fix: add HA redis templates (#1284)

* fix: add HA templates and modify the code

* fix: namespace problems in UI

* doc: update documentation with storage considerations

* test: adjust free disk space on ui tests

* fix: run make render

* fix: liveness probe, blank lines in templates

* fix: run make render

* fix: add redis env variables to redis

* fix: set default resources to {} and add documentation

* fix: check both databases on redis ha

* fix: docs

Author: omrozowicz-splunk

.github/workflows/ci-ui-tests.yaml

@@ -48,6 +48,16 @@ jobs:
 
 
     steps:
+      - name: Free Disk Space
+        uses: jlumbroso/free-disk-space@main
+        with:
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: false
+          docker-images: false
+          swap-storage: false
+
       - name: Checkout Project
         uses: actions/checkout@v4
 

Dockerfile

@@ -24,7 +24,9 @@ FROM base AS final
 
 RUN mkdir /.pysnmp && chown 10001:10001 /.pysnmp
 RUN chown 10001:10001 /tmp
-USER 10001:10001
 COPY --from=builder /app/.venv /app/.venv
-COPY entrypoint.sh ./
-ENTRYPOINT ["./entrypoint.sh"]
+COPY entrypoint.sh /app/entrypoint.sh
+COPY construct-redis-url.sh /app/construct-redis-url.sh
+RUN chmod +x /app/construct-redis-url.sh /app/entrypoint.sh
+USER 10001:10001
+ENTRYPOINT ["/app/entrypoint.sh"]

charts/splunk-connect-for-snmp/templates/_helpers.tpl

@@ -94,4 +94,63 @@ Whether enable polling
 {{- else }}
 {{- printf "false" }}
 {{- end -}}
-{{- end }}
+{{- end }}
+
+{{- /*
+Generate Redis environment variables for application pods
+*/ -}}
+{{- define "splunk-connect-for-snmp.redis-env" -}}
+{{- if eq .Values.redis.architecture "replication" -}}
+- name: REDIS_MODE
+  value: "replication"
+- name: REDIS_SENTINEL_SERVICE
+  value: {{ .Release.Name }}-redis-sentinel
+- name: REDIS_HEADLESS_SERVICE
+  value: {{ .Release.Name }}-redis-headless
+- name: NAMESPACE
+  value: {{ .Release.Namespace }}
+- name: REDIS_SENTINEL_REPLICAS
+  value: {{ .Values.redis.sentinel.replicas | quote }}
+- name: REDIS_SENTINEL_PORT
+  value: "26379"
+- name: REDIS_MASTER_NAME
+  value: mymaster
+{{- else -}}
+- name: REDIS_MODE
+  value: "standalone"
+- name: REDIS_HOST
+  value: {{ .Release.Name }}-redis
+- name: REDIS_PORT
+  value: "6379"
+{{- end }}
+- name: REDIS_DB
+  value: "1"
+- name: CELERY_DB
+  value: "0"
+{{- if .Values.redis.auth.enabled }}
+- name: REDIS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      {{- if .Values.redis.auth.existingSecret }}
+      name: {{ .Values.redis.auth.existingSecret }}
+      key: {{ .Values.redis.auth.existingSecretPasswordKey | default "password" }}
+      {{- else }}
+      name: {{ .Release.Name }}-redis-secret
+      key: password
+      {{- end }}
+{{- end -}}
+{{- end -}}
+
+{{- /*
+Generate Redis environment variables for application pods
+*/ -}}
+{{- define "splunk-connect-for-snmp.redis-annotations" -}}
+{{- if eq .Values.redis.architecture "replication" -}}
+checksum/redis-config: {{ include (print $.Template.BasePath "/redis/redis-ha-config.yaml") . | sha256sum }}
+{{- else -}}
+checksum/redis-config: {{ include (print $.Template.BasePath "/redis/redis-config.yaml") . | sha256sum }}
+{{- end -}}
+{{- if .Values.redis.auth.enabled }}
+checksum/redis-secret: {{ include (print $.Template.BasePath "/redis/redis-secret.yaml") . | sha256sum }}
+{{- end -}}
+{{- end -}}

charts/splunk-connect-for-snmp/templates/inventory/job.yaml

@@ -9,11 +9,11 @@ spec:
   ttlSecondsAfterFinished: 300
   template:
     metadata:
-      {{- with .Values.inventory.podAnnotations }}
-      annotations:      
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-
+      annotations:
+        {{- include "splunk-connect-for-snmp.redis-annotations" . | nindent 8 }}
+        {{- with .Values.inventory.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
         {{- include "splunk-connect-for-snmp.inventory.selectorLabels" . | nindent 8 }}
     spec:
@@ -30,26 +30,7 @@ spec:
           env:
           - name: CONFIG_PATH
             value: /app/config/config.yaml
-        {{- if .Values.redis.auth.enabled }}
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                {{- if .Values.redis.auth.existingSecret }}
-                name: {{ .Values.redis.auth.existingSecret }}
-                key: {{ .Values.redis.auth.existingSecretPasswordKey | default "password" }}
-                {{- else }}
-                name: {{ .Release.Name }}-redis-secret
-                key: password
-                {{- end }}
-          {{- end }}
-          - name: REDIS_HOST
-            value: {{ .Release.Name }}-redis
-          - name: REDIS_PORT
-            value: "6379"
-          - name: REDIS_DB
-            value: "1"
-          - name: CELERY_DB
-            value: "0"
+          {{- include "splunk-connect-for-snmp.redis-env" . | nindent 10 }}
           - name: INVENTORY_PATH
             value: /app/inventory/inventory.csv
           - name: MONGO_URI

charts/splunk-connect-for-snmp/templates/redis/redis-ha-config.yaml

@@ -0,0 +1,32 @@
+{{- if eq .Values.redis.architecture "replication" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-redis-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Release.Name }}-redis
+data:
+  redis.conf: |
+    dir /data
+
+    # Persistence
+    save 900 1
+    save 300 10
+    save 60 10000
+
+    {{- if .Values.redis.persistence.aof.enabled }}
+    appendonly yes
+    appendfsync {{ .Values.redis.persistence.aof.fsync | default "everysec" }}
+    {{- end }}
+
+    # Replication
+    min-replicas-to-write 1
+    min-replicas-max-lag 10
+
+    loglevel notice
+    maxmemory-policy noeviction
+    bind 0.0.0.0
+    protected-mode no
+    port 6379
+{{- end }}

charts/splunk-connect-for-snmp/templates/redis/redis-ha-service.yaml

@@ -0,0 +1,32 @@
+{{- if eq .Values.redis.architecture "replication" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-redis
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Release.Name }}-redis
+spec:
+  type: ClusterIP
+  ports:
+  - port: 6379
+    targetPort: 6379
+    name: redis
+  selector:
+    app: {{ .Release.Name }}-redis
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-redis-headless
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Release.Name }}-redis
+spec:
+  clusterIP: None
+  ports:
+  - port: 6379
+    name: redis
+  selector:
+    app: {{ .Release.Name }}-redis
+{{- end }}

charts/splunk-connect-for-snmp/templates/redis/redis-ha-statefulset.yaml

@@ -0,0 +1,168 @@
+{{- if eq .Values.redis.architecture "replication" }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Release.Name }}-redis-ha
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Release.Name }}-redis
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: database
+spec:
+  serviceName: {{ .Release.Name }}-redis-headless
+  replicas: {{ .Values.redis.replicas | default 3 }}
+  podManagementPolicy: Parallel
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-redis
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-redis
+      annotations:
+        {{- include "splunk-connect-for-snmp.redis-annotations" . | nindent 8 }}
+    spec:
+      {{- with .Values.redis.podSecurityContext }}
+      securityContext:
+        runAsUser: {{ .runAsUser }}
+        fsGroup: {{ .fsGroup }}
+      {{- end }}
+      {{- if .Values.redis.storage.enabled }}
+      initContainers:
+      - name: fix-permissions
+        image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
+        imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
+        command:
+        - sh
+        - -c
+        - |
+          echo "Fixing permissions on /data..."
+          chown -R {{ .Values.redis.podSecurityContext.runAsUser }}:{{ .Values.redis.podSecurityContext.fsGroup }} /data
+          chmod -R 755 /data
+          ls -ln /data
+        volumeMounts:
+        - name: redis-data
+          mountPath: /data
+        securityContext:
+          runAsUser: 0
+      {{- end }}
+      containers:
+      - name: redis
+        image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
+        imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
+        ports:
+        - containerPort: 6379
+          name: redis
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        {{- if .Values.redis.auth.enabled }}
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              {{- if .Values.redis.auth.existingSecret }}
+              name: {{ .Values.redis.auth.existingSecret }}
+              key: {{ .Values.redis.auth.existingSecretPasswordKey | default "password" }}
+              {{- else }}
+              name: {{ .Release.Name }}-redis-secret
+              key: password
+              {{- end }}
+        {{- end }}
+        command:
+        - sh
+        - -c
+        args:
+        - |
+          cp /etc/redis/redis.conf /tmp/redis.conf
+
+          {{- if .Values.redis.auth.enabled }}
+          echo "requirepass $REDIS_PASSWORD" >> /tmp/redis.conf
+          echo "masterauth $REDIS_PASSWORD" >> /tmp/redis.conf
+          {{- end }}
+
+          # Announce pod IP for Sentinel
+          echo "replica-announce-ip $POD_IP" >> /tmp/redis.conf
+          echo "replica-announce-port 6379" >> /tmp/redis.conf
+
+          # Start Redis
+          # Sentinel will handle promotion - all start as replicas initially
+          HOSTNAME=$(hostname)
+          MASTER_NAME="{{ .Release.Name }}-redis-ha-0"
+          MASTER_HOST="$MASTER_NAME.{{ .Release.Name }}-redis-headless"
+
+          if [ "$HOSTNAME" = "$MASTER_NAME" ]; then
+            echo "Starting as master"
+          else
+            echo "replicaof $MASTER_HOST 6379" >> /tmp/redis.conf
+            echo "Starting as replica of $MASTER_HOST"
+          fi
+
+          exec redis-server /tmp/redis.conf
+        volumeMounts:
+        {{- if .Values.redis.storage.enabled }}
+        - name: redis-data
+          mountPath: /data
+        {{- end }}
+        - name: redis-config
+          mountPath: /etc/redis
+        resources:
+          {{- toYaml .Values.redis.resources | nindent 10 }}
+        {{- if .Values.redis.livenessProbe.enabled | default true }}
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - |
+              {{- if .Values.redis.auth.enabled }}
+              redis-cli -a "$REDIS_PASSWORD" ping
+              {{- else }}
+              redis-cli ping
+              {{- end }}
+          initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds | default 30 }}
+          periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds | default 10 }}
+          timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds | default 5 }}
+          failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold | default 3 }}
+        {{- end }}
+        {{- if .Values.redis.readinessProbe.enabled | default true }}
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - |
+              {{- if .Values.redis.auth.enabled }}
+              redis-cli -a "$REDIS_PASSWORD" ping
+              {{- else }}
+              redis-cli ping
+              {{- end }}
+          initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds | default 5 }}
+          periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds | default 5 }}
+          timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds | default 3 }}
+          failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold | default 3 }}
+        {{- end }}
+      volumes:
+      - name: redis-config
+        configMap:
+          name: {{ .Release.Name }}-redis-config
+      {{- if not .Values.redis.storage.enabled }}
+      - name: redis-data
+        emptyDir: {}
+      {{- end }}
+  {{- if .Values.redis.storage.enabled }}
+  volumeClaimTemplates:
+  - metadata:
+      name: redis-data
+    spec:
+      accessModes: {{ toYaml .Values.redis.storage.accessModes | nindent 8 }}
+      {{- if .Values.redis.storage.storageClassName }}
+      storageClassName: {{ .Values.redis.storage.storageClassName }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.redis.storage.size }}
+  {{- end }}
+{{- end }}