Initial commit

devops/helm/redis-cluster/.helmignore

@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# img folder
+img/
+# Changelog
+CHANGELOG.md

devops/helm/redis-cluster/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 2.29.0
+digest: sha256:c0ac22dea12ebe35613a1fbde2d9ffcf913c40dc688139f10914db942f2dab13
+generated: "2025-01-07T17:38:40.910393031Z"

devops/helm/redis-cluster/Chart.yaml

@@ -0,0 +1,35 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+annotations:
+  category: Database
+  licenses: Apache-2.0
+  images: |
+    - name: os-shell
+      image: docker.io/bitnami/os-shell:12-debian-12-r34
+    - name: redis-cluster
+      image: docker.io/bitnami/redis-cluster:7.4.2-debian-12-r0
+    - name: redis-exporter
+      image: docker.io/bitnami/redis-exporter:1.67.0-debian-12-r0
+apiVersion: v2
+appVersion: 7.4.2
+dependencies:
+- name: common
+  repository: oci://registry-1.docker.io/bitnamicharts
+  tags:
+  - bitnami-common
+  version: 2.x.x
+description: Redis(R) is an open source, scalable, distributed in-memory cache for applications. It can be used to store and serve data in the form of strings, hashes, lists, sets and sorted sets.
+home: https://bitnami.com
+icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png
+keywords:
+- redis
+- keyvalue
+- database
+maintainers:
+- name: Broadcom, Inc. All Rights Reserved.
+  url: https://github.com/bitnami/charts
+name: redis-cluster
+sources:
+- https://github.com/bitnami/charts/tree/main/bitnami/redis-cluster
+version: 11.4.1

devops/helm/redis-cluster/templates/NOTES.txt

@@ -0,0 +1,122 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.
+
+{{- $secretName := include "redis-cluster.secretName" . -}}
+{{- $secretPasswordKey := include "redis-cluster.secretPasswordKey" . -}}
+
+** Please be patient while the chart is being deployed **
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+  command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+  args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+  kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+  kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
+
+In order to replicate the container startup scripts execute this command:
+
+    /opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh
+
+{{- else }}
+
+{{ if .Values.usePassword }}
+To get your password run:
+    {{ include "common.utils.secret.getvalue" (dict "secret" $secretName "field" $secretPasswordKey "context" $) }}
+{{- end }}
+
+{{- if .Values.cluster.externalAccess.enabled }}
+
+To connect to your Redis&reg; server from outside the cluster check the following information:
+
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
+
+    You will have a different external IP for each Redis&reg; node. Get the external ip from `-external` suffixed services: `kubectl get svc`.
+    Redis&reg; port: {{ .Values.cluster.externalAccess.service.port }}
+
+    {{- if not .Values.cluster.externalAccess.service.loadBalancerIP }}
+    Once the LoadBalancerIPs are ready, you need to provide them and perform a Helm Upgrade:
+
+    helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set "cluster.externalAccess.enabled=true,cluster.externalAccess.service.type=LoadBalancer{{- $root := . }}{{ $count := .Values.cluster.nodes | int }}{{ range $i, $v := until $count }},cluster.externalAccess.service.loadBalancerIP[{{ $i }}]=load-balancerip-{{- $i }}{{- end }}" oci://registry-1.docker.io/bitnamicharts/redis-cluster
+    Where loadbalancer-ip-i are the LoadBalancerIPs provided by the cluster.
+    {{- else -}}
+    {{- if .Values.cluster.init -}}
+    INFO: The Job to create the cluster will be created.
+    {{- end -}}
+
+    To connect to your database from outside the cluster execute the following commands:
+
+    export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }}-0-svc --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    redis-cli -c -h $SERVICE_IP -p {{ .Values.service.ports.redis }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+    {{- end }}
+
+{{- else }}
+
+You have deployed a Redis&reg; Cluster accessible only from within you Kubernetes Cluster.
+
+{{- if .Values.cluster.init -}}
+INFO: The Job to create the cluster will be created.
+{{- end -}}
+
+To connect to your Redis&reg; cluster:
+
+1. Run a Redis&reg; pod that you can use as a client:
+
+{{- if .Values.tls.enabled }}
+   kubectl run --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }}-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image {{ template "redis-cluster.image" . }} --command -- sleep infinity
+
+   Copy your TLS certificates to the pod:
+
+   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert {{ template "common.names.fullname" . }}-client:/tmp/client.cert
+   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key {{ template "common.names.fullname" . }}-client:/tmp/client.key
+   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert {{ template "common.names.fullname" . }}-client:/tmp/CA.cert
+
+   Use the following command to attach to the pod:
+
+   kubectl exec --tty -i {{ template "common.names.fullname" . }}-client \
+   {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
+   --namespace {{ include "common.names.namespace" . }} -- bash
+{{- else }}
+kubectl run --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \
+{{ if .Values.usePassword }} --env REDIS_PASSWORD=$REDIS_PASSWORD \{{ end }}
+{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
+--image {{ template "redis-cluster.image" . }} -- bash
+{{- end }}
+
+2. Connect using the Redis&reg; CLI:
+
+redis-cli -c -h {{ template "common.names.fullname" . }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+
+{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
+Note: Since NetworkPolicy is enabled, only pods with label
+{{ template "common.names.fullname" . }}-client=true"
+will be able to connect to redis.
+{{- end -}}
+{{- end -}}
+
+{{- include "redis-cluster.validateValues" . }}
+{{- include "redis-cluster.checkRollingTags" . }}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
+{{- include "common.warnings.rollingTag" .Values.sysctlImage }}
+
+{{- if and .Values.usePassword (not .Values.existingSecret) -}}
+
+  {{- $requiredPassword := dict "valueKey" "password" "secret" $secretName "field" $secretPasswordKey "context" $ -}}
+  {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
+
+  {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredPasswordError) "context" $) -}}
+{{- end -}}
+{{- end }}
+{{- include "common.warnings.resources" (dict "sections" (list "metrics" "redis" "sysctlImage" "updateJob" "volumePermissions") "context" $) }}
+{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.sysctlImage) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.sysctlImage) "context" $) }}