-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(charts)!: Update Helm release redis to 20.6.3 #2480
base: main
Are you sure you want to change the base?
Conversation
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
9d91d0f
to
6df8e89
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
6df8e89
to
2510f25
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r1
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
2510f25
to
f3460cb
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
f3460cb
to
666dcad
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
666dcad
to
7cea3df
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
7cea3df
to
bcfa7a6
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
bcfa7a6
to
50ab931
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
50ab931
to
8aaebcc
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
8aaebcc
to
e1ab436
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.0-debian-12-r4
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.63.0-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.1-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
38c1869
to
697d015
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.1-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
697d015
to
334c0eb
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.1-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
334c0eb
to
55c8f27
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.1-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
55c8f27
to
c54fd6d
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.1-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
c54fd6d
to
b65337b
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.1-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
b65337b
to
5101d50
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.2-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
202941b
to
5101d50
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.2-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
Signed-off-by: Danny Froberg <dfroberg@users.noreply.github.com>
5101d50
to
7073a76
Compare
Path: @@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
metadata:
name: redis
namespace: "default"
labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 6379
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+ name: redis-master
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/secret.yaml
apiVersion: v1
@@ -17,9 +64,9 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
type: Opaque
data:
redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
name: redis-configuration
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
@@ -62,9 +109,9 @@
name: redis-health
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
@@ -72,7 +119,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -92,7 +139,7 @@
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
@@ -113,7 +160,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
name: redis-scripts
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
data:
start-master.sh: |
#!/bin/bash
@@ -196,10 +243,9 @@
name: redis-headless
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/name: redis
spec:
type: ClusterIP
clusterIP: None
@@ -208,8 +254,8 @@
port: 6379
targetPort: redis
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/service.yaml
apiVersion: v1
@@ -218,9 +264,9 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
@@ -232,8 +278,8 @@
targetPort: redis
nodePort: null
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
---
# Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
name: redis-metrics
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics
spec:
type: ClusterIP
@@ -255,8 +301,8 @@
protocol: TCP
targetPort: metrics
selector:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
---
# Source: redis/templates/master/application.yaml
apiVersion: apps/v1
@@ -265,39 +311,43 @@
name: redis-master
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
spec:
replicas: 1
+ revisionHistoryLimit: 10
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
serviceName: redis-headless
updateStrategy:
- rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
annotations:
- checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
- checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
- checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
- checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+ checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+ checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+ checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+ checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
prometheus.io/port: "9121"
prometheus.io/scrape: "true"
spec:
securityContext:
fsGroup: 1001
- serviceAccountName: redis
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
+ serviceAccountName: redis-master
+ automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
@@ -305,21 +355,30 @@
- podAffinityTerm:
labelSelector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: master
- namespaces:
- - "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
+ enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+ image: docker.io/bitnami/redis:7.4.2-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
args:
@@ -368,8 +427,14 @@
- -c
- /health/ping_readiness_local.sh 1
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
mountPath: /health
- name: redis-data
mountPath: /data
- subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc/
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+ image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
imagePullPolicy: "IfNotPresent"
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
command:
- /bin/bash
- -c
@@ -400,6 +476,8 @@
env:
- name: REDIS_ALIAS
value: redis
+ - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+ value: :9121
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
ports:
- name: metrics
containerPort: 9121
+ livenessProbe:
+ failureThreshold: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ tcpSocket:
+ port: metrics
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: metrics
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 2Gi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: app-tmp-dir
volumes:
- name: start-scripts
configMap:
@@ -426,9 +530,7 @@
- name: config
configMap:
name: redis-configuration
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
persistentVolumeClaim:
@@ -441,18 +543,18 @@
name: redis
namespace: "default"
labels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
spec:
endpoints:
- port: http-metrics
interval: 30s
namespaceSelector:
matchNames:
- - default
+ - "default"
selector:
matchLabels:
- app.kubernetes.io/name: redis
app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
app.kubernetes.io/component: metrics |
This PR contains the following updates:
17.3.5
->20.6.3
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
bitnami/charts (redis)
v20.6.3
v20.6.2
v20.6.1
v20.6.0
v20.5.0
v20.4.1
v20.4.0
v20.3.0
v20.2.2
v20.2.1
v20.2.0
v20.1.7
v20.1.6
v20.1.5
v20.1.4
v20.1.3
v20.1.2
v20.1.1
v20.1.0
v20.0.5
v20.0.4
v20.0.3
v20.0.2
v20.0.1
v20.0.0
v19.6.4
v19.6.3
v19.6.2
v19.6.1
v19.6.0
v19.5.5
v19.5.4
v19.5.3
v19.5.2
v19.5.1
v19.5.0
v19.4.0
v19.3.4
v19.3.3
v19.3.2
v19.3.1
v19.3.0
v19.2.0
v19.1.5
v19.1.4
v19.1.3
v19.1.2
v19.1.1
v19.1.0
v19.0.2
v19.0.1
v19.0.0
v18.19.4
v18.19.3
v18.19.2
v18.19.1
v18.19.0
v18.18.1
v18.18.0
v18.17.1
v18.17.0
v18.16.1
v18.16.0
v18.15.1
v18.14.0
v18.13.0
v18.12.1
v18.12.0
v18.11.1
v18.11.0
v18.10.0
v18.9.1
v18.9.0
v18.8.3
v18.8.2
v18.8.0
v18.7.1
v18.7.0
v18.6.4
v18.6.3
v18.6.2
v18.6.1
v18.6.0
v18.5.0
v18.4.0
v18.3.3
v18.3.2
v18.3.1
v18.3.0
v18.2.2
v18.2.1
v18.2.0
v18.1.6
v18.1.5
v18.1.4
persistentVolumeClaimRetentionPolicy
for redis (#19689) (5658fa8), closes #19689v18.1.3
v18.1.2
v18.1.1
v18.1.0
v18.0.4
v18.0.2
v18.0.1
v18.0.0
v17.17.1
v17.17.0
v17.16.0
v17.15.6
v17.15.5
v17.15.4
v17.15.2
v17.15.1
v17.15.0
v17.14.6
v17.14.5
v17.14.4
v17.14.3
v17.14.2
v17.14.1
.Values.auth.existingSecretPasswordKey
(#17723) (344db98), closes #17723v17.14.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.