diff --git a/charts/sentry/templates/_helper.tpl b/charts/sentry/templates/_helper.tpl index 9af12865b..4c74230f6 100644 --- a/charts/sentry/templates/_helper.tpl +++ b/charts/sentry/templates/_helper.tpl @@ -286,13 +286,37 @@ Set redis port Set redis password */}} {{- define "sentry.redis.password" -}} +{{- if and (.Values.redis.enabled) (.Values.redis.auth.enabled) -}} +{{ .Values.redis.auth.password }} +{{- else if .Values.externalRedis.password -}} +{{ .Values.externalRedis.password }} +{{- else }} +{{- end -}} +{{- end -}} + +{{/* +Set redis db +*/}} +{{- define "sentry.redis.db" -}} {{- if .Values.redis.enabled -}} -{{ .Values.redis.password }} +{{ default 0 .Values.redis.db }} {{- else -}} -{{ .Values.externalRedis.password }} +{{ default 0 .Values.externalRedis.db }} {{- end -}} {{- end -}} +{{/* +Set redis ssl +*/}} +{{- define "sentry.redis.ssl" -}} +{{- if .Values.redis.enabled -}} +{{ default false .Values.redis.ssl }} +{{- else -}} +{{ default false .Values.externalRedis.ssl }} +{{- end -}} +{{- end -}} + + {{/* Create the name of the service account to use */}} @@ -454,6 +478,27 @@ Common Snuba environment variables value: /etc/snuba/settings.py - name: DEFAULT_BROKERS value: {{ include "sentry.kafka.bootstrap_servers_string" . | quote }} +{{- if and (.Values.redis.enabled) (.Values.redis.auth.enabled) }} +{{- if .Values.redis.auth.password }} +- name: REDIS_PASSWORD + value: {{ .Values.redis.auth.password | quote }} +{{- else if .Values.redis.auth.existingSecret }} +- name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "sentry.redis.fullname" .) .Values.redis.auth.existingSecret }} + key: {{ default "redis-password" .Values.redis.auth.existingSecretPasswordKey }} +{{- end }} +{{- else if .Values.externalRedis.password }} +- name: REDIS_PASSWORD + value: {{ .Values.externalRedis.password | quote }} +{{- else if .Values.externalRedis.existingSecret }} +- name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret }} + key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }} +{{- end }} {{- if .Values.externalClickhouse.existingSecret }} - name: CLICKHOUSE_PASSWORD valueFrom: @@ -467,6 +512,8 @@ Common Snuba environment variables - name: UWSGI_HTTP_SOCKET value: "[::]:1218" {{- end }} +- name: REDIS_PORT + value: {{ default "6379" (include "sentry.redis.port" . | quote ) -}} {{- end -}} {{- define "vroom.env" -}} @@ -484,6 +531,10 @@ Common Snuba environment variables Common Sentry environment variables */}} {{- define "sentry.env" -}} +{{- $redisHost := include "sentry.redis.host" . -}} +{{- $redisPort := include "sentry.redis.port" . -}} +{{- $redisDb := include "sentry.redis.db" . -}} +{{- $redisProto := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true") -}} - name: SNUBA value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" . }} - name: VROOM @@ -568,6 +619,45 @@ Common Sentry environment variables secretKeyRef: name: {{ .Values.filestore.s3.existingSecret }} key: {{ default "s3-secret-access-key" .Values.filestore.s3.secretAccessKeyRef }} + key: {{ default "postgresql-password" .Values.externalPostgresql.existingSecretKey }} +{{- end }} +{{- if .Values.redis.enabled }} +{{- if .Values.redis.password }} +- name: REDIS_PASSWORD + value: {{ .Values.redis.password | quote }} +{{- else if .Values.redis.existingSecret }} +- name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "sentry.redis.fullname" .) .Values.redis.existingSecret }} + key: {{ default "redis-password" .Values.redis.existingSecretKey }} +{{- end }} +{{- else if .Values.externalRedis.password }} +- name: REDIS_PASSWORD + value: {{ .Values.externalRedis.password | quote }} +{{- else if .Values.externalRedis.existingSecret }} +- name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret }} + key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }} +{{- end }} +{{- if and (.Values.redis.enabled) (.Values.redis.auth.existingSecret) }} +- name: HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED + valueFrom: + secretKeyRef: + name: {{ .Values.redis.auth.existingSecret }} + key: {{ default "redis-password" .Values.redis.auth.existingSecretPasswordKey }} +- name: BROKER_URL + value: "{{ $redisProto }}://:$(HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}" +{{- else if (.Values.externalRedis.existingSecret) }} +- name: HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret }} + key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }} +- name: BROKER_URL + value: "{{ $redisProto }}://:$(HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}" {{- end }} {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - name: GOOGLE_APPLICATION_CREDENTIALS @@ -620,7 +710,7 @@ Common Sentry environment variables valueFrom: secretKeyRef: name: {{ .Values.discord.existingSecret }} - key: {{ default "bot-token" .Values.discord.existingSecretBotToken }} + key: {{ default "bot-token" .Values.discord.existingSecretBotToken }} {{- end }} {{- if and .Values.github.existingSecret }} - name: GITHUB_APP_PRIVATE_KEY diff --git a/charts/sentry/templates/relay/_helper-sentry-relay.tpl b/charts/sentry/templates/relay/_helper-sentry-relay.tpl index 002100474..c62803b0d 100644 --- a/charts/sentry/templates/relay/_helper-sentry-relay.tpl +++ b/charts/sentry/templates/relay/_helper-sentry-relay.tpl @@ -2,6 +2,8 @@ {{- $redisHost := include "sentry.redis.host" . -}} {{- $redisPort := include "sentry.redis.port" . -}} {{- $redisPass := include "sentry.redis.password" . -}} +{{- $redisDb := include "sentry.redis.db" . -}} +{{- $redisProto := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true") -}} config.yml: |- relay: {{- if .Values.relay.mode }} @@ -63,9 +65,11 @@ config.yml: |- {{- end }} {{- if $redisPass }} - redis: "redis://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}" + {{- if and (not .Values.externalRedis.existingSecret) (not .Values.redis.auth.existingSecret)}} + redis: "{{ $redisProto }}://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}" + {{- end }} {{- else }} - redis: "redis://{{ $redisHost }}:{{ $redisPort }}" + redis: "{{ $redisProto }}://{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}" {{- end }} topics: metrics_sessions: ingest-metrics diff --git a/charts/sentry/templates/relay/deployment-relay.yaml b/charts/sentry/templates/relay/deployment-relay.yaml index 709ebf341..18557c148 100644 --- a/charts/sentry/templates/relay/deployment-relay.yaml +++ b/charts/sentry/templates/relay/deployment-relay.yaml @@ -1,4 +1,10 @@ {{- if .Values.relay.enabled }} +{{- $redisHost := include "sentry.redis.host" . -}} +{{- $redisPort := include "sentry.redis.port" . -}} +{{- $redisDb := include "sentry.redis.db" . -}} +{{- $redisPass := include "sentry.redis.password" . -}} +{{- $redisProto := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true") -}} + apiVersion: apps/v1 kind: Deployment metadata: @@ -86,6 +92,15 @@ spec: env: - name: RELAY_PORT value: '{{ template "relay.port" }}' + {{- if and (not $redisPass) (.Values.externalRedis.existingSecret) }} + - name: HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret }} + key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }} + - name: RELAY_REDIS_URL + value: {{ $redisProto }}://$(HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }} + {{- end }} {{- if .Values.relay.init.env }} {{ toYaml .Values.relay.init.env | indent 12 }} {{- end }} @@ -119,6 +134,15 @@ spec: env: - name: RELAY_PORT value: '{{ template "relay.port" }}' + {{- if and (not $redisPass) (.Values.externalRedis.existingSecret) }} + - name: HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret }} + key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }} + - name: RELAY_REDIS_URL + value: {{ $redisProto }}://$(HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }} + {{- end }} {{- if .Values.relay.env }} {{ toYaml .Values.relay.env | indent 8 }} {{- end }} diff --git a/charts/sentry/templates/sentry/_helper-sentry.tpl b/charts/sentry/templates/sentry/_helper-sentry.tpl index 54bb50682..a2d02656f 100644 --- a/charts/sentry/templates/sentry/_helper-sentry.tpl +++ b/charts/sentry/templates/sentry/_helper-sentry.tpl @@ -2,6 +2,8 @@ {{- $redisHost := include "sentry.redis.host" . -}} {{- $redisPort := include "sentry.redis.port" . -}} {{- $redisPass := include "sentry.redis.password" . -}} +{{- $redisDb := include "sentry.redis.db" . -}} +{{- $redisProto := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true") -}} config.yml: |- {{- if .Values.system.adminEmail }} system.admin-email: {{ .Values.system.adminEmail | quote }} @@ -73,15 +75,7 @@ config.yml: |- ######### # Redis # ######### - redis.clusters: - default: - hosts: - 0: - host: {{ $redisHost | quote }} - port: {{ $redisPort }} - {{- if $redisPass }} - password: {{ $redisPass | quote }} - {{- end }} + # This is configured in the sentry.conf.py as that has support for environment variables. ################ # File storage # @@ -171,6 +165,28 @@ sentry.conf.py: |- SENTRY_OPTIONS["system.event-retention-days"] = int(env('SENTRY_EVENT_RETENTION_DAYS') or {{ .Values.sentry.cleanup.days | quote }}) + ######### + # Redis # + ######### + + # Generic Redis configuration used as defaults for various things including: + # Buffers, Quotas, TSDB + SENTRY_OPTIONS["redis.clusters"] = { + "default": { + "hosts": { + 0: { + "host": {{ $redisHost | quote }}, + "password": os.environ.get("REDIS_PASSWORD", {{ $redisPass | quote }}), + "port": {{ $redisPort | quote }}, + {{- if .Values.externalRedis.ssl }} + "ssl": {{ .Values.externalRedis.ssl | quote }}, + {{- end }} + "db": {{ $redisDb | quote }} + } + } + } + } + ######### # Queue # ######### @@ -182,9 +198,9 @@ sentry.conf.py: |- {{- if or (.Values.rabbitmq.enabled) (.Values.rabbitmq.host) }} BROKER_URL = os.environ.get("BROKER_URL", "amqp://{{ .Values.rabbitmq.auth.username }}:{{ .Values.rabbitmq.auth.password }}@{{ template "sentry.rabbitmq.host" . }}:5672/{{ .Values.rabbitmq.vhost }}") {{- else if $redisPass }} - BROKER_URL = os.environ.get("BROKER_URL", "redis://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}/0") - {{- else }} - BROKER_URL = os.environ.get("BROKER_URL", "redis://{{ $redisHost }}:{{ $redisPort }}/0") + BROKER_URL = os.environ.get("BROKER_URL", "{{ $redisProto }}://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}") + {{- else if and (not .Values.externalRedis.existingSecret) (not .Values.redis.auth.existingSecret)}} + BROKER_URL = os.environ.get("BROKER_URL", "{{ $redisProto }}://{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}") {{- end }} ######### diff --git a/charts/sentry/templates/snuba/_helper-snuba.tpl b/charts/sentry/templates/snuba/_helper-snuba.tpl index 0f3ee295a..40ea0f786 100644 --- a/charts/sentry/templates/snuba/_helper-snuba.tpl +++ b/charts/sentry/templates/snuba/_helper-snuba.tpl @@ -1,5 +1,6 @@ {{- define "sentry.snuba.config" -}} {{- $redisPass := include "sentry.redis.password" . -}} +{{- $redisSsl := include "sentry.redis.ssl" . -}} settings.py: | import os @@ -75,10 +76,21 @@ settings.py: | # Redis Options REDIS_HOST = {{ include "sentry.redis.host" . | quote }} REDIS_PORT = {{ include "sentry.redis.port" . }} - {{- if $redisPass }} + {{- if or (not ($redisPass)) (.Values.externalRedis.existingSecret) (.Values.redis.auth.existingSecret) }} + REDIS_PASSWORD = env("REDIS_PASSWORD", "") + {{- else if $redisPass }} REDIS_PASSWORD = {{ $redisPass | quote }} {{- end }} - REDIS_DB = int(env("REDIS_DB", 1)) + + {{- if .Values.redis.enabled }} + REDIS_DB = int(env("REDIS_DB", {{ default 1 .Values.redis.db }})) + {{- else }} + REDIS_DB = int(env("REDIS_DB", {{ default 1 .Values.externalRedis.db }})) + {{- end }} + + {{- if eq $redisSsl "true" }} + REDIS_SSL = True + {{- end }} {{- if .Values.metrics.enabled }} DOGSTATSD_HOST = "{{ template "sentry.fullname" . }}-metrics" diff --git a/charts/sentry/values.yaml b/charts/sentry/values.yaml index e90db2efb..077582d21 100644 --- a/charts/sentry/values.yaml +++ b/charts/sentry/values.yaml @@ -2075,10 +2075,12 @@ redis: auth: enabled: false sentinel: false + ## Just omit the password field if your redis cluster doesn't use password + # password: redis + # existingSecret: secret-name + ## set existingSecretPasswordKey if key name inside existingSecret is different from redis-password' + # existingSecretPasswordKey: secret-key-name nameOverride: sentry-redis - usePassword: false - ## Just omit the password field if your redis cluster doesn't use password - # password: redis master: persistence: enabled: true @@ -2096,6 +2098,13 @@ externalRedis: port: 6379 ## Just omit the password field if your redis cluster doesn't use password # password: redis + # existingSecret: secret-name + ## set existingSecretKey if key name inside existingSecret is different from redis-password' + # existingSecretKey: secret-key-name + ## Integer database number to use for redis (This is an integer) + # db: 0 + ## Use ssl for the connection to Redis (True/False) + # ssl: false postgresql: enabled: true