feat: reintroduce "Extend Redis functionality"

charts/sentry/templates/_helper.tpl

@@ -286,13 +286,37 @@ Set redis port
 Set redis password
 */}}
 {{- define "sentry.redis.password" -}}
+{{- if and (.Values.redis.enabled) (.Values.redis.auth.enabled) -}}
+{{ .Values.redis.auth.password }}
+{{- else if .Values.externalRedis.password -}}
+{{ .Values.externalRedis.password }}
+{{- else }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set redis db
+*/}}
+{{- define "sentry.redis.db" -}}
 {{- if .Values.redis.enabled -}}
-{{ .Values.redis.password }}
+{{ default 0 .Values.redis.db }}
 {{- else -}}
-{{ .Values.externalRedis.password }}
+{{ default 0 .Values.externalRedis.db }}
 {{- end -}}
 {{- end -}}
 
+{{/*
+Set redis ssl
+*/}}
+{{- define "sentry.redis.ssl" -}}
+{{- if .Values.redis.enabled -}}
+{{ default false .Values.redis.ssl }}
+{{- else -}}
+{{ default false .Values.externalRedis.ssl }}
+{{- end -}}
+{{- end -}}
+
+
 {{/*
 Create the name of the service account to use
 */}}
@@ -454,6 +478,27 @@ Common Snuba environment variables
   value: /etc/snuba/settings.py
 - name: DEFAULT_BROKERS
   value: {{ include "sentry.kafka.bootstrap_servers_string" . | quote }}
+{{- if and (.Values.redis.enabled) (.Values.redis.auth.enabled) }}
+{{- if .Values.redis.auth.password }}
+- name: REDIS_PASSWORD
+  value: {{ .Values.redis.auth.password | quote }}
+{{- else if .Values.redis.auth.existingSecret }}
+- name: REDIS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ default (include "sentry.redis.fullname" .) .Values.redis.auth.existingSecret }}
+      key: {{ default "redis-password" .Values.redis.auth.existingSecretPasswordKey }}
+{{- end }}
+{{- else if .Values.externalRedis.password }}
+- name: REDIS_PASSWORD
+  value: {{ .Values.externalRedis.password | quote }}
+{{- else if .Values.externalRedis.existingSecret }}
+- name: REDIS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalRedis.existingSecret }}
+      key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }}
+{{- end }}
 {{- if .Values.externalClickhouse.existingSecret }}
 - name: CLICKHOUSE_PASSWORD
   valueFrom:
@@ -467,6 +512,8 @@ Common Snuba environment variables
 - name: UWSGI_HTTP_SOCKET
   value: "[::]:1218"
 {{- end }}
+- name: REDIS_PORT
+  value:  {{ default "6379" (include "sentry.redis.port" . | quote ) -}}
 {{- end -}}
 
 {{- define "vroom.env" -}}
@@ -484,6 +531,10 @@ Common Snuba environment variables
 Common Sentry environment variables
 */}}
 {{- define "sentry.env" -}}
+{{- $redisHost := include "sentry.redis.host" . -}}
+{{- $redisPort := include "sentry.redis.port" . -}}
+{{- $redisDb     := include "sentry.redis.db" . -}}
+{{- $redisProto  := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true")  -}}
 - name: SNUBA
   value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" . }}
 - name: VROOM
@@ -568,6 +619,45 @@ Common Sentry environment variables
     secretKeyRef:
       name: {{ .Values.filestore.s3.existingSecret }}
       key: {{ default "s3-secret-access-key" .Values.filestore.s3.secretAccessKeyRef }}
+      key: {{ default "postgresql-password" .Values.externalPostgresql.existingSecretKey }}
+{{- end }}
+{{- if .Values.redis.enabled }}
+{{- if .Values.redis.password }}
+- name: REDIS_PASSWORD
+  value: {{ .Values.redis.password | quote }}
+{{- else if .Values.redis.existingSecret }}
+- name: REDIS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ default (include "sentry.redis.fullname" .) .Values.redis.existingSecret }}
+      key: {{ default "redis-password" .Values.redis.existingSecretKey }}
+{{- end }}
+{{- else if .Values.externalRedis.password }}
+- name: REDIS_PASSWORD
+  value: {{ .Values.externalRedis.password | quote }}
+{{- else if .Values.externalRedis.existingSecret }}
+- name: REDIS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalRedis.existingSecret }}
+      key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }}
+{{- end }}
+{{- if and (.Values.redis.enabled) (.Values.redis.auth.existingSecret) }}
+- name: HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.redis.auth.existingSecret }}
+      key: {{ default "redis-password" .Values.redis.auth.existingSecretPasswordKey }}
+- name: BROKER_URL
+  value: "{{ $redisProto }}://:$(HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}"
+{{- else if (.Values.externalRedis.existingSecret) }}
+- name: HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalRedis.existingSecret }}
+      key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }}
+- name: BROKER_URL
+  value: "{{ $redisProto }}://:$(HELM_CHARTS_SENTRY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}"
 {{- end }}
 {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }}
 - name: GOOGLE_APPLICATION_CREDENTIALS
@@ -620,7 +710,7 @@ Common Sentry environment variables
   valueFrom:
     secretKeyRef:
       name: {{ .Values.discord.existingSecret }}
-      key: {{ default "bot-token" .Values.discord.existingSecretBotToken }}      
+      key: {{ default "bot-token" .Values.discord.existingSecretBotToken }}
 {{- end }}
 {{- if and .Values.github.existingSecret }}
 - name: GITHUB_APP_PRIVATE_KEY

charts/sentry/templates/relay/_helper-sentry-relay.tpl

@@ -2,6 +2,8 @@
 {{- $redisHost := include "sentry.redis.host" . -}}
 {{- $redisPort := include "sentry.redis.port" . -}}
 {{- $redisPass := include "sentry.redis.password" . -}}
+{{- $redisDb     := include "sentry.redis.db" . -}}
+{{- $redisProto  := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true")  -}}
 config.yml: |-
   relay:
     {{- if .Values.relay.mode }}
@@ -63,9 +65,11 @@ config.yml: |-
       {{- end }}
 
     {{- if $redisPass }}
-    redis: "redis://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}"
+    {{- if and (not .Values.externalRedis.existingSecret) (not .Values.redis.auth.existingSecret)}}
+    redis: "{{ $redisProto }}://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}"
+    {{- end }}
     {{- else }}
-    redis: "redis://{{ $redisHost }}:{{ $redisPort }}"
+    redis: "{{ $redisProto }}://{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}"
     {{- end }}
     topics:
       metrics_sessions: ingest-metrics

charts/sentry/templates/relay/deployment-relay.yaml

@@ -1,4 +1,10 @@
 {{- if .Values.relay.enabled }}
+{{- $redisHost := include "sentry.redis.host" . -}}
+{{- $redisPort := include "sentry.redis.port" . -}}
+{{- $redisDb     := include "sentry.redis.db" . -}}
+{{- $redisPass := include "sentry.redis.password" . -}}
+{{- $redisProto  := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true")  -}}
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -86,6 +92,15 @@ spec:
           env:
             - name: RELAY_PORT
               value: '{{ template "relay.port" }}'
+          {{- if and (not $redisPass) (.Values.externalRedis.existingSecret) }}
+            - name: HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.externalRedis.existingSecret }}
+                  key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }}
+            - name: RELAY_REDIS_URL
+              value: {{ $redisProto }}://$(HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}
+          {{- end }}
 {{- if .Values.relay.init.env }}
 {{ toYaml .Values.relay.init.env | indent 12 }}
 {{- end }}
@@ -119,6 +134,15 @@ spec:
         env:
         - name: RELAY_PORT
           value: '{{ template "relay.port" }}'
+        {{- if and (not $redisPass) (.Values.externalRedis.existingSecret) }}
+        - name: HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.externalRedis.existingSecret }}
+              key: {{ default "redis-password" .Values.externalRedis.existingSecretKey }}
+        - name: RELAY_REDIS_URL
+          value: {{ $redisProto }}://$(HELM_CHARTS_RELAY_REDIS_PASSWORD_CONTROLLED)@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}
+        {{- end }}
 {{- if .Values.relay.env }}
 {{ toYaml .Values.relay.env | indent 8 }}
 {{- end }}

charts/sentry/templates/sentry/_helper-sentry.tpl

@@ -2,6 +2,8 @@
 {{- $redisHost := include "sentry.redis.host" . -}}
 {{- $redisPort := include "sentry.redis.port" . -}}
 {{- $redisPass := include "sentry.redis.password" . -}}
+{{- $redisDb     := include "sentry.redis.db" . -}}
+{{- $redisProto  := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true")  -}}
 config.yml: |-
   {{- if .Values.system.adminEmail }}
   system.admin-email: {{ .Values.system.adminEmail | quote }}
@@ -73,15 +75,7 @@ config.yml: |-
   #########
   # Redis #
   #########
-  redis.clusters:
-    default:
-      hosts:
-        0:
-          host: {{ $redisHost | quote }}
-          port: {{ $redisPort }}
-          {{- if $redisPass }}
-          password: {{ $redisPass | quote }}
-          {{- end }}
+  # This is configured in the sentry.conf.py as that has support for environment variables.
 
   ################
   # File storage #
@@ -171,6 +165,28 @@ sentry.conf.py: |-
 
   SENTRY_OPTIONS["system.event-retention-days"] = int(env('SENTRY_EVENT_RETENTION_DAYS') or {{ .Values.sentry.cleanup.days | quote }})
 
+  #########
+  # Redis #
+  #########
+
+  # Generic Redis configuration used as defaults for various things including:
+  # Buffers, Quotas, TSDB
+  SENTRY_OPTIONS["redis.clusters"] = {
+    "default": {
+      "hosts": {
+        0: {
+          "host": {{ $redisHost | quote }},
+          "password": os.environ.get("REDIS_PASSWORD", {{ $redisPass | quote }}),
+          "port": {{ $redisPort | quote }},
+          {{- if .Values.externalRedis.ssl }}
+          "ssl": {{ .Values.externalRedis.ssl | quote }},
+          {{- end }}
+          "db": {{ $redisDb | quote }}
+        }
+      }
+    }
+  }
+
   #########
   # Queue #
   #########
@@ -182,9 +198,9 @@ sentry.conf.py: |-
   {{- if or (.Values.rabbitmq.enabled) (.Values.rabbitmq.host) }}
   BROKER_URL = os.environ.get("BROKER_URL", "amqp://{{ .Values.rabbitmq.auth.username }}:{{ .Values.rabbitmq.auth.password }}@{{ template "sentry.rabbitmq.host" . }}:5672/{{ .Values.rabbitmq.vhost }}")
   {{- else if $redisPass }}
-  BROKER_URL = os.environ.get("BROKER_URL", "redis://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}/0")
-  {{- else }}
-  BROKER_URL = os.environ.get("BROKER_URL", "redis://{{ $redisHost }}:{{ $redisPort }}/0")
+  BROKER_URL = os.environ.get("BROKER_URL", "{{ $redisProto }}://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}")
+  {{- else if and (not .Values.externalRedis.existingSecret) (not .Values.redis.auth.existingSecret)}}
+  BROKER_URL = os.environ.get("BROKER_URL", "{{ $redisProto }}://{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}")
   {{- end }}
 
   #########

charts/sentry/templates/snuba/_helper-snuba.tpl

@@ -1,5 +1,6 @@
 {{- define "sentry.snuba.config" -}}
 {{- $redisPass := include "sentry.redis.password" . -}}
+{{- $redisSsl  := include "sentry.redis.ssl" . -}}
 settings.py: |
   import os
 
@@ -62,10 +63,21 @@ settings.py: |
   # Redis Options
   REDIS_HOST = {{ include "sentry.redis.host" . | quote }}
   REDIS_PORT = {{ include "sentry.redis.port" . }}
-  {{- if $redisPass }}
+  {{- if or (not ($redisPass)) (.Values.externalRedis.existingSecret) (.Values.redis.auth.existingSecret) }}
+  REDIS_PASSWORD = env("REDIS_PASSWORD", "")
+  {{- else if $redisPass }}
   REDIS_PASSWORD = {{ $redisPass | quote }}
   {{- end }}
-  REDIS_DB = int(env("REDIS_DB", 1))
+
+  {{- if .Values.redis.enabled }}
+  REDIS_DB = int(env("REDIS_DB", {{ default 1 .Values.redis.db }}))
+  {{- else }}
+  REDIS_DB = int(env("REDIS_DB", {{ default 1 .Values.externalRedis.db }}))
+  {{- end }}
+
+  {{- if eq $redisSsl "true" }}
+  REDIS_SSL = True
+  {{- end }}
 
 {{- if .Values.metrics.enabled }}
   DOGSTATSD_HOST = "{{ template "sentry.fullname" . }}-metrics"

charts/sentry/values.yaml

@@ -2070,10 +2070,12 @@ redis:
   auth:
     enabled: false
     sentinel: false
+    ## Just omit the password field if your redis cluster doesn't use password
+    # password: redis
+    # existingSecret: secret-name
+    ## set existingSecretPasswordKey if key name inside existingSecret is different from redis-password'
+    # existingSecretPasswordKey: secret-key-name
   nameOverride: sentry-redis
-  usePassword: false
-  ## Just omit the password field if your redis cluster doesn't use password
-  # password: redis
   master:
     persistence:
       enabled: true
@@ -2091,6 +2093,13 @@ externalRedis:
   port: 6379
   ## Just omit the password field if your redis cluster doesn't use password
   # password: redis
+  # existingSecret: secret-name
+  ## set existingSecretKey if key name inside existingSecret is different from redis-password'
+  # existingSecretKey: secret-key-name
+  ## Integer database number to use for redis (This is an integer)
+  # db: 0
+  ## Use ssl for the connection to Redis (True/False)
+  # ssl: false
 
 postgresql:
   enabled: true