From f0350a9747941a6b86016a55a785a8562d07105e Mon Sep 17 00:00:00 2001
From: muicoder <muicoder@gmail.com>
Date: Tue, 21 Feb 2023 15:01:29 +0800
Subject: [PATCH] Probe use built-in, discarded healthcheck.sh

Signed-off-by: muicoder <muicoder@gmail.com>
https://github.com/redis/redis/blob/unstable/TLS.md
---
 k8sutils/statefulset.go | 51 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 43 insertions(+), 8 deletions(-)

diff --git a/k8sutils/statefulset.go b/k8sutils/statefulset.go
index 280ef3c82..c162c5975 100644
--- a/k8sutils/statefulset.go
+++ b/k8sutils/statefulset.go
@@ -301,8 +301,8 @@ func generateContainerDef(name string, containerParams containerParameters, enab
 				containerParams.RedisExporterEnv,
 				containerParams.TLSConfig,
 			),
-			ReadinessProbe: getProbeInfo(containerParams.ReadinessProbe),
-			LivenessProbe:  getProbeInfo(containerParams.LivenessProbe),
+			ReadinessProbe: getProbeInfo(containerParams.Role, containerParams.ReadinessProbe, containerParams.TLSConfig),
+			LivenessProbe:  getProbeInfo(containerParams.Role, containerParams.LivenessProbe, containerParams.TLSConfig),
 			VolumeMounts:   getVolumeMount(name, containerParams.PersistenceEnabled, externalConfig, mountpath, containerParams.TLSConfig),
 		},
 	}
@@ -437,7 +437,45 @@ func getVolumeMount(name string, persistenceEnabled *bool, externalConfig *strin
 }
 
 // getProbeInfo generate probe for Redis StatefulSet
-func getProbeInfo(probe *redisv1beta1.Probe) *corev1.Probe {
+func getProbeInfo(role string, probe *redisv1beta1.Probe, tlsConfig *redisv1beta1.TLSConfig) *corev1.Probe {
+	probePort := redisPort
+	if role == "sentinel" {
+		probePort = sentinelPort
+	}
+
+	ProbeCommand := []string{
+		"redis-cli", "-p", strconv.Itoa(probePort),
+		"ping",
+	}
+
+	if tlsConfig != nil {
+		root := "/tls/"
+
+		// get and set Defaults
+		caCert := "ca.crt"
+		tlsCert := "tls.crt"
+		tlsCertKey := "tls.key"
+
+		if tlsConfig.CaKeyFile != "" {
+			caCert = tlsConfig.CaKeyFile
+		}
+		if tlsConfig.CertKeyFile != "" {
+			tlsCert = tlsConfig.CertKeyFile
+		}
+		if tlsConfig.KeyFile != "" {
+			tlsCertKey = tlsConfig.KeyFile
+		}
+
+		ProbeCommand = []string{
+			"redis-cli", "-p", strconv.Itoa(probePort),
+			"--tls",
+			"--cacert", path.Join(root, caCert),
+			"--cert", path.Join(root, tlsCert),
+			"--key", path.Join(root, tlsCertKey),
+			"ping",
+		}
+	}
+
 	return &corev1.Probe{
 		InitialDelaySeconds: probe.InitialDelaySeconds,
 		PeriodSeconds:       probe.PeriodSeconds,
@@ -446,10 +484,7 @@ func getProbeInfo(probe *redisv1beta1.Probe) *corev1.Probe {
 		SuccessThreshold:    probe.SuccessThreshold,
 		ProbeHandler: corev1.ProbeHandler{
 			Exec: &corev1.ExecAction{
-				Command: []string{
-					"bash",
-					"/usr/bin/healthcheck.sh",
-				},
+				Command: ProbeCommand,
 			},
 		},
 	}
@@ -508,7 +543,7 @@ func getEnvironmentVariables(role string, enabledMetric bool, enabledPassword *b
 		envVars = append(envVars, corev1.EnvVar{Name: "PERSISTENCE_ENABLED", Value: "true"})
 	}
 
-	if exporterEnvVar != nil {
+	if enabledMetric && exporterEnvVar != nil {
 		envVars = append(envVars, *exporterEnvVar...)
 	}
 	sort.SliceStable(envVars, func(i, j int) bool {