Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(charts)!: Update Helm release redis to 20.6.3 #2480

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 9, 2024

This PR contains the following updates:

Package Update Change
redis (source) major 17.3.5 -> 20.6.3

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

bitnami/charts (redis)

v20.6.3

  • [bitnami/redis] fix: update JSON schema to allow string values for values passed to tpl (#​30526)

v20.6.2

v20.6.1

v20.6.0

v20.5.0

v20.4.1

v20.4.0

v20.3.0

v20.2.2

v20.2.1

v20.2.0

v20.1.7

v20.1.6

v20.1.5

v20.1.4

v20.1.3

v20.1.2

v20.1.1

v20.1.0

v20.0.5

v20.0.4

v20.0.3

v20.0.2

v20.0.1

v20.0.0

v19.6.4

v19.6.3

v19.6.2

v19.6.1

v19.6.0

v19.5.5

v19.5.4

v19.5.3

v19.5.2

v19.5.1

v19.5.0

v19.4.0

v19.3.4

v19.3.3

v19.3.2

v19.3.1

v19.3.0

v19.2.0

v19.1.5

v19.1.4

v19.1.3

v19.1.2

v19.1.1

v19.1.0

v19.0.2

  • allow to set containerSecurityContext on kubectl container to fix issue e.g. with OpenShift (#​24730) (4fda65b), closes #​24730

v19.0.1

v19.0.0

v18.19.4

v18.19.3

v18.19.2

v18.19.1

v18.19.0

v18.18.1

v18.18.0

  • [bitnami/redis] feat: ✨ 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (#​2 (063463f), closes #​24149

v18.17.1

v18.17.0

v18.16.1

v18.16.0

v18.15.1

v18.14.0

v18.13.0

v18.12.1

v18.12.0

  • [bitnami/redis] fix: 🐛 Add allowExternalEgress to avoid breaking istio and fix metrics port (#​22 (2b78bee), closes #​22955

v18.11.1

v18.11.0

v18.10.0

v18.9.1

v18.9.0

v18.8.3

  • [bitnami/redis] Do not create master and replica serviceaccounts when using sentinel (#​22716) (13c6479), closes #​22716

v18.8.2

v18.8.0

v18.7.1

v18.7.0

  • [bitnami/redis] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential s (2198b3f), closes #​22184

v18.6.4

v18.6.3

v18.6.2

v18.6.1

v18.6.0

v18.5.0

v18.4.0

v18.3.3

v18.3.2

v18.3.1

v18.3.0

v18.2.2

v18.2.1

v18.2.0

v18.1.6

v18.1.5

v18.1.4

v18.1.3

v18.1.2

v18.1.1

v18.1.0

v18.0.4

v18.0.2

v18.0.1

v18.0.0

v17.17.1

v17.17.0

v17.16.0

v17.15.6

v17.15.5

v17.15.4

v17.15.2

v17.15.1

v17.15.0

v17.14.6

v17.14.5

v17.14.4

v17.14.3

v17.14.2

v17.14.1

  • [bitnami/redis] Allow templatable values for .Values.auth.existingSecretPasswordKey (#​17723) (344db98), closes #​17723

v17.14.0


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from dfroberg as a code owner August 9, 2024 15:04
Copy link

github-actions bot commented Aug 9, 2024

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.0.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 9d91d0f to 6df8e89 Compare August 9, 2024 19:05
Copy link

github-actions bot commented Aug 9, 2024

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.0.1

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.0.0 feat(charts)!: Update Helm release redis to 20.0.1 Aug 9, 2024
@renovate renovate bot force-pushed the renovate/redis-20.x branch from 6df8e89 to 2510f25 Compare August 14, 2024 18:51
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.0.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.0.1 feat(charts)!: Update Helm release redis to 20.0.2 Aug 14, 2024
@renovate renovate bot force-pushed the renovate/redis-20.x branch from 2510f25 to f3460cb Compare August 20, 2024 19:14
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.0.3

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.0.2 feat(charts)!: Update Helm release redis to 20.0.3 Aug 20, 2024
@renovate renovate bot force-pushed the renovate/redis-20.x branch from f3460cb to 666dcad Compare September 4, 2024 13:06
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.0.3 feat(charts)!: Update Helm release redis to 20.0.4 Sep 4, 2024
Copy link

github-actions bot commented Sep 4, 2024

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.0.4

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 666dcad to 7cea3df Compare September 5, 2024 09:36
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.0.4 feat(charts)!: Update Helm release redis to 20.0.5 Sep 5, 2024
Copy link

github-actions bot commented Sep 5, 2024

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.0.5

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 7cea3df to bcfa7a6 Compare September 9, 2024 10:13
Copy link

github-actions bot commented Sep 9, 2024

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.1.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.0.5 feat(charts)!: Update Helm release redis to 20.1.0 Sep 9, 2024
@renovate renovate bot force-pushed the renovate/redis-20.x branch from bcfa7a6 to 50ab931 Compare September 13, 2024 08:34
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.1.0 feat(charts)!: Update Helm release redis to 20.1.1 Sep 13, 2024
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.1.1

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 50ab931 to 8aaebcc Compare September 13, 2024 16:33
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.1.1 feat(charts)!: Update Helm release redis to 20.1.2 Sep 13, 2024
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.1.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 8aaebcc to e1ab436 Compare September 14, 2024 20:00
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.1.2 feat(charts)!: Update Helm release redis to 20.1.3 Sep 14, 2024
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.1.3

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.63.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.3.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.1-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 38c1869 to 697d015 Compare December 2, 2024 12:48
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.3.0 feat(charts)!: Update Helm release redis to 20.4.0 Dec 2, 2024
Copy link

github-actions bot commented Dec 2, 2024

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.4.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.1-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 697d015 to 334c0eb Compare December 10, 2024 11:47
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.4.0 feat(charts)!: Update Helm release redis to 20.4.1 Dec 10, 2024
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.4.1

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.1-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from 334c0eb to 55c8f27 Compare December 11, 2024 06:23
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.5.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.1-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.4.1 feat(charts)!: Update Helm release redis to 20.5.0 Dec 11, 2024
@renovate renovate bot force-pushed the renovate/redis-20.x branch from 55c8f27 to c54fd6d Compare December 16, 2024 18:33
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.5.0 feat(charts)!: Update Helm release redis to 20.6.0 Dec 16, 2024
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.6.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.1-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from c54fd6d to b65337b Compare December 22, 2024 01:27
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.6.0 feat(charts)!: Update Helm release redis to 20.6.1 Dec 22, 2024
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.6.1

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.1-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot force-pushed the renovate/redis-20.x branch from b65337b to 5101d50 Compare January 8, 2025 15:30
Copy link

github-actions bot commented Jan 8, 2025

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.6.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.2-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.6.1 feat(charts)!: Update Helm release redis to 20.6.2 Jan 8, 2025
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.6.2 feat(charts)!: Update Helm release redis to 20.6.2 - autoclosed Jan 14, 2025
@renovate renovate bot closed this Jan 14, 2025
@renovate renovate bot deleted the renovate/redis-20.x branch January 14, 2025 09:34
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.6.2 - autoclosed feat(charts)!: Update Helm release redis to 20.6.2 Jan 14, 2025
@renovate renovate bot reopened this Jan 14, 2025
@renovate renovate bot force-pushed the renovate/redis-20.x branch from 202941b to 5101d50 Compare January 14, 2025 18:30
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.6.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.2-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

Signed-off-by: Danny Froberg <dfroberg@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/redis-20.x branch from 5101d50 to 7073a76 Compare January 15, 2025 13:38
@renovate renovate bot changed the title feat(charts)!: Update Helm release redis to 20.6.2 feat(charts)!: Update Helm release redis to 20.6.3 Jan 15, 2025
Copy link

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 20.6.3

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.4.2-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants