github.com/argoproj/argo-cd/v3@v3.2.1/manifests/ha/base/redis-ha/chart/upstream.yaml (about) 1 # This is an auto-generated file. DO NOT EDIT 2 --- 3 # Source: redis-ha/charts/redis-ha/templates/redis-ha-serviceaccount.yaml 4 apiVersion: v1 5 kind: ServiceAccount 6 metadata: 7 name: argocd-redis-ha 8 namespace: "argocd" 9 labels: 10 heritage: Helm 11 release: argocd 12 chart: redis-ha-4.34.11 13 app: argocd-redis-ha 14 secrets: 15 - name: argocd-redis 16 --- 17 # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml 18 apiVersion: v1 19 kind: ServiceAccount 20 metadata: 21 name: argocd-redis-ha-haproxy 22 namespace: "argocd" 23 labels: 24 heritage: Helm 25 release: argocd 26 chart: redis-ha-4.34.11 27 app: argocd-redis-ha 28 --- 29 # Source: redis-ha/charts/redis-ha/templates/redis-ha-configmap.yaml 30 apiVersion: v1 31 kind: ConfigMap 32 metadata: 33 name: argocd-redis-ha-configmap 34 namespace: "argocd" 35 labels: 36 heritage: Helm 37 release: argocd 38 chart: redis-ha-4.34.11 39 app: argocd-redis-ha 40 data: 41 redis.conf: | 42 dir "/data" 43 port 6379 44 rename-command FLUSHDB "" 45 rename-command FLUSHALL "" 46 bind 0.0.0.0 47 maxmemory 0 48 maxmemory-policy volatile-lru 49 min-replicas-max-lag 5 50 min-replicas-to-write 1 51 rdbchecksum yes 52 rdbcompression yes 53 repl-diskless-sync yes 54 save "" 55 requirepass replace-default-auth 56 masterauth replace-default-auth 57 58 sentinel.conf: | 59 dir "/data" 60 port 26379 61 bind 0.0.0.0 62 sentinel down-after-milliseconds argocd 10000 63 sentinel failover-timeout argocd 180000 64 maxclients 10000 65 sentinel parallel-syncs argocd 5 66 sentinel auth-pass argocd replace-default-auth 67 68 init.sh: | 69 echo "$(date) Start..." 70 HOSTNAME="$(hostname)" 71 INDEX="${HOSTNAME##*-}" 72 SENTINEL_PORT=26379 73 ANNOUNCE_IP='' 74 MASTER='' 75 MASTER_GROUP="argocd" 76 QUORUM="2" 77 REDIS_CONF=/data/conf/redis.conf 78 REDIS_PORT=6379 79 REDIS_TLS_PORT= 80 SENTINEL_CONF=/data/conf/sentinel.conf 81 SENTINEL_TLS_PORT= 82 SERVICE=argocd-redis-ha 83 SENTINEL_TLS_REPLICATION_ENABLED=false 84 REDIS_TLS_REPLICATION_ENABLED=false 85 86 set -eu 87 sentinel_get_master() { 88 set +e 89 if [ "$SENTINEL_PORT" -eq 0 ]; then 90 redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ 91 grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' 92 else 93 redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ 94 grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' 95 fi 96 set -e 97 } 98 99 sentinel_get_master_retry() { 100 master='' 101 retry=${1} 102 sleep=3 103 for i in $(seq 1 "${retry}"); do 104 master=$(sentinel_get_master) 105 if [ -n "${master}" ]; then 106 break 107 fi 108 sleep $((sleep + i)) 109 done 110 echo "${master}" 111 } 112 113 identify_master() { 114 echo "Identifying redis master (get-master-addr-by-name).." 115 echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)" 116 MASTER="$(sentinel_get_master_retry 3)" 117 if [ -n "${MASTER}" ]; then 118 echo " $(date) Found redis master (${MASTER})" 119 else 120 echo " $(date) Did not find redis master (${MASTER})" 121 fi 122 } 123 124 sentinel_update() { 125 echo "Updating sentinel config.." 126 echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" 127 eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" 128 echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" 129 sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" 130 if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then 131 echo " redis master (${1}:${REDIS_TLS_PORT})" 132 sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" 133 else 134 echo " redis master (${1}:${REDIS_PORT})" 135 sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" 136 fi 137 echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} 138 if [ "$SENTINEL_PORT" -eq 0 ]; then 139 echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" 140 echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} 141 else 142 echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" 143 echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} 144 fi 145 } 146 147 redis_update() { 148 echo "Updating redis config.." 149 if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then 150 echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" 151 echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" 152 echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} 153 else 154 echo " we are slave of redis master (${1}:${REDIS_PORT})" 155 echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" 156 echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} 157 fi 158 echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} 159 } 160 161 copy_config() { 162 echo "Copying default redis config.." 163 echo " to '${REDIS_CONF}'" 164 cp /readonly-config/redis.conf "${REDIS_CONF}" 165 echo "Copying default sentinel config.." 166 echo " to '${SENTINEL_CONF}'" 167 cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" 168 } 169 170 setup_defaults() { 171 echo "Setting up defaults.." 172 echo " using statefulset index (${INDEX})" 173 if [ "${INDEX}" = "0" ]; then 174 echo "Setting this pod as master for redis and sentinel.." 175 echo " using announce (${ANNOUNCE_IP})" 176 redis_update "${ANNOUNCE_IP}" 177 sentinel_update "${ANNOUNCE_IP}" 178 echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" 179 sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" 180 else 181 echo "Getting redis master ip.." 182 echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" 183 DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" 184 if [ -z "${DEFAULT_MASTER}" ]; then 185 echo "Error: Unable to resolve redis master (getent hosts)." 186 exit 1 187 fi 188 echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" 189 echo "Setting default slave config for redis and sentinel.." 190 echo " using master ip (${DEFAULT_MASTER})" 191 redis_update "${DEFAULT_MASTER}" 192 sentinel_update "${DEFAULT_MASTER}" 193 fi 194 } 195 196 redis_ping() { 197 set +e 198 if [ "$REDIS_PORT" -eq 0 ]; then 199 redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping 200 else 201 redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping 202 fi 203 set -e 204 } 205 206 redis_ping_retry() { 207 ping='' 208 retry=${1} 209 sleep=3 210 for i in $(seq 1 "${retry}"); do 211 if [ "$(redis_ping)" = "PONG" ]; then 212 ping='PONG' 213 break 214 fi 215 sleep $((sleep + i)) 216 MASTER=$(sentinel_get_master) 217 done 218 echo "${ping}" 219 } 220 221 find_master() { 222 echo "Verifying redis master.." 223 if [ "$REDIS_PORT" -eq 0 ]; then 224 echo " ping (${MASTER}:${REDIS_TLS_PORT})" 225 else 226 echo " ping (${MASTER}:${REDIS_PORT})" 227 fi 228 if [ "$(redis_ping_retry 3)" != "PONG" ]; then 229 echo " $(date) Can't ping redis master (${MASTER})" 230 echo "Attempting to force failover (sentinel failover).." 231 232 if [ "$SENTINEL_PORT" -eq 0 ]; then 233 echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" 234 if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then 235 echo " $(date) Failover returned with 'NOGOODSLAVE'" 236 echo "Setting defaults for this pod.." 237 setup_defaults 238 return 0 239 fi 240 else 241 echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" 242 if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then 243 echo " $(date) Failover returned with 'NOGOODSLAVE'" 244 echo "Setting defaults for this pod.." 245 setup_defaults 246 return 0 247 fi 248 fi 249 250 echo "Hold on for 10sec" 251 sleep 10 252 echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." 253 if [ "$SENTINEL_PORT" -eq 0 ]; then 254 echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" 255 else 256 echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" 257 fi 258 MASTER="$(sentinel_get_master)" 259 if [ "${MASTER}" ]; then 260 echo " $(date) Found redis master (${MASTER})" 261 echo "Updating redis and sentinel config.." 262 sentinel_update "${MASTER}" 263 redis_update "${MASTER}" 264 else 265 echo "$(date) Error: Could not failover, exiting..." 266 exit 1 267 fi 268 else 269 echo " $(date) Found reachable redis master (${MASTER})" 270 echo "Updating redis and sentinel config.." 271 sentinel_update "${MASTER}" 272 redis_update "${MASTER}" 273 fi 274 } 275 276 redis_ro_update() { 277 echo "Updating read-only redis config.." 278 echo " redis.conf set 'replica-priority 0'" 279 echo "replica-priority 0" >> ${REDIS_CONF} 280 } 281 282 getent_hosts() { 283 index=${1:-${INDEX}} 284 service="${SERVICE}-announce-${index}" 285 host=$(getent hosts "${service}") 286 echo "${host}" 287 } 288 289 identify_announce_ip() { 290 echo "Identify announce ip for this pod.." 291 echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" 292 ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') 293 echo " identified announce (${ANNOUNCE_IP})" 294 } 295 296 mkdir -p /data/conf/ 297 298 echo "Initializing config.." 299 copy_config 300 301 # where is redis master 302 identify_master 303 304 identify_announce_ip 305 306 if [ -z "${ANNOUNCE_IP}" ]; then 307 "Error: Could not resolve the announce ip for this pod" 308 exit 1 309 elif [ "${MASTER}" ]; then 310 find_master 311 else 312 setup_defaults 313 fi 314 315 if [ "${AUTH:-}" ]; then 316 echo "Setting redis auth values.." 317 ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g'); 318 sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}" 319 fi 320 321 if [ "${SENTINELAUTH:-}" ]; then 322 echo "Setting sentinel auth values" 323 ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g'); 324 sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF" 325 fi 326 327 echo "$(date) Ready..." 328 329 fix-split-brain.sh: | 330 HOSTNAME="$(hostname)" 331 INDEX="${HOSTNAME##*-}" 332 SENTINEL_PORT=26379 333 ANNOUNCE_IP='' 334 MASTER='' 335 MASTER_GROUP="argocd" 336 QUORUM="2" 337 REDIS_CONF=/data/conf/redis.conf 338 REDIS_PORT=6379 339 REDIS_TLS_PORT= 340 SENTINEL_CONF=/data/conf/sentinel.conf 341 SENTINEL_TLS_PORT= 342 SERVICE=argocd-redis-ha 343 SENTINEL_TLS_REPLICATION_ENABLED=false 344 REDIS_TLS_REPLICATION_ENABLED=false 345 346 ROLE='' 347 REDIS_MASTER='' 348 349 set -eu 350 sentinel_get_master() { 351 set +e 352 if [ "$SENTINEL_PORT" -eq 0 ]; then 353 redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ 354 grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' 355 else 356 redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ 357 grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' 358 fi 359 set -e 360 } 361 362 sentinel_get_master_retry() { 363 master='' 364 retry=${1} 365 sleep=3 366 for i in $(seq 1 "${retry}"); do 367 master=$(sentinel_get_master) 368 if [ -n "${master}" ]; then 369 break 370 fi 371 sleep $((sleep + i)) 372 done 373 echo "${master}" 374 } 375 376 identify_master() { 377 echo "Identifying redis master (get-master-addr-by-name).." 378 echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)" 379 MASTER="$(sentinel_get_master_retry 3)" 380 if [ -n "${MASTER}" ]; then 381 echo " $(date) Found redis master (${MASTER})" 382 else 383 echo " $(date) Did not find redis master (${MASTER})" 384 fi 385 } 386 387 sentinel_update() { 388 echo "Updating sentinel config.." 389 echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" 390 eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" 391 echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" 392 sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" 393 if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then 394 echo " redis master (${1}:${REDIS_TLS_PORT})" 395 sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" 396 else 397 echo " redis master (${1}:${REDIS_PORT})" 398 sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" 399 fi 400 echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} 401 if [ "$SENTINEL_PORT" -eq 0 ]; then 402 echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" 403 echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} 404 else 405 echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" 406 echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} 407 fi 408 } 409 410 redis_update() { 411 echo "Updating redis config.." 412 if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then 413 echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" 414 echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" 415 echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} 416 else 417 echo " we are slave of redis master (${1}:${REDIS_PORT})" 418 echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" 419 echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} 420 fi 421 echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} 422 } 423 424 copy_config() { 425 echo "Copying default redis config.." 426 echo " to '${REDIS_CONF}'" 427 cp /readonly-config/redis.conf "${REDIS_CONF}" 428 echo "Copying default sentinel config.." 429 echo " to '${SENTINEL_CONF}'" 430 cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" 431 } 432 433 setup_defaults() { 434 echo "Setting up defaults.." 435 echo " using statefulset index (${INDEX})" 436 if [ "${INDEX}" = "0" ]; then 437 echo "Setting this pod as master for redis and sentinel.." 438 echo " using announce (${ANNOUNCE_IP})" 439 redis_update "${ANNOUNCE_IP}" 440 sentinel_update "${ANNOUNCE_IP}" 441 echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" 442 sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" 443 else 444 echo "Getting redis master ip.." 445 echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" 446 DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" 447 if [ -z "${DEFAULT_MASTER}" ]; then 448 echo "Error: Unable to resolve redis master (getent hosts)." 449 exit 1 450 fi 451 echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" 452 echo "Setting default slave config for redis and sentinel.." 453 echo " using master ip (${DEFAULT_MASTER})" 454 redis_update "${DEFAULT_MASTER}" 455 sentinel_update "${DEFAULT_MASTER}" 456 fi 457 } 458 459 redis_ping() { 460 set +e 461 if [ "$REDIS_PORT" -eq 0 ]; then 462 redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping 463 else 464 redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping 465 fi 466 set -e 467 } 468 469 redis_ping_retry() { 470 ping='' 471 retry=${1} 472 sleep=3 473 for i in $(seq 1 "${retry}"); do 474 if [ "$(redis_ping)" = "PONG" ]; then 475 ping='PONG' 476 break 477 fi 478 sleep $((sleep + i)) 479 MASTER=$(sentinel_get_master) 480 done 481 echo "${ping}" 482 } 483 484 find_master() { 485 echo "Verifying redis master.." 486 if [ "$REDIS_PORT" -eq 0 ]; then 487 echo " ping (${MASTER}:${REDIS_TLS_PORT})" 488 else 489 echo " ping (${MASTER}:${REDIS_PORT})" 490 fi 491 if [ "$(redis_ping_retry 3)" != "PONG" ]; then 492 echo " $(date) Can't ping redis master (${MASTER})" 493 echo "Attempting to force failover (sentinel failover).." 494 495 if [ "$SENTINEL_PORT" -eq 0 ]; then 496 echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" 497 if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then 498 echo " $(date) Failover returned with 'NOGOODSLAVE'" 499 echo "Setting defaults for this pod.." 500 setup_defaults 501 return 0 502 fi 503 else 504 echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" 505 if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then 506 echo " $(date) Failover returned with 'NOGOODSLAVE'" 507 echo "Setting defaults for this pod.." 508 setup_defaults 509 return 0 510 fi 511 fi 512 513 echo "Hold on for 10sec" 514 sleep 10 515 echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." 516 if [ "$SENTINEL_PORT" -eq 0 ]; then 517 echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" 518 else 519 echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" 520 fi 521 MASTER="$(sentinel_get_master)" 522 if [ "${MASTER}" ]; then 523 echo " $(date) Found redis master (${MASTER})" 524 echo "Updating redis and sentinel config.." 525 sentinel_update "${MASTER}" 526 redis_update "${MASTER}" 527 else 528 echo "$(date) Error: Could not failover, exiting..." 529 exit 1 530 fi 531 else 532 echo " $(date) Found reachable redis master (${MASTER})" 533 echo "Updating redis and sentinel config.." 534 sentinel_update "${MASTER}" 535 redis_update "${MASTER}" 536 fi 537 } 538 539 redis_ro_update() { 540 echo "Updating read-only redis config.." 541 echo " redis.conf set 'replica-priority 0'" 542 echo "replica-priority 0" >> ${REDIS_CONF} 543 } 544 545 getent_hosts() { 546 index=${1:-${INDEX}} 547 service="${SERVICE}-announce-${index}" 548 host=$(getent hosts "${service}") 549 echo "${host}" 550 } 551 552 identify_announce_ip() { 553 echo "Identify announce ip for this pod.." 554 echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" 555 ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') 556 echo " identified announce (${ANNOUNCE_IP})" 557 } 558 559 redis_role() { 560 set +e 561 if [ "$REDIS_PORT" -eq 0 ]; then 562 ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') 563 else 564 ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') 565 fi 566 set -e 567 } 568 569 identify_redis_master() { 570 set +e 571 if [ "$REDIS_PORT" -eq 0 ]; then 572 REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') 573 else 574 REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') 575 fi 576 set -e 577 } 578 579 reinit() { 580 set +e 581 sh /readonly-config/init.sh 582 583 if [ "$REDIS_PORT" -eq 0 ]; then 584 echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key 585 else 586 echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" 587 fi 588 set -e 589 } 590 591 identify_announce_ip 592 593 while [ -z "${ANNOUNCE_IP}" ]; do 594 echo "Error: Could not resolve the announce ip for this pod." 595 sleep 30 596 identify_announce_ip 597 done 598 599 trap "exit 0" TERM 600 while true; do 601 sleep 60 602 603 # where is redis master 604 identify_master 605 606 if [ "$MASTER" = "$ANNOUNCE_IP" ]; then 607 redis_role 608 if [ "$ROLE" != "master" ]; then 609 echo "waiting for redis to become master" 610 sleep 10 611 identify_master 612 redis_role 613 echo "Redis role is $ROLE, expected role is master. No need to reinitialize." 614 if [ "$ROLE" != "master" ]; then 615 echo "Redis role is $ROLE, expected role is master, reinitializing" 616 reinit 617 fi 618 fi 619 elif [ "${MASTER}" ]; then 620 identify_redis_master 621 if [ "$REDIS_MASTER" != "$MASTER" ]; then 622 echo "Redis master and local master are not the same. waiting." 623 sleep 10 624 identify_master 625 identify_redis_master 626 echo "Redis master is ${MASTER}, expected master is ${REDIS_MASTER}. No need to reinitialize." 627 if [ "${REDIS_MASTER}" != "${MASTER}" ]; then 628 echo "Redis master is ${MASTER}, expected master is ${REDIS_MASTER}, reinitializing" 629 reinit 630 fi 631 fi 632 fi 633 done 634 635 636 haproxy.cfg: | 637 defaults REDIS 638 mode tcp 639 timeout connect 4s 640 timeout server 6m 641 timeout client 6m 642 timeout check 2s 643 644 listen health_check_http_url 645 bind :8888 646 mode http 647 monitor-uri /healthz 648 option dontlognull 649 # Check Sentinel and whether they are nominated master 650 backend check_if_redis_is_master_0 651 mode tcp 652 option tcp-check 653 tcp-check connect 654 tcp-check send PING\r\n 655 tcp-check expect string +PONG 656 tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n 657 tcp-check expect string REPLACE_ANNOUNCE0 658 tcp-check send QUIT\r\n 659 server R0 argocd-redis-ha-announce-0:26379 check inter 3s 660 server R1 argocd-redis-ha-announce-1:26379 check inter 3s 661 server R2 argocd-redis-ha-announce-2:26379 check inter 3s 662 # Check Sentinel and whether they are nominated master 663 backend check_if_redis_is_master_1 664 mode tcp 665 option tcp-check 666 tcp-check connect 667 tcp-check send PING\r\n 668 tcp-check expect string +PONG 669 tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n 670 tcp-check expect string REPLACE_ANNOUNCE1 671 tcp-check send QUIT\r\n 672 server R0 argocd-redis-ha-announce-0:26379 check inter 3s 673 server R1 argocd-redis-ha-announce-1:26379 check inter 3s 674 server R2 argocd-redis-ha-announce-2:26379 check inter 3s 675 # Check Sentinel and whether they are nominated master 676 backend check_if_redis_is_master_2 677 mode tcp 678 option tcp-check 679 tcp-check connect 680 tcp-check send PING\r\n 681 tcp-check expect string +PONG 682 tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n 683 tcp-check expect string REPLACE_ANNOUNCE2 684 tcp-check send QUIT\r\n 685 server R0 argocd-redis-ha-announce-0:26379 check inter 3s 686 server R1 argocd-redis-ha-announce-1:26379 check inter 3s 687 server R2 argocd-redis-ha-announce-2:26379 check inter 3s 688 689 # decide redis backend to use 690 #master 691 frontend ft_redis_master 692 bind :6379 693 use_backend bk_redis_master 694 # Check all redis servers to see if they think they are master 695 backend bk_redis_master 696 mode tcp 697 option tcp-check 698 tcp-check connect 699 tcp-check send "AUTH ${AUTH}"\r\n 700 tcp-check expect string +OK 701 tcp-check send PING\r\n 702 tcp-check expect string +PONG 703 tcp-check send info\ replication\r\n 704 tcp-check expect string role:master 705 tcp-check send QUIT\r\n 706 tcp-check expect string +OK 707 use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 } 708 server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1 709 use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 } 710 server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise 1 711 use-server R2 if { srv_is_up(R2) } { nbsrv(check_if_redis_is_master_2) ge 2 } 712 server R2 argocd-redis-ha-announce-2:6379 check inter 3s fall 1 rise 1 713 frontend stats 714 mode http 715 bind :9101 716 http-request use-service prometheus-exporter if { path /metrics } 717 stats enable 718 stats uri /stats 719 stats refresh 10s 720 # Additional configuration 721 global 722 maxconn 4096 723 724 haproxy_init.sh: | 725 HAPROXY_CONF=/data/haproxy.cfg 726 cp /readonly/haproxy.cfg "$HAPROXY_CONF" 727 for loop in $(seq 1 10); do 728 getent hosts argocd-redis-ha-announce-0 && break 729 echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1 730 done 731 ANNOUNCE_IP0=$(getent hosts "argocd-redis-ha-announce-0" | awk '{ print $1 }') 732 if [ -z "$ANNOUNCE_IP0" ]; then 733 echo "Could not resolve the announce ip for argocd-redis-ha-announce-0" 734 exit 1 735 fi 736 sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF" 737 for loop in $(seq 1 10); do 738 getent hosts argocd-redis-ha-announce-1 && break 739 echo "Waiting for service argocd-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1 740 done 741 ANNOUNCE_IP1=$(getent hosts "argocd-redis-ha-announce-1" | awk '{ print $1 }') 742 if [ -z "$ANNOUNCE_IP1" ]; then 743 echo "Could not resolve the announce ip for argocd-redis-ha-announce-1" 744 exit 1 745 fi 746 sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF" 747 for loop in $(seq 1 10); do 748 getent hosts argocd-redis-ha-announce-2 && break 749 echo "Waiting for service argocd-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1 750 done 751 ANNOUNCE_IP2=$(getent hosts "argocd-redis-ha-announce-2" | awk '{ print $1 }') 752 if [ -z "$ANNOUNCE_IP2" ]; then 753 echo "Could not resolve the announce ip for argocd-redis-ha-announce-2" 754 exit 1 755 fi 756 sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF" 757 trigger-failover-if-master.sh: | 758 get_redis_role() { 759 is_master=$( 760 redis-cli \ 761 -a "${AUTH}" --no-auth-warning \ 762 -h localhost \ 763 -p 6379 \ 764 info | grep -c 'role:master' || true 765 ) 766 } 767 get_redis_role 768 if [[ "$is_master" -eq 1 ]]; then 769 echo "This node is currently master, we trigger a failover." 770 response=$( 771 redis-cli \ 772 -h localhost \ 773 -p 26379 \ 774 SENTINEL failover argocd 775 ) 776 if [[ "$response" != "OK" ]] ; then 777 echo "$response" 778 exit 1 779 fi 780 timeout=30 781 while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do 782 sleep 1 783 get_redis_role 784 timeout=$((timeout - 1)) 785 done 786 echo "Failover successful" 787 fi 788 --- 789 # Source: redis-ha/charts/redis-ha/templates/redis-ha-health-configmap.yaml 790 apiVersion: v1 791 kind: ConfigMap 792 metadata: 793 name: argocd-redis-ha-health-configmap 794 namespace: "argocd" 795 labels: 796 heritage: Helm 797 release: argocd 798 chart: redis-ha-4.34.11 799 app: argocd-redis-ha 800 data: 801 redis_liveness.sh: | 802 response=$( 803 redis-cli \ 804 -a "${AUTH}" --no-auth-warning \ 805 -h localhost \ 806 -p 6379 \ 807 ping 808 ) 809 echo "response=$response" 810 case $response in 811 PONG|LOADING*) ;; 812 *) exit 1 ;; 813 esac 814 exit 0 815 redis_readiness.sh: | 816 response=$( 817 redis-cli \ 818 -a "${AUTH}" --no-auth-warning \ 819 -h localhost \ 820 -p 6379 \ 821 ping 822 ) 823 if [ "$response" != "PONG" ] ; then 824 echo "ping=$response" 825 exit 1 826 fi 827 828 response=$( 829 redis-cli \ 830 -a "${AUTH}" --no-auth-warning \ 831 -h localhost \ 832 -p 6379 \ 833 role 834 ) 835 role=$( echo "$response" | sed "1!d" ) 836 if [ "$role" = "master" ]; then 837 echo "role=$role" 838 exit 0 839 elif [ "$role" = "slave" ]; then 840 repl=$( echo "$response" | sed "4!d" ) 841 echo "role=$role; repl=$repl" 842 if [ "$repl" = "connected" ]; then 843 exit 0 844 else 845 exit 1 846 fi 847 else 848 echo "role=$role" 849 exit 1 850 fi 851 sentinel_liveness.sh: | 852 response=$( 853 redis-cli \ 854 -h localhost \ 855 -p 26379 \ 856 ping 857 ) 858 if [ "$response" != "PONG" ]; then 859 echo "$response" 860 exit 1 861 fi 862 echo "response=$response" 863 --- 864 # Source: redis-ha/charts/redis-ha/templates/redis-ha-role.yaml 865 apiVersion: rbac.authorization.k8s.io/v1 866 kind: Role 867 metadata: 868 name: argocd-redis-ha 869 namespace: "argocd" 870 labels: 871 app: redis-ha 872 heritage: "Helm" 873 release: "argocd" 874 chart: redis-ha-4.34.11 875 rules: 876 - apiGroups: 877 - "" 878 resources: 879 - endpoints 880 verbs: 881 - get 882 --- 883 # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-role.yaml 884 apiVersion: rbac.authorization.k8s.io/v1 885 kind: Role 886 metadata: 887 name: argocd-redis-ha-haproxy 888 namespace: "argocd" 889 labels: 890 app: redis-ha 891 heritage: "Helm" 892 release: "argocd" 893 chart: redis-ha-4.34.11 894 component: haproxy 895 rules: 896 - apiGroups: 897 - "" 898 resources: 899 - endpoints 900 verbs: 901 - get 902 --- 903 # Source: redis-ha/charts/redis-ha/templates/redis-ha-rolebinding.yaml 904 apiVersion: rbac.authorization.k8s.io/v1 905 kind: RoleBinding 906 metadata: 907 name: argocd-redis-ha 908 namespace: "argocd" 909 labels: 910 app: redis-ha 911 heritage: "Helm" 912 release: "argocd" 913 chart: redis-ha-4.34.11 914 subjects: 915 - kind: ServiceAccount 916 name: argocd-redis-ha 917 roleRef: 918 apiGroup: rbac.authorization.k8s.io 919 kind: Role 920 name: argocd-redis-ha 921 --- 922 # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml 923 apiVersion: rbac.authorization.k8s.io/v1 924 kind: RoleBinding 925 metadata: 926 name: argocd-redis-ha-haproxy 927 namespace: "argocd" 928 labels: 929 app: redis-ha 930 heritage: "Helm" 931 release: "argocd" 932 chart: redis-ha-4.34.11 933 component: haproxy 934 subjects: 935 - kind: ServiceAccount 936 name: argocd-redis-ha-haproxy 937 roleRef: 938 apiGroup: rbac.authorization.k8s.io 939 kind: Role 940 name: argocd-redis-ha-haproxy 941 --- 942 # Source: redis-ha/charts/redis-ha/templates/redis-ha-announce-service.yaml 943 apiVersion: v1 944 kind: Service 945 metadata: 946 name: argocd-redis-ha-announce-0 947 namespace: "argocd" 948 labels: 949 app: redis-ha 950 heritage: "Helm" 951 release: "argocd" 952 chart: redis-ha-4.34.11 953 annotations: 954 spec: 955 publishNotReadyAddresses: true 956 type: ClusterIP 957 ports: 958 - name: tcp-server 959 port: 6379 960 protocol: TCP 961 targetPort: redis 962 - name: tcp-sentinel 963 port: 26379 964 protocol: TCP 965 targetPort: sentinel 966 selector: 967 release: argocd 968 app: redis-ha 969 "statefulset.kubernetes.io/pod-name": argocd-redis-ha-server-0 970 --- 971 # Source: redis-ha/charts/redis-ha/templates/redis-ha-announce-service.yaml 972 apiVersion: v1 973 kind: Service 974 metadata: 975 name: argocd-redis-ha-announce-1 976 namespace: "argocd" 977 labels: 978 app: redis-ha 979 heritage: "Helm" 980 release: "argocd" 981 chart: redis-ha-4.34.11 982 annotations: 983 spec: 984 publishNotReadyAddresses: true 985 type: ClusterIP 986 ports: 987 - name: tcp-server 988 port: 6379 989 protocol: TCP 990 targetPort: redis 991 - name: tcp-sentinel 992 port: 26379 993 protocol: TCP 994 targetPort: sentinel 995 selector: 996 release: argocd 997 app: redis-ha 998 "statefulset.kubernetes.io/pod-name": argocd-redis-ha-server-1 999 --- 1000 # Source: redis-ha/charts/redis-ha/templates/redis-ha-announce-service.yaml 1001 apiVersion: v1 1002 kind: Service 1003 metadata: 1004 name: argocd-redis-ha-announce-2 1005 namespace: "argocd" 1006 labels: 1007 app: redis-ha 1008 heritage: "Helm" 1009 release: "argocd" 1010 chart: redis-ha-4.34.11 1011 annotations: 1012 spec: 1013 publishNotReadyAddresses: true 1014 type: ClusterIP 1015 ports: 1016 - name: tcp-server 1017 port: 6379 1018 protocol: TCP 1019 targetPort: redis 1020 - name: tcp-sentinel 1021 port: 26379 1022 protocol: TCP 1023 targetPort: sentinel 1024 selector: 1025 release: argocd 1026 app: redis-ha 1027 "statefulset.kubernetes.io/pod-name": argocd-redis-ha-server-2 1028 --- 1029 # Source: redis-ha/charts/redis-ha/templates/redis-ha-service.yaml 1030 apiVersion: v1 1031 kind: Service 1032 metadata: 1033 name: argocd-redis-ha 1034 namespace: "argocd" 1035 labels: 1036 app: redis-ha 1037 heritage: "Helm" 1038 release: "argocd" 1039 chart: redis-ha-4.34.11 1040 annotations: 1041 spec: 1042 type: ClusterIP 1043 clusterIP: None 1044 ports: 1045 - name: tcp-server 1046 port: 6379 1047 protocol: TCP 1048 targetPort: redis 1049 - name: tcp-sentinel 1050 port: 26379 1051 protocol: TCP 1052 targetPort: sentinel 1053 selector: 1054 release: argocd 1055 app: redis-ha 1056 --- 1057 # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-service.yaml 1058 apiVersion: v1 1059 kind: Service 1060 metadata: 1061 name: argocd-redis-ha-haproxy 1062 namespace: "argocd" 1063 labels: 1064 app: redis-ha 1065 heritage: "Helm" 1066 release: "argocd" 1067 chart: redis-ha-4.34.11 1068 component: haproxy 1069 annotations: 1070 spec: 1071 type: ClusterIP 1072 ports: 1073 - name: tcp-haproxy 1074 port: 6379 1075 protocol: TCP 1076 targetPort: redis 1077 - name: http-exporter-port 1078 port: 9101 1079 protocol: TCP 1080 targetPort: metrics-port 1081 selector: 1082 release: argocd 1083 app: redis-ha-haproxy 1084 --- 1085 # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-deployment.yaml 1086 kind: Deployment 1087 apiVersion: apps/v1 1088 metadata: 1089 name: argocd-redis-ha-haproxy 1090 namespace: "argocd" 1091 labels: 1092 app: redis-ha 1093 heritage: "Helm" 1094 release: "argocd" 1095 chart: redis-ha-4.34.11 1096 component: haproxy 1097 spec: 1098 strategy: 1099 type: RollingUpdate 1100 revisionHistoryLimit: 1 1101 replicas: 3 1102 selector: 1103 matchLabels: 1104 app: redis-ha-haproxy 1105 release: argocd 1106 component: haproxy 1107 template: 1108 metadata: 1109 name: argocd-redis-ha-haproxy 1110 labels: 1111 app: redis-ha-haproxy 1112 release: argocd 1113 component: haproxy 1114 annotations: 1115 prometheus.io/port: "9101" 1116 prometheus.io/scrape: "true" 1117 prometheus.io/path: "/metrics" 1118 checksum/config: cd6508bdf9819601c454d0cc491fb77a209e3a88761d92514d105b6681829953 1119 spec: 1120 # Needed when using unmodified rbac-setup.yml 1121 1122 serviceAccountName: argocd-redis-ha-haproxy 1123 securityContext: 1124 fsGroup: 99 1125 runAsNonRoot: true 1126 runAsUser: 99 1127 automountServiceAccountToken: true 1128 nodeSelector: 1129 {} 1130 tolerations: 1131 [] 1132 affinity: 1133 podAntiAffinity: 1134 requiredDuringSchedulingIgnoredDuringExecution: 1135 - labelSelector: 1136 matchLabels: 1137 app: redis-ha-haproxy 1138 release: argocd 1139 component: haproxy 1140 topologyKey: kubernetes.io/hostname 1141 initContainers: 1142 - name: config-init 1143 image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine 1144 imagePullPolicy: IfNotPresent 1145 resources: 1146 {} 1147 command: 1148 - sh 1149 args: 1150 - /readonly/haproxy_init.sh 1151 securityContext: 1152 allowPrivilegeEscalation: false 1153 capabilities: 1154 drop: 1155 - ALL 1156 runAsNonRoot: true 1157 seccompProfile: 1158 type: RuntimeDefault 1159 volumeMounts: 1160 - name: config-volume 1161 mountPath: /readonly 1162 readOnly: true 1163 - name: data 1164 mountPath: /data 1165 containers: 1166 - name: haproxy 1167 image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine 1168 imagePullPolicy: IfNotPresent 1169 securityContext: 1170 allowPrivilegeEscalation: false 1171 capabilities: 1172 drop: 1173 - ALL 1174 runAsNonRoot: true 1175 seccompProfile: 1176 type: RuntimeDefault 1177 env: 1178 - name: AUTH 1179 valueFrom: 1180 secretKeyRef: 1181 name: argocd-redis 1182 key: auth 1183 livenessProbe: 1184 httpGet: 1185 path: /healthz 1186 port: probe 1187 initialDelaySeconds: 5 1188 periodSeconds: 3 1189 readinessProbe: 1190 httpGet: 1191 path: /healthz 1192 port: probe 1193 initialDelaySeconds: 5 1194 periodSeconds: 3 1195 ports: 1196 - name: probe 1197 containerPort: 8888 1198 - name: redis 1199 containerPort: 6379 1200 - name: metrics-port 1201 containerPort: 9101 1202 resources: 1203 {} 1204 volumeMounts: 1205 - name: data 1206 mountPath: /usr/local/etc/haproxy 1207 - name: shared-socket 1208 mountPath: /run/haproxy 1209 lifecycle: 1210 {} 1211 volumes: 1212 - name: config-volume 1213 configMap: 1214 name: argocd-redis-ha-configmap 1215 - name: shared-socket 1216 emptyDir: 1217 {} 1218 - name: data 1219 emptyDir: 1220 {} 1221 --- 1222 # Source: redis-ha/charts/redis-ha/templates/redis-ha-statefulset.yaml 1223 apiVersion: apps/v1 1224 kind: StatefulSet 1225 metadata: 1226 name: argocd-redis-ha-server 1227 namespace: "argocd" 1228 labels: 1229 argocd-redis-ha: replica 1230 app: redis-ha 1231 heritage: "Helm" 1232 release: "argocd" 1233 chart: redis-ha-4.34.11 1234 annotations: 1235 {} 1236 spec: 1237 selector: 1238 matchLabels: 1239 release: argocd 1240 app: redis-ha 1241 serviceName: argocd-redis-ha 1242 replicas: 3 1243 podManagementPolicy: OrderedReady 1244 updateStrategy: 1245 type: RollingUpdate 1246 template: 1247 metadata: 1248 annotations: 1249 checksum/init-config: fd74f7d84e39b3f6eac1d7ce5deb0083e58f218376faf363343d91a0fb4f2563 1250 labels: 1251 release: argocd 1252 app: redis-ha 1253 argocd-redis-ha: replica 1254 spec: 1255 terminationGracePeriodSeconds: 60 1256 affinity: 1257 podAntiAffinity: 1258 requiredDuringSchedulingIgnoredDuringExecution: 1259 - labelSelector: 1260 matchLabels: 1261 app: redis-ha 1262 release: argocd 1263 argocd-redis-ha: replica 1264 topologyKey: kubernetes.io/hostname 1265 securityContext: 1266 fsGroup: 1000 1267 runAsNonRoot: true 1268 runAsUser: 1000 1269 serviceAccountName: argocd-redis-ha 1270 automountServiceAccountToken: false 1271 initContainers: 1272 - name: config-init 1273 image: public.ecr.aws/docker/library/redis:8.2.2-alpine 1274 imagePullPolicy: IfNotPresent 1275 resources: 1276 {} 1277 command: 1278 - sh 1279 args: 1280 - /readonly-config/init.sh 1281 securityContext: 1282 allowPrivilegeEscalation: false 1283 capabilities: 1284 drop: 1285 - ALL 1286 runAsNonRoot: true 1287 runAsUser: 1000 1288 seccompProfile: 1289 type: RuntimeDefault 1290 env: 1291 - name: SENTINEL_ID_0 1292 value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 1293 - name: SENTINEL_ID_1 1294 value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 1295 - name: SENTINEL_ID_2 1296 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca 1297 - name: AUTH 1298 valueFrom: 1299 secretKeyRef: 1300 name: argocd-redis 1301 key: auth 1302 volumeMounts: 1303 - name: config 1304 mountPath: /readonly-config 1305 readOnly: true 1306 - name: data 1307 mountPath: /data 1308 1309 1310 1311 containers: 1312 - name: redis 1313 image: public.ecr.aws/docker/library/redis:8.2.2-alpine 1314 imagePullPolicy: IfNotPresent 1315 command: 1316 - redis-server 1317 args: 1318 - /data/conf/redis.conf 1319 securityContext: 1320 allowPrivilegeEscalation: false 1321 capabilities: 1322 drop: 1323 - ALL 1324 runAsNonRoot: true 1325 runAsUser: 1000 1326 seccompProfile: 1327 type: RuntimeDefault 1328 env: 1329 - name: AUTH 1330 valueFrom: 1331 secretKeyRef: 1332 name: argocd-redis 1333 key: auth 1334 livenessProbe: 1335 initialDelaySeconds: 30 1336 periodSeconds: 15 1337 timeoutSeconds: 15 1338 successThreshold: 1 1339 failureThreshold: 5 1340 exec: 1341 command: 1342 - sh 1343 - -c 1344 - /health/redis_liveness.sh 1345 readinessProbe: 1346 initialDelaySeconds: 30 1347 periodSeconds: 15 1348 timeoutSeconds: 15 1349 successThreshold: 1 1350 failureThreshold: 5 1351 exec: 1352 command: 1353 - sh 1354 - -c 1355 - /health/redis_readiness.sh 1356 startupProbe: 1357 initialDelaySeconds: 30 1358 periodSeconds: 15 1359 timeoutSeconds: 15 1360 successThreshold: 1 1361 failureThreshold: 5 1362 exec: 1363 command: 1364 - sh 1365 - -c 1366 - /health/redis_readiness.sh 1367 resources: 1368 {} 1369 ports: 1370 - name: redis 1371 containerPort: 6379 1372 volumeMounts: 1373 - name: config 1374 mountPath: /readonly-config 1375 readOnly: true 1376 - mountPath: /data 1377 name: data 1378 - mountPath: /health 1379 name: health 1380 lifecycle: 1381 preStop: 1382 exec: 1383 command: 1384 - /bin/sh 1385 - /readonly-config/trigger-failover-if-master.sh 1386 - name: sentinel 1387 image: public.ecr.aws/docker/library/redis:8.2.2-alpine 1388 imagePullPolicy: IfNotPresent 1389 command: 1390 - redis-sentinel 1391 args: 1392 - /data/conf/sentinel.conf 1393 securityContext: 1394 allowPrivilegeEscalation: false 1395 capabilities: 1396 drop: 1397 - ALL 1398 runAsNonRoot: true 1399 runAsUser: 1000 1400 seccompProfile: 1401 type: RuntimeDefault 1402 env: 1403 - name: AUTH 1404 valueFrom: 1405 secretKeyRef: 1406 name: argocd-redis 1407 key: auth 1408 livenessProbe: 1409 initialDelaySeconds: 30 1410 periodSeconds: 15 1411 timeoutSeconds: 15 1412 successThreshold: 1 1413 failureThreshold: 5 1414 exec: 1415 command: 1416 - sh 1417 - -c 1418 - /health/sentinel_liveness.sh 1419 readinessProbe: 1420 initialDelaySeconds: 30 1421 periodSeconds: 15 1422 timeoutSeconds: 15 1423 successThreshold: 3 1424 failureThreshold: 5 1425 exec: 1426 command: 1427 - sh 1428 - -c 1429 - /health/sentinel_liveness.sh 1430 startupProbe: 1431 initialDelaySeconds: 5 1432 periodSeconds: 10 1433 timeoutSeconds: 15 1434 successThreshold: 1 1435 failureThreshold: 3 1436 exec: 1437 command: 1438 - sh 1439 - -c 1440 - /health/sentinel_liveness.sh 1441 resources: 1442 {} 1443 ports: 1444 - name: sentinel 1445 containerPort: 26379 1446 volumeMounts: 1447 - mountPath: /data 1448 name: data 1449 - mountPath: /health 1450 name: health 1451 lifecycle: 1452 postStart: 1453 exec: 1454 command: 1455 - /bin/sh 1456 - -c 1457 - sleep 30; redis-cli -p 26379 sentinel reset argocd 1458 1459 - name: split-brain-fix 1460 image: public.ecr.aws/docker/library/redis:8.2.2-alpine 1461 imagePullPolicy: IfNotPresent 1462 command: 1463 - sh 1464 args: 1465 - /readonly-config/fix-split-brain.sh 1466 securityContext: 1467 allowPrivilegeEscalation: false 1468 capabilities: 1469 drop: 1470 - ALL 1471 runAsNonRoot: true 1472 runAsUser: 1000 1473 seccompProfile: 1474 type: RuntimeDefault 1475 env: 1476 - name: SENTINEL_ID_0 1477 value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 1478 - name: SENTINEL_ID_1 1479 value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 1480 - name: SENTINEL_ID_2 1481 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca 1482 - name: AUTH 1483 valueFrom: 1484 secretKeyRef: 1485 name: argocd-redis 1486 key: auth 1487 resources: 1488 {} 1489 volumeMounts: 1490 - name: config 1491 mountPath: /readonly-config 1492 readOnly: true 1493 - mountPath: /data 1494 name: data 1495 volumes: 1496 - name: config 1497 configMap: 1498 name: argocd-redis-ha-configmap 1499 - name: health 1500 configMap: 1501 name: argocd-redis-ha-health-configmap 1502 defaultMode: 0755 1503 - name: data 1504 emptyDir: 1505 {}