Probe use built-in, discarded healthcheck.sh

Signed-off-by: muicoder <[email protected]> https://github.com/redis/redis/blob/unstable/TLS.md The probe uses env mode to load the TLS certificate.
OT-CONTAINER-KIT · Dec 26, 2023 · 1545107 · 1545107
1 parent 8f789aa
commit 1545107
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 7 deletions.
diff --git a/k8sutils/statefulset.go b/k8sutils/statefulset.go
@@ -362,8 +362,8 @@ func generateContainerDef(name string, containerParams containerParameters, clus
 				containerParams.EnvVars,
 				containerParams.Port,
 			),
-			ReadinessProbe: getProbeInfo(containerParams.ReadinessProbe),
-			LivenessProbe:  getProbeInfo(containerParams.LivenessProbe),
+			ReadinessProbe: getProbeInfo(containerParams, "R"),
+			LivenessProbe:  getProbeInfo(containerParams, "L"),
 			VolumeMounts:   getVolumeMount(name, containerParams.PersistenceEnabled, clusterMode, nodeConfVolume, externalConfig, mountpath, containerParams.TLSConfig, containerParams.ACLConfig),
 		},
 	}
@@ -573,7 +573,35 @@ func getVolumeMount(name string, persistenceEnabled *bool, clusterMode bool, nod
 }
 
 // getProbeInfo generate probe for Redis StatefulSet
-func getProbeInfo(probe *commonapi.Probe) *corev1.Probe {
+func getProbeInfo(params containerParameters, probeType string) *corev1.Probe {
+	probePort := redisPort
+	if params.Role == "sentinel" {
+		probePort = sentinelPort
+	}
+
+	probeCommand := []string{
+		"redis-cli", "-p", strconv.Itoa(probePort),
+	}
+
+	if params.TLSConfig != nil {
+		probeCommand = append(probeCommand, "--tls")
+		if params.TLSConfig.CaKeyFile != "" {
+			probeCommand = append(probeCommand, "--cacert", "$(REDIS_TLS_CA_KEY)")
+		}
+		probeCommand = append(probeCommand, "--cert", "$(REDIS_TLS_CERT)", "--key", "$(REDIS_TLS_CERT_KEY)")
+	}
+	probeCommand = append(probeCommand, "ping")
+
+	var probe *commonapi.Probe
+	switch probeType {
+	case "R":
+		probe = params.ReadinessProbe
+	case "L":
+		probe = params.LivenessProbe
+	default:
+		probe = params.LivenessProbe
+	}
+
 	return &corev1.Probe{
 		InitialDelaySeconds: probe.InitialDelaySeconds,
 		PeriodSeconds:       probe.PeriodSeconds,
@@ -582,10 +610,7 @@ func getProbeInfo(probe *commonapi.Probe) *corev1.Probe {
 		SuccessThreshold:    probe.SuccessThreshold,
 		ProbeHandler: corev1.ProbeHandler{
 			Exec: &corev1.ExecAction{
-				Command: []string{
-					"bash",
-					"/usr/bin/healthcheck.sh",
-				},
+				Command: probeCommand,
 			},
 		},
 	}
@@ -645,6 +670,17 @@ func getEnvironmentVariables(role string, enabledPassword *bool, secretName *str
 				},
 			},
 		})
+		envVars = append(envVars, corev1.EnvVar{
+			Name: "REDISCLI_AUTH",
+			ValueFrom: &corev1.EnvVarSource{
+				SecretKeyRef: &corev1.SecretKeySelector{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: *secretName,
+					},
+					Key: *secretKey,
+				},
+			},
+		})
 	}
 	if persistenceEnabled != nil && *persistenceEnabled {
 		envVars = append(envVars, corev1.EnvVar{Name: "PERSISTENCE_ENABLED", Value: "true"})

diff --git a/k8sutils/statefulset_test.go b/k8sutils/statefulset_test.go
@@ -336,6 +336,14 @@ func TestGetEnvironmentVariables(t *testing.T) {
 						Key: "test-key",
 					},
 				}},
+				{Name: "REDISCLI_AUTH", ValueFrom: &corev1.EnvVarSource{
+					SecretKeyRef: &corev1.SecretKeySelector{
+						LocalObjectReference: corev1.LocalObjectReference{
+							Name: "test-secret",
+						},
+						Key: "test-key",
+					},
+				}},
 				{Name: "SERVER_MODE", Value: "cluster"},
 				{Name: "SETUP_MODE", Value: "cluster"},
 				{Name: "TEST_ENV", Value: "test-value"},