Added operator files

.github/workflows/docker-build-redis-server-image.yaml

@@ -0,0 +1,21 @@
+name: Build Docker Image for testing
+on:
+  workflow_dispatch:
+
+jobs:
+  build_scan_container_image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build multi-arch image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./operator/Dockerfile
+          platforms: linux/arm64,linux/amd64
+          push: false
+          tags: falkordb/redis-operator-server:latest

operator/Dockerfile

@@ -0,0 +1,9 @@
+FROM quay.io/opstree/redis:v7.0.15 AS redis
+
+FROM falkordb/falkordb:latest AS falkordb
+
+RUN apt update && apt install -y libstdc++6 libgomp1
+COPY --from=redis /usr/bin/entrypoint.sh /usr/bin/entrypoint.sh
+COPY --from=redis /node-conf /node-conf/
+COPY --from=redis /etc/redis/ /etc/redis/
+ENTRYPOINT [ "/usr/bin/entrypoint.sh" ]

operator/README.md

@@ -0,0 +1,22 @@
+### REDIS OPERATOR
+
+## Why ?
+- The number of maintainers of the project.
+- taking control of several deployment aspects that today only omnistrate has control of.
+- we dont have to create a separate sharding script.
+- we don't to create a rebalancer instance.
+- less manual configuration.
+
+## Features that are added/to be added:
+- [x] Now the operator supports the use of wild card with TLS certificates (*.namespace).
+- [ ] Working on adding host port for the pods (kubernetes) to allow direct communication using the port of the pod (kubernetes) and the public ip of the VM (node).
+- [ ] Fix the FLUSHALL command that causes the data loss when doing a helm uninstall and reinstall.
+
+## Important points/aspects of the operator to take into consideration:
+- [ ] TLS creation is going to be our responsibility.
+- [ ] We have to take care of the kubernetes services (operator only creates one that forwards to all pods).
+- [ ] The helm charts are not up to date, meaning adding some options to the values yaml are not reflected in the created CRD, we have to create the CRD and edit.
+- [ ] We have to override the Liveness and Readiness probes to fit our needs.
+- [ ] We have to take care of POD distribution in multizone and zone enforcement in singlezone.
+- [ ] Data loss when doing a helm uninstall due to the FLUSHALL command (temp fix: rename the command)
+- [ ] We still need a CRON job to issue a BGRWRITEAOF

operator/operator-example-standalone.yaml

@@ -0,0 +1,160 @@
+# yaml-language-server: $schema=https://api.omnistrate.cloud/2022-09-01-00/schema/service-spec-schema.json
+name: Redis Operator # Service Plan Name
+deployment:
+  hostedDeployment:
+    GcpProjectId: ""
+    GcpProjectNumber: ""
+    GcpServiceAccountEmail: "" 
+
+services:
+  - name: Standalone
+    network:
+      ports:
+        - 6379
+    endpointConfiguration:
+      cluster:
+        host: "$sys.network.externalClusterEndpoint"
+        ports:
+          - 6379
+        primary: true
+        networkingType: PUBLIC
+    operatorCRDConfiguration:
+      template: |
+        # Source: redis/templates/redis-standalone.yaml
+        apiVersion: redis.redis.opstreelabs.in/v1beta2
+        kind: Redis
+        metadata:
+          name:  standalone
+          labels:
+            app.kubernetes.io/name: standalone
+            helm.sh/chart: redis-0.16.5
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/instance: standalone
+            app.kubernetes.io/version: 0.16.5
+            app.kubernetes.io/component: middleware
+          annotations:
+
+        spec:
+          hostPort: 6379
+          kubernetesConfig:
+            image: "muhammadqadora/operator-cluster:1.1"
+            imagePullPolicy: "IfNotPresent"
+            resources: 
+              limits:
+                cpu: 400m
+                memory: 2Gi
+              requests:
+                cpu: 400m
+                memory: 400Mi
+            redisSecret:
+              name: "redis-password"
+              key: "password"
+
+          redisExporter:
+            enabled: false
+            image: "quay.io/opstree/redis-exporter:v1.44.0"
+            imagePullPolicy: "IfNotPresent"
+          redisConfig:
+            additionalRedisConfig: "standalone-ext-config"
+          storage: 
+            keepAfterDelete: false
+            volumeClaimTemplate:
+              spec:
+                accessModes:
+                - ReadWriteOnce
+                resources:
+                  requests:
+                    storage: 1Gi
+          podSecurityContext: 
+            fsGroup: 1000
+            runAsUser: 1000
+          env: 
+            - name: NODE_EXTERNAL_ENDPOINT
+              value: {{$sys.network.node.externalEndpoint}}
+          affinity: 
+            nodeAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                - matchExpressions:
+                  - key: omnistrate.com/managed-by
+                    operator: In
+                    values:
+                    - omnistrate
+                  - key: topology.kubernetes.io/region
+                    operator: In
+                    values:
+                    - {{$sys.deploymentCell.region}}
+                  - key: node.kubernetes.io/instance-type
+                    operator: In
+                    values:
+                    - {{$sys.compute.node.instanceType}}
+                  - key: omnistrate.com/resource
+                    operator: In
+                    values:
+                    - {{$sys.deployment.resourceID}}
+
+
+
+
+      supplementalFiles:
+        - |
+          apiVersion: v1
+          data:
+            password: ZmFsa29yZGI=
+          kind: Secret
+          metadata:
+            name: redis-password
+            namespace: {{$sys.id}}
+          type: Opaque
+
+        - |
+          # Source: redis/templates/extra-config.yaml
+          apiVersion: v1
+          kind: ConfigMap
+          metadata:
+            name: standalone-ext-config
+            namespace: {{$sys.id}}
+            labels:
+              app.kubernetes.io/name: standalone
+              helm.sh/chart: redis-0.16.5
+              app.kubernetes.io/managed-by: Helm
+              app.kubernetes.io/instance: standalone
+              app.kubernetes.io/version: 0.16.5
+              app.kubernetes.io/component: middleware
+          data:
+            redis-additional.conf: |
+              loadmodule /FalkorDB/bin/src/falkordb.so
+        - |
+          # Source: redis/templates/service.yaml
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: standalone-external-service
+            namespace: {{$sys.id}}
+            annotations:
+              external-dns.alpha.kubernetes.io/hostname: {{$sys.network.externalClusterEndpoint}}
+              external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP
+            labels:
+              app.kubernetes.io/name: standalone
+              helm.sh/chart: redis-0.16.5
+              app.kubernetes.io/managed-by: Helm
+              app.kubernetes.io/instance: standalone
+              app.kubernetes.io/version: 0.16.5
+              app.kubernetes.io/component: middleware
+          spec:
+            clusterIP: None
+            selector:
+              app: standalone
+              redis_setup_type: standalone
+              role: standalone
+            ports:
+              - protocol: TCP
+                port: 6379
+                targetPort: 6379
+                name: clients
+
+      helmChartDependencies:
+        - chartName: redis-operator
+          chartVersion: 0.19.2
+          chartRepoName: falkordb
+          chartRepoURL: "https://falkordb.github.io/helm-charts/"

operator/operatorValues.yaml

@@ -0,0 +1,87 @@
+---
+redisOperator:
+  name: redis-operator
+  imageName: muhammadqadora/operator-hostport #ghcr.io/ot-container-kit/redis-operator/redis-operator
+  # Overrides the image tag whose default is the chart appVersion.
+  imageTag: "4.0"
+  imagePullPolicy: Always
+  imagePullSecrets: []
+
+  # Additional pod annotations
+  podAnnotations: {}
+  # Additional Pod labels (e.g. for filtering Pod by custom labels)
+  podLabels: {}
+
+  # Additional arguments for redis-operator container
+  extraArgs: []
+  # When not specified, the operator will watch all namespaces. It can be set to a specific namespace or multiple namespaces separated by commas.
+  watchNamespace: ""
+  env: []
+  # If set to true, webhook server will be enabled for masterSlaveAntiAffinity feature
+  # When enabled, you need to either:
+  # 1. Enable cert-manager (certmanager.enabled=true) for automatic certificate management, or
+  # 2. Manually create a certificate secret (see "How to generate private key" section in README)
+  webhook: false
+  automountServiceAccountToken: true
+
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 500Mi
+  requests:
+    cpu: 500m
+    memory: 500Mi
+
+replicas: 1
+
+rbac:
+  enabled: true
+serviceAccountName: redis-operator
+
+serviceAccount:
+  automountServiceAccountToken: true
+
+service:
+  name: webhook-service
+  namespace: redis-operator
+
+certificate:
+  name: serving-cert
+  secretName: webhook-server-cert
+
+issuer:
+  type: selfSigned
+  name: redis-operator-issuer
+  email: [email protected]
+  server: https://acme-v02.api.letsencrypt.org/directory
+  privateKeySecretName: letsencrypt-prod
+  solver:
+    enabled: true
+    ingressClass: nginx
+
+certmanager:
+  # Whether to use cert-manager for certificate management
+  # Only effective when webhook=true
+  # If webhook=true and certmanager.enabled=false, you need to manually create certificate secret
+  enabled: false
+  # API version of the cert-manager CRDs
+  apiVersion: "cert-manager.io/v1"
+
+priorityClassName: ""
+nodeSelector: {}
+tolerateAllTaints: false
+tolerations: []
+affinity: {}
+
+podSecurityContext: {}
+#  fsGroup: 2000
+
+securityContext: {}
+#  capabilities:
+#    drop:
+#    - ALL
+#  readOnlyRootFilesystem: true
+#  runAsNonRoot: true
+#  runAsUser: 1000
+