINEL_USER 359 value: "$(REDIS_REPL_USER)-sentinel" 360 - name: REDIS_SENTINEL_PASSWORD 361 valueFrom: 362 secretKeyRef: 363 name: $(CONN_CREDENTIAL_SECRET_NAME) 364 key: password 365 optional: false 366 - name: SENTINEL_USER 367 value: "default" 368 - name: SENTINEL_PASSWORD 369 valueFrom: 370 secretKeyRef: 371 name: $(CONN_CREDENTIAL_SECRET_NAME) 372 key: password 373 optional: false 374 command: 375 - /bin/bash 376 args: 377 - -c 378 - | 379 set -e 380 /scripts/redis-sentinel-start.sh 381 lifecycle: 382 postStart: 383 exec: 384 command: [ "/scripts/redis-sentinel-post-start.sh" ] 385 livenessProbe: 386 initialDelaySeconds: 10 387 periodSeconds: 5 388 timeoutSeconds: 5 389 successThreshold: 1 390 failureThreshold: 5 391 exec: 392 command: 393 - sh 394 - -c 395 - /scripts/redis-sentinel-ping.sh 5 396 readinessProbe: 397 initialDelaySeconds: 10 398 periodSeconds: 5 399 timeoutSeconds: 1 400 successThreshold: 1 401 failureThreshold: 5 402 exec: 403 command: 404 - sh 405 - -c 406 - /scripts/redis-sentinel-ping.sh 1