From e3e4c238e271f02eee5019f309ec489185245dea Mon Sep 17 00:00:00 2001 From: guru-aot Date: Thu, 30 Jan 2025 16:06:01 -0700 Subject: [PATCH 1/6] Initial commit --- .github/workflows/env-setup-delete-redis.yml | 36 --- .github/workflows/env-setup-deploy-redis.yml | 40 ---- .../env-setup-init-redis-cluster-redis.yml | 36 --- .../workflows/env-setup-redis-recovery.yml | 40 ---- .github/workflows/env-setup-sysdig-teams.yml | 2 +- devops/Makefile | 26 -- devops/openshift/database/redis-ha-deploy.yml | 222 ------------------ devops/openshift/database/redis-secrets.yml | 60 ----- 8 files changed, 1 insertion(+), 461 deletions(-) delete mode 100644 .github/workflows/env-setup-delete-redis.yml delete mode 100644 .github/workflows/env-setup-deploy-redis.yml delete mode 100644 .github/workflows/env-setup-init-redis-cluster-redis.yml delete mode 100644 .github/workflows/env-setup-redis-recovery.yml delete mode 100644 devops/openshift/database/redis-ha-deploy.yml delete mode 100644 devops/openshift/database/redis-secrets.yml diff --git a/.github/workflows/env-setup-delete-redis.yml b/.github/workflows/env-setup-delete-redis.yml deleted file mode 100644 index 54c5e1aac2..0000000000 --- a/.github/workflows/env-setup-delete-redis.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Env Setup - Delete Redis in Openshift -run-name: Env Setup - Delete Redis in Openshift from ${{ inputs.environment }} using ${{ github.ref_name }} - -concurrency: redis-setup - -on: - workflow_dispatch: - inputs: - environment: - description: "Environment" - required: true - type: environment - -jobs: - deleteRedis: - name: Delete Redis in Openshift - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - env: - NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} - steps: - - name: Checkout Target Branch - uses: actions/checkout@v4 - with: - ref: ${{ github.ref_name }} - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - name: Log in to OpenShift - run: | - oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} - - name: Delete Redis - working-directory: "./devops/" - run: | - make delete-redis diff --git a/.github/workflows/env-setup-deploy-redis.yml b/.github/workflows/env-setup-deploy-redis.yml deleted file mode 100644 index 909918b7c1..0000000000 --- a/.github/workflows/env-setup-deploy-redis.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Env Setup - Deploy Redis in Openshift -run-name: Env Setup - Deploy Redis in Openshift from ${{ github.ref_name }} to ${{ inputs.environment }} - -concurrency: redis-setup - -on: - workflow_dispatch: - inputs: - environment: - description: "Environment" - required: true - type: environment - -jobs: - deployRedis: - name: Deploy Redis in Openshift - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - env: - NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} - steps: - - name: Checkout Target Branch - uses: actions/checkout@v4 - with: - ref: ${{ github.ref_name }} - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - name: Log in to OpenShift - run: | - oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} - - name: Init Redis - working-directory: "./devops/" - run: | - make init-redis - - name: Deploy Redis - working-directory: "./devops/" - run: | - make deploy-redis diff --git a/.github/workflows/env-setup-init-redis-cluster-redis.yml b/.github/workflows/env-setup-init-redis-cluster-redis.yml deleted file mode 100644 index 9c29928449..0000000000 --- a/.github/workflows/env-setup-init-redis-cluster-redis.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Env Setup - Initialize Redis Cluster in Openshift -run-name: Env Setup - Initialize Redis Cluster in Openshift from ${{ github.ref_name }} to ${{ inputs.environment }} - -concurrency: redis-setup - -on: - workflow_dispatch: - inputs: - environment: - description: "Environment" - required: true - type: environment - -jobs: - initRedisCluster: - name: Init Redis Cluster in Openshift - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - env: - NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} - steps: - - name: Checkout Target Branch - uses: actions/checkout@v4 - with: - ref: ${{ github.ref_name }} - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - name: Log in to OpenShift - run: | - oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} - - name: Init Redis Cluster - working-directory: "./devops/" - run: | - echo "yes" |make init-redis-cluster diff --git a/.github/workflows/env-setup-redis-recovery.yml b/.github/workflows/env-setup-redis-recovery.yml deleted file mode 100644 index 0ca66e3ff0..0000000000 --- a/.github/workflows/env-setup-redis-recovery.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Env Setup - Redis recovery in Openshift -run-name: Env Setup - Redis recovery in Openshift from ${{ inputs.gitRef }} to ${{ inputs.environment }} - -concurrency: redis-setup - -on: - workflow_dispatch: - inputs: - environment: - description: "Environment" - required: true - type: environment - gitRef: - description: "Build Ref" - required: true - default: "" - -jobs: - recoverRedis: - name: Redis recovery in Openshift - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - env: - NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} - steps: - - name: Checkout Target Branch - uses: actions/checkout@v4 - with: - ref: ${{ inputs.gitRef }} - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - name: Log in to OpenShift - run: | - oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} - - name: Redis cluster meet - working-directory: "./devops/" - run: | - make redis-cluster-meet diff --git a/.github/workflows/env-setup-sysdig-teams.yml b/.github/workflows/env-setup-sysdig-teams.yml index 3c4948b5fc..1058fa0b4a 100644 --- a/.github/workflows/env-setup-sysdig-teams.yml +++ b/.github/workflows/env-setup-sysdig-teams.yml @@ -22,7 +22,7 @@ jobs: - name: Log in to OpenShift run: | oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} - - name: Delete Redis + - name: Updating Sysdig Team working-directory: "./devops/" run: | make update-sysdig-team diff --git a/devops/Makefile b/devops/Makefile index 0f4abbf9fd..7804950ac9 100644 --- a/devops/Makefile +++ b/devops/Makefile @@ -19,7 +19,6 @@ export IS_FULLTIME_ALLOWED := $(or $(IS_FULLTIME_ALLOWED), false) export BYPASS_APPLICATION_SUBMIT_VALIDATIONS := $(or $(BYPASS_APPLICATION_SUBMIT_VALIDATIONS), false) export SWAGGER_ENABLED := $(or ${SWAGGER_ENABLED}, true) export APPLICATION_ARCHIVE_DAYS := $(or ${APPLICATION_ARCHIVE_DAYS}, 43) -export REDIS_PORT := $(or ${REDIS_PORT}, 6379) export CLAMAV_PORT := $(or ${CLAMAV_PORT}, 3310) export API_PORT := $(or ${API_PORT}, 7070) export QUEUE_CONSUMERS_PORT := $(or ${QUEUE_CONSUMERS_PORT}, 7000) @@ -273,26 +272,6 @@ build-web: @oc -n $(BUILD_NAMESPACE) process -f $(BUILD_TEMPLATE_PATH) -p TAG=$(BUILD_REF) -p SOURCE_REPOSITORY_REF=$(BUILD_REF) -p SOURCE_CONTEXT_DIR=$(SOURCE_CONTEXT_DIR)web -p NAME=$(WEB_BUILD_REF) | oc -n $(BUILD_NAMESPACE) apply -f - @oc -n $(BUILD_NAMESPACE) start-build bc/$(WEB_BUILD_REF) --wait -init-redis: - @echo "++\n Init Redis in $(NAMESPACE) \n++" - @oc -n $(NAMESPACE) process -f openshift/database/redis-secrets.yml | oc -n $(NAMESPACE) apply -f - - -deploy-redis: - @oc -n $(NAMESPACE) process -f openshift/database/redis-ha-deploy.yml -p IMAGE_NAME="redis" -p IMAGE_TAG="6.2.7-alpine" -p IMAGE_REGISTRY="artifacts.developer.gov.bc.ca/docker-remote" | oc -n $(NAMESPACE) apply -f - - -# Command to initialize the redis cluster. -# Make sure that all the redis pods are up and running before initializing the cluster. -init-redis-cluster: - REDIS_PASSWORD=$$(oc get secret -n $(NAMESPACE) redis-creds -o jsonpath='{.data.password}' | base64 -d); \ - REDIS_NODES=$$(oc get pods -n $(NAMESPACE) -l app=redis -o jsonpath='{range .items[*]}{.status.podIP}:$(REDIS_PORT) ' | sed 's/ :$(REDIS_PORT) $$/ /'); \ - oc exec -n $(NAMESPACE) -it redis-0 -- redis-cli -a $$REDIS_PASSWORD --cluster create $$REDIS_NODES --cluster-replicas 1 - -# Command to tell one Redis node to connect to another node and join the cluster. -# This is typically done when you are setting up a Redis Cluster or adding new nodes to an existing cluster to ensure they are aware of each other and can communicate effectively. -redis-cluster-meet: - REDIS_PASSWORD=$$(oc get secret -n $(NAMESPACE) redis-creds -o jsonpath='{.data.password}' | base64 -d); \ - oc get pods -n $(NAMESPACE) -l app=redis -o jsonpath='{range.items[*]}{.status.podIP} $(REDIS_PORT) {end}' | xargs -n2 oc exec -n $(NAMESPACE) -it redis-0 -- redis-cli -a $$REDIS_PASSWORD -c CLUSTER MEET - run-db-migrations: test -n "$(NAMESPACE)" test -n "$(BUILD_NAMESPACE)" @@ -514,11 +493,6 @@ deploy-forms: | oc -n $(NAMESPACE) apply -f - $(call rollout_and_wait,deployment/$(FORMS_NAME)) -# Remove redis and resources including secrets from openshift namespace. -delete-redis: - @echo "+\n++ Removing redis and resources on $(NAMESPACE)\n+" - @oc delete -n $(NAMESPACE) all,rc,svc,dc,route,pvc,secret,configmap,sa -l app=redis - update-sysdig-team: @echo "Updating Sysdig Team for license plate 0c27fb.\n" @oc project 0c27fb-tools diff --git a/devops/openshift/database/redis-ha-deploy.yml b/devops/openshift/database/redis-ha-deploy.yml deleted file mode 100644 index 8007dbbeb8..0000000000 --- a/devops/openshift/database/redis-ha-deploy.yml +++ /dev/null @@ -1,222 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - annotations: - description: Redis in Cluster mode, with persistent storage. - tags: redis - name: ${NAME} -labels: - app: ${NAME} - template: ${NAME} -objects: - - apiVersion: v1 - kind: ConfigMap - metadata: - name: ${NAME} - labels: - app: ${NAME} - data: - update-ip.sh: | - #!/bin/sh - CLUSTER_CONFIG="/data/nodes.conf" - if [ -f $CLUSTER_CONFIG ]; then - if [ -z "$POD_IP" ]; then - echo "Unable to determine Pod IP address!" - exit 1 - fi - echo "Updating my IP to $POD_IP in $CLUSTER_CONFIG" - sed -i.bak -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/$POD_IP/" ${CLUSTER_CONFIG} - fi - exec "$@" - - apiVersion: v1 - kind: Service - metadata: - name: ${NAME} - spec: - ports: - - name: client - port: ${{REDIS_PORT}} - targetPort: ${{REDIS_PORT}} - - name: gossip - port: ${{REDIS_BUS_PORT}} - targetPort: ${{REDIS_BUS_PORT}} - selector: - app: ${NAME} - - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: ${NAME} - labels: - app: ${NAME} - app.kubernetes.io/part-of: "shared_database" - spec: - replicas: ${{REPLICAS}} - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ${NAME} - serviceName: ${NAME} - template: - metadata: - labels: - app: ${NAME} - spec: - imagePullSecrets: - - name: artifactory-creds - containers: - - name: ${NAME} - image: ${IMAGE_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} - imagePullPolicy: IfNotPresent - command: - - /script/update-ip.sh - - redis-server - - /conf/redis.conf - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: REDISCLI_AUTH - valueFrom: - secretKeyRef: - key: password - name: ${NAME}-creds - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - redis-cli -h $HOSTNAME shutdown save - livenessProbe: - exec: - command: - - /bin/sh - - -c - - test "$(redis-cli -h $HOSTNAME ping)" == "PONG" - initialDelaySeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - ports: - - containerPort: ${{REDIS_PORT}} - name: client - - containerPort: ${{REDIS_BUS_PORT}} - name: gossip - readinessProbe: - exec: - command: - - /bin/sh - - -c - - test "$(redis-cli -h $HOSTNAME ping)" == "PONG" - initialDelaySeconds: 15 - timeoutSeconds: 1 - failureThreshold: 3 - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - volumeMounts: - - name: conf - mountPath: /conf - readOnly: false - - name: data - mountPath: /data - readOnly: false - - name: script - mountPath: /script - readOnly: false - volumes: - - name: conf - secret: - secretName: ${NAME}-creds - - name: script - configMap: - name: ${NAME} - defaultMode: 0755 - volumeClaimTemplates: - - metadata: - name: data - labels: - app: ${NAME} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: ${PVC_SIZE} - storageClassName: ${STORAGE_CLASS} - - apiVersion: policy/v1 - kind: PodDisruptionBudget - metadata: - name: ${NAME}-pdb - spec: - selector: - matchLabels: - app: ${NAME} - maxUnavailable: 2 -parameters: - - name: NAME - description: The name of the application for labelling all artifacts. - displayName: Application Name - required: true - value: redis - - name: REPLICAS - description: The number of StatefulSet replicas to use. - displayName: Replicas - required: true - value: "6" - - name: IMAGE_REGISTRY - description: The base docker registry - displayName: Docker Image Registry - required: true - - name: IMAGE_NAME - description: Redis Image Name - displayName: Image Name - required: true - - name: IMAGE_TAG - description: Redis Image Tag - displayName: Image Tag - required: true - - name: CPU_REQUEST - description: Starting amount of CPU the container can use. - displayName: CPU Request - required: true - value: 25m - - name: CPU_LIMIT - description: Maximum amount of CPU the container can use. - displayName: CPU Limit - required: true - value: 100m - - name: MEMORY_REQUEST - description: Starting amount of memory the container can use. - displayName: Memory Request - required: true - value: 256Mi - - name: MEMORY_LIMIT - description: Maximum amount of memory the container can use. - displayName: Memory Limit - required: true - value: 256Mi - - name: PVC_SIZE - description: The size of the persistent volume to create. - displayName: Persistent Volume Size - required: true - value: 1Gi - - name: STORAGE_CLASS - description: The type of the persistent volume to create. - displayName: Persistent Volume Class - required: true - value: netapp-file-standard - - name: REDIS_PORT - description: Redis port. - displayName: Redis client port. - required: true - value: "6379" - - name: REDIS_BUS_PORT - description: Redis cluster bus port. - displayName: Redis cluster bus port used for node to node communication. - required: true - value: "16379" diff --git a/devops/openshift/database/redis-secrets.yml b/devops/openshift/database/redis-secrets.yml deleted file mode 100644 index 364013de50..0000000000 --- a/devops/openshift/database/redis-secrets.yml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: ${NAME}-creds -labels: - app: ${NAME} - template: ${NAME}-creds -objects: - - apiVersion: v1 - kind: Secret - metadata: - name: ${NAME}-creds - stringData: - clustermode: ${CLUSTER_ENABLED} - password: ${REDIS_PASSWORD} - redis.conf: | - cluster-enabled ${CLUSTER_ENABLED} - cluster-require-full-coverage no - cluster-node-timeout ${CLUSTER_NODE_TIMEOUT} - cluster-config-file /data/nodes.conf - cluster-migration-barrier 1 - masterauth ${REDIS_PASSWORD} - masteruser default - appendonly ${APPEND_ONLY} - appendfsync ${APPEND_ONLY_FSYNC} - protected-mode no - requirepass ${REDIS_PASSWORD} - type: Opaque -parameters: - - name: NAME - description: The name of the application for labelling all artifacts. - displayName: Application Name - required: true - value: redis - - name: APPEND_ONLY - description: The file format mode that Redis will save in (no for RDB, yes for AOF) - displayName: Redis Persistence Mode - required: true - value: "yes" - - name: APPEND_ONLY_FSYNC - description: The fsync policy of AOF(Append only file). - displayName: Redis - required: true - value: always - - name: CLUSTER_ENABLED - description: The file format mode that Redis will save in (no for RDB, yes for AOF) - displayName: Redis Persistence Mode - required: true - value: "yes" - - name: CLUSTER_NODE_TIMEOUT - description: Cluster node timeout. - displayName: Cluster node timeout in milliseconds. - required: true - value: "15000" - - name: REDIS_PASSWORD - description: Redis password - displayName: Redis password - generate: expression - from: "[a-zA-Z0-9]{32}" - required: true From 62f8005f274dccd0ea8df5ee2fbd7f41c44ae671 Mon Sep 17 00:00:00 2001 From: guru-aot Date: Thu, 30 Jan 2025 16:23:32 -0700 Subject: [PATCH 2/6] updated --- .../helm/redis-cluster/values-0c27fb-dev.yaml | 51 ++++++++++--------- .../redis-cluster/values-0c27fb-prod.yaml | 51 ++++++++++--------- .../redis-cluster/values-0c27fb-test.yaml | 51 ++++++++++--------- .../helm/redis-cluster/values-a6ef19-dev.yaml | 21 ++++---- .../redis-cluster/values-a6ef19-prod.yaml | 51 ++++++++++--------- .../redis-cluster/values-a6ef19-test.yaml | 51 ++++++++++--------- 6 files changed, 147 insertions(+), 129 deletions(-) diff --git a/devops/helm/redis-cluster/values-0c27fb-dev.yaml b/devops/helm/redis-cluster/values-0c27fb-dev.yaml index 5bfbc821f0..2d35ffb2ea 100644 --- a/devops/helm/redis-cluster/values-0c27fb-dev.yaml +++ b/devops/helm/redis-cluster/values-0c27fb-dev.yaml @@ -1,40 +1,43 @@ +persistence: + size: 1Gi + volumePermissions: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 250m - # memory: 512Mi - # limits: - # cpu: 100m - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 1024Mi + limits: + cpu: 500m + memory: 1024Mi # resources: {} redis: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param redis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} ## Cluster update job settings updateJob: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-0c27fb-prod.yaml b/devops/helm/redis-cluster/values-0c27fb-prod.yaml index 5bfbc821f0..2d35ffb2ea 100644 --- a/devops/helm/redis-cluster/values-0c27fb-prod.yaml +++ b/devops/helm/redis-cluster/values-0c27fb-prod.yaml @@ -1,40 +1,43 @@ +persistence: + size: 1Gi + volumePermissions: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 250m - # memory: 512Mi - # limits: - # cpu: 100m - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 1024Mi + limits: + cpu: 500m + memory: 1024Mi # resources: {} redis: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param redis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} ## Cluster update job settings updateJob: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-0c27fb-test.yaml b/devops/helm/redis-cluster/values-0c27fb-test.yaml index 5bfbc821f0..2d35ffb2ea 100644 --- a/devops/helm/redis-cluster/values-0c27fb-test.yaml +++ b/devops/helm/redis-cluster/values-0c27fb-test.yaml @@ -1,40 +1,43 @@ +persistence: + size: 1Gi + volumePermissions: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 250m - # memory: 512Mi - # limits: - # cpu: 100m - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 1024Mi + limits: + cpu: 500m + memory: 1024Mi # resources: {} redis: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param redis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} ## Cluster update job settings updateJob: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-a6ef19-dev.yaml b/devops/helm/redis-cluster/values-a6ef19-dev.yaml index 1c8ebdfea9..2d35ffb2ea 100644 --- a/devops/helm/redis-cluster/values-a6ef19-dev.yaml +++ b/devops/helm/redis-cluster/values-a6ef19-dev.yaml @@ -1,13 +1,16 @@ +persistence: + size: 1Gi + volumePermissions: # resourcesPreset: "nano" ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: resources: requests: - cpu: 250m - memory: 512Mi + cpu: 500m + memory: 1024Mi limits: - cpu: 100m + cpu: 500m memory: 1024Mi # resources: {} @@ -17,11 +20,11 @@ redis: ## Example: resources: requests: - cpu: 1 + cpu: 500m memory: 512Mi limits: - cpu: 2 - memory: 1024Mi + cpu: 500m + memory: 512Mi # resources: {} ## Cluster update job settings @@ -31,10 +34,10 @@ updateJob: ## Example: resources: requests: - cpu: 1 + cpu: 500m memory: 512Mi limits: - cpu: 2 - memory: 1024Mi + cpu: 500m + memory: 512Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-a6ef19-prod.yaml b/devops/helm/redis-cluster/values-a6ef19-prod.yaml index 5bfbc821f0..2d35ffb2ea 100644 --- a/devops/helm/redis-cluster/values-a6ef19-prod.yaml +++ b/devops/helm/redis-cluster/values-a6ef19-prod.yaml @@ -1,40 +1,43 @@ +persistence: + size: 1Gi + volumePermissions: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 250m - # memory: 512Mi - # limits: - # cpu: 100m - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 1024Mi + limits: + cpu: 500m + memory: 1024Mi # resources: {} redis: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param redis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} ## Cluster update job settings updateJob: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-a6ef19-test.yaml b/devops/helm/redis-cluster/values-a6ef19-test.yaml index 5bfbc821f0..2d35ffb2ea 100644 --- a/devops/helm/redis-cluster/values-a6ef19-test.yaml +++ b/devops/helm/redis-cluster/values-a6ef19-test.yaml @@ -1,40 +1,43 @@ +persistence: + size: 1Gi + volumePermissions: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 250m - # memory: 512Mi - # limits: - # cpu: 100m - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 1024Mi + limits: + cpu: 500m + memory: 1024Mi # resources: {} redis: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param redis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} ## Cluster update job settings updateJob: - resourcesPreset: "nano" + # resourcesPreset: "nano" ## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: - # resources: - # requests: - # cpu: 1 - # memory: 512Mi - # limits: - # cpu: 2 - # memory: 1024Mi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 500m + memory: 512Mi # resources: {} From 9ab246c199b367ed7da743d6cc5ab62a6a9c526c Mon Sep 17 00:00:00 2001 From: guru-aot Date: Fri, 31 Jan 2025 11:14:46 -0700 Subject: [PATCH 3/6] updated --- devops/helm/redis-cluster/templates/configmap.yaml | 2 +- devops/helm/redis-cluster/values-0c27fb-dev.yaml | 8 ++++---- devops/helm/redis-cluster/values-0c27fb-prod.yaml | 8 ++++---- devops/helm/redis-cluster/values-0c27fb-test.yaml | 8 ++++---- devops/helm/redis-cluster/values-a6ef19-dev.yaml | 8 ++++---- devops/helm/redis-cluster/values-a6ef19-prod.yaml | 8 ++++---- devops/helm/redis-cluster/values-a6ef19-test.yaml | 8 ++++---- 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/devops/helm/redis-cluster/templates/configmap.yaml b/devops/helm/redis-cluster/templates/configmap.yaml index 0522f674fe..c83f35be71 100644 --- a/devops/helm/redis-cluster/templates/configmap.yaml +++ b/devops/helm/redis-cluster/templates/configmap.yaml @@ -1396,7 +1396,7 @@ data: # # Please check https://redis.io/topics/persistence for more information. - appendonly no + appendonly yes # The base name of the append only file. # diff --git a/devops/helm/redis-cluster/values-0c27fb-dev.yaml b/devops/helm/redis-cluster/values-0c27fb-dev.yaml index 2d35ffb2ea..da629fa3a4 100644 --- a/devops/helm/redis-cluster/values-0c27fb-dev.yaml +++ b/devops/helm/redis-cluster/values-0c27fb-dev.yaml @@ -21,10 +21,10 @@ redis: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} ## Cluster update job settings @@ -35,9 +35,9 @@ updateJob: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-0c27fb-prod.yaml b/devops/helm/redis-cluster/values-0c27fb-prod.yaml index 2d35ffb2ea..da629fa3a4 100644 --- a/devops/helm/redis-cluster/values-0c27fb-prod.yaml +++ b/devops/helm/redis-cluster/values-0c27fb-prod.yaml @@ -21,10 +21,10 @@ redis: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} ## Cluster update job settings @@ -35,9 +35,9 @@ updateJob: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-0c27fb-test.yaml b/devops/helm/redis-cluster/values-0c27fb-test.yaml index 2d35ffb2ea..da629fa3a4 100644 --- a/devops/helm/redis-cluster/values-0c27fb-test.yaml +++ b/devops/helm/redis-cluster/values-0c27fb-test.yaml @@ -21,10 +21,10 @@ redis: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} ## Cluster update job settings @@ -35,9 +35,9 @@ updateJob: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-a6ef19-dev.yaml b/devops/helm/redis-cluster/values-a6ef19-dev.yaml index 2d35ffb2ea..da629fa3a4 100644 --- a/devops/helm/redis-cluster/values-a6ef19-dev.yaml +++ b/devops/helm/redis-cluster/values-a6ef19-dev.yaml @@ -21,10 +21,10 @@ redis: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} ## Cluster update job settings @@ -35,9 +35,9 @@ updateJob: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-a6ef19-prod.yaml b/devops/helm/redis-cluster/values-a6ef19-prod.yaml index 2d35ffb2ea..da629fa3a4 100644 --- a/devops/helm/redis-cluster/values-a6ef19-prod.yaml +++ b/devops/helm/redis-cluster/values-a6ef19-prod.yaml @@ -21,10 +21,10 @@ redis: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} ## Cluster update job settings @@ -35,9 +35,9 @@ updateJob: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} diff --git a/devops/helm/redis-cluster/values-a6ef19-test.yaml b/devops/helm/redis-cluster/values-a6ef19-test.yaml index 2d35ffb2ea..da629fa3a4 100644 --- a/devops/helm/redis-cluster/values-a6ef19-test.yaml +++ b/devops/helm/redis-cluster/values-a6ef19-test.yaml @@ -21,10 +21,10 @@ redis: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} ## Cluster update job settings @@ -35,9 +35,9 @@ updateJob: resources: requests: cpu: 500m - memory: 512Mi + memory: 1024Mi limits: cpu: 500m - memory: 512Mi + memory: 1024Mi # resources: {} From a627cd36a7fca25ccbcf538cdc2932d649d09d2a Mon Sep 17 00:00:00 2001 From: guru-aot Date: Tue, 4 Feb 2025 09:10:48 -0700 Subject: [PATCH 4/6] Updated --- devops/helm/redis-cluster/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devops/helm/redis-cluster/templates/_helpers.tpl b/devops/helm/redis-cluster/templates/_helpers.tpl index b8d61544df..b40a5d04f4 100644 --- a/devops/helm/redis-cluster/templates/_helpers.tpl +++ b/devops/helm/redis-cluster/templates/_helpers.tpl @@ -167,7 +167,7 @@ Return Redis® password {{- else if not (empty .Values.password) -}} {{- .Values.password -}} {{- else -}} - {{- randAlphaNum 10 -}} + {{- randAlphaNum 32 -}} {{- end -}} {{- end -}} From 176ec8aff7bfe00f38622791d81b5b77e15f122f Mon Sep 17 00:00:00 2001 From: guru-aot Date: Tue, 4 Feb 2025 15:49:24 -0700 Subject: [PATCH 5/6] Reverted --- .github/workflows/env-setup-delete-redis.yml | 36 +++ .github/workflows/env-setup-deploy-redis.yml | 40 ++++ .../env-setup-init-redis-cluster-redis.yml | 36 +++ .../workflows/env-setup-redis-recovery.yml | 40 ++++ devops/openshift/database/redis-ha-deploy.yml | 222 ++++++++++++++++++ devops/openshift/database/redis-secrets.yml | 60 +++++ 6 files changed, 434 insertions(+) create mode 100644 .github/workflows/env-setup-delete-redis.yml create mode 100644 .github/workflows/env-setup-deploy-redis.yml create mode 100644 .github/workflows/env-setup-init-redis-cluster-redis.yml create mode 100644 .github/workflows/env-setup-redis-recovery.yml create mode 100644 devops/openshift/database/redis-ha-deploy.yml create mode 100644 devops/openshift/database/redis-secrets.yml diff --git a/.github/workflows/env-setup-delete-redis.yml b/.github/workflows/env-setup-delete-redis.yml new file mode 100644 index 0000000000..54c5e1aac2 --- /dev/null +++ b/.github/workflows/env-setup-delete-redis.yml @@ -0,0 +1,36 @@ +name: Env Setup - Delete Redis in Openshift +run-name: Env Setup - Delete Redis in Openshift from ${{ inputs.environment }} using ${{ github.ref_name }} + +concurrency: redis-setup + +on: + workflow_dispatch: + inputs: + environment: + description: "Environment" + required: true + type: environment + +jobs: + deleteRedis: + name: Delete Redis in Openshift + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + env: + NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} + steps: + - name: Checkout Target Branch + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + - name: Install CLI tools from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4" + - name: Log in to OpenShift + run: | + oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} + - name: Delete Redis + working-directory: "./devops/" + run: | + make delete-redis diff --git a/.github/workflows/env-setup-deploy-redis.yml b/.github/workflows/env-setup-deploy-redis.yml new file mode 100644 index 0000000000..909918b7c1 --- /dev/null +++ b/.github/workflows/env-setup-deploy-redis.yml @@ -0,0 +1,40 @@ +name: Env Setup - Deploy Redis in Openshift +run-name: Env Setup - Deploy Redis in Openshift from ${{ github.ref_name }} to ${{ inputs.environment }} + +concurrency: redis-setup + +on: + workflow_dispatch: + inputs: + environment: + description: "Environment" + required: true + type: environment + +jobs: + deployRedis: + name: Deploy Redis in Openshift + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + env: + NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} + steps: + - name: Checkout Target Branch + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + - name: Install CLI tools from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4" + - name: Log in to OpenShift + run: | + oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} + - name: Init Redis + working-directory: "./devops/" + run: | + make init-redis + - name: Deploy Redis + working-directory: "./devops/" + run: | + make deploy-redis diff --git a/.github/workflows/env-setup-init-redis-cluster-redis.yml b/.github/workflows/env-setup-init-redis-cluster-redis.yml new file mode 100644 index 0000000000..9c29928449 --- /dev/null +++ b/.github/workflows/env-setup-init-redis-cluster-redis.yml @@ -0,0 +1,36 @@ +name: Env Setup - Initialize Redis Cluster in Openshift +run-name: Env Setup - Initialize Redis Cluster in Openshift from ${{ github.ref_name }} to ${{ inputs.environment }} + +concurrency: redis-setup + +on: + workflow_dispatch: + inputs: + environment: + description: "Environment" + required: true + type: environment + +jobs: + initRedisCluster: + name: Init Redis Cluster in Openshift + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + env: + NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} + steps: + - name: Checkout Target Branch + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + - name: Install CLI tools from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4" + - name: Log in to OpenShift + run: | + oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} + - name: Init Redis Cluster + working-directory: "./devops/" + run: | + echo "yes" |make init-redis-cluster diff --git a/.github/workflows/env-setup-redis-recovery.yml b/.github/workflows/env-setup-redis-recovery.yml new file mode 100644 index 0000000000..0ca66e3ff0 --- /dev/null +++ b/.github/workflows/env-setup-redis-recovery.yml @@ -0,0 +1,40 @@ +name: Env Setup - Redis recovery in Openshift +run-name: Env Setup - Redis recovery in Openshift from ${{ inputs.gitRef }} to ${{ inputs.environment }} + +concurrency: redis-setup + +on: + workflow_dispatch: + inputs: + environment: + description: "Environment" + required: true + type: environment + gitRef: + description: "Build Ref" + required: true + default: "" + +jobs: + recoverRedis: + name: Redis recovery in Openshift + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + env: + NAMESPACE: ${{ secrets.OPENSHIFT_ENV_NAMESPACE }} + steps: + - name: Checkout Target Branch + uses: actions/checkout@v4 + with: + ref: ${{ inputs.gitRef }} + - name: Install CLI tools from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4" + - name: Log in to OpenShift + run: | + oc login --token=${{ secrets.SA_TOKEN }} --server=${{ vars.OPENSHIFT_CLUSTER_URL }} + - name: Redis cluster meet + working-directory: "./devops/" + run: | + make redis-cluster-meet diff --git a/devops/openshift/database/redis-ha-deploy.yml b/devops/openshift/database/redis-ha-deploy.yml new file mode 100644 index 0000000000..8007dbbeb8 --- /dev/null +++ b/devops/openshift/database/redis-ha-deploy.yml @@ -0,0 +1,222 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + annotations: + description: Redis in Cluster mode, with persistent storage. + tags: redis + name: ${NAME} +labels: + app: ${NAME} + template: ${NAME} +objects: + - apiVersion: v1 + kind: ConfigMap + metadata: + name: ${NAME} + labels: + app: ${NAME} + data: + update-ip.sh: | + #!/bin/sh + CLUSTER_CONFIG="/data/nodes.conf" + if [ -f $CLUSTER_CONFIG ]; then + if [ -z "$POD_IP" ]; then + echo "Unable to determine Pod IP address!" + exit 1 + fi + echo "Updating my IP to $POD_IP in $CLUSTER_CONFIG" + sed -i.bak -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/$POD_IP/" ${CLUSTER_CONFIG} + fi + exec "$@" + - apiVersion: v1 + kind: Service + metadata: + name: ${NAME} + spec: + ports: + - name: client + port: ${{REDIS_PORT}} + targetPort: ${{REDIS_PORT}} + - name: gossip + port: ${{REDIS_BUS_PORT}} + targetPort: ${{REDIS_BUS_PORT}} + selector: + app: ${NAME} + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: ${NAME} + labels: + app: ${NAME} + app.kubernetes.io/part-of: "shared_database" + spec: + replicas: ${{REPLICAS}} + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ${NAME} + serviceName: ${NAME} + template: + metadata: + labels: + app: ${NAME} + spec: + imagePullSecrets: + - name: artifactory-creds + containers: + - name: ${NAME} + image: ${IMAGE_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} + imagePullPolicy: IfNotPresent + command: + - /script/update-ip.sh + - redis-server + - /conf/redis.conf + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: REDISCLI_AUTH + valueFrom: + secretKeyRef: + key: password + name: ${NAME}-creds + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - redis-cli -h $HOSTNAME shutdown save + livenessProbe: + exec: + command: + - /bin/sh + - -c + - test "$(redis-cli -h $HOSTNAME ping)" == "PONG" + initialDelaySeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + ports: + - containerPort: ${{REDIS_PORT}} + name: client + - containerPort: ${{REDIS_BUS_PORT}} + name: gossip + readinessProbe: + exec: + command: + - /bin/sh + - -c + - test "$(redis-cli -h $HOSTNAME ping)" == "PONG" + initialDelaySeconds: 15 + timeoutSeconds: 1 + failureThreshold: 3 + resources: + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} + limits: + cpu: ${CPU_LIMIT} + memory: ${MEMORY_LIMIT} + volumeMounts: + - name: conf + mountPath: /conf + readOnly: false + - name: data + mountPath: /data + readOnly: false + - name: script + mountPath: /script + readOnly: false + volumes: + - name: conf + secret: + secretName: ${NAME}-creds + - name: script + configMap: + name: ${NAME} + defaultMode: 0755 + volumeClaimTemplates: + - metadata: + name: data + labels: + app: ${NAME} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${PVC_SIZE} + storageClassName: ${STORAGE_CLASS} + - apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + name: ${NAME}-pdb + spec: + selector: + matchLabels: + app: ${NAME} + maxUnavailable: 2 +parameters: + - name: NAME + description: The name of the application for labelling all artifacts. + displayName: Application Name + required: true + value: redis + - name: REPLICAS + description: The number of StatefulSet replicas to use. + displayName: Replicas + required: true + value: "6" + - name: IMAGE_REGISTRY + description: The base docker registry + displayName: Docker Image Registry + required: true + - name: IMAGE_NAME + description: Redis Image Name + displayName: Image Name + required: true + - name: IMAGE_TAG + description: Redis Image Tag + displayName: Image Tag + required: true + - name: CPU_REQUEST + description: Starting amount of CPU the container can use. + displayName: CPU Request + required: true + value: 25m + - name: CPU_LIMIT + description: Maximum amount of CPU the container can use. + displayName: CPU Limit + required: true + value: 100m + - name: MEMORY_REQUEST + description: Starting amount of memory the container can use. + displayName: Memory Request + required: true + value: 256Mi + - name: MEMORY_LIMIT + description: Maximum amount of memory the container can use. + displayName: Memory Limit + required: true + value: 256Mi + - name: PVC_SIZE + description: The size of the persistent volume to create. + displayName: Persistent Volume Size + required: true + value: 1Gi + - name: STORAGE_CLASS + description: The type of the persistent volume to create. + displayName: Persistent Volume Class + required: true + value: netapp-file-standard + - name: REDIS_PORT + description: Redis port. + displayName: Redis client port. + required: true + value: "6379" + - name: REDIS_BUS_PORT + description: Redis cluster bus port. + displayName: Redis cluster bus port used for node to node communication. + required: true + value: "16379" diff --git a/devops/openshift/database/redis-secrets.yml b/devops/openshift/database/redis-secrets.yml new file mode 100644 index 0000000000..364013de50 --- /dev/null +++ b/devops/openshift/database/redis-secrets.yml @@ -0,0 +1,60 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: ${NAME}-creds +labels: + app: ${NAME} + template: ${NAME}-creds +objects: + - apiVersion: v1 + kind: Secret + metadata: + name: ${NAME}-creds + stringData: + clustermode: ${CLUSTER_ENABLED} + password: ${REDIS_PASSWORD} + redis.conf: | + cluster-enabled ${CLUSTER_ENABLED} + cluster-require-full-coverage no + cluster-node-timeout ${CLUSTER_NODE_TIMEOUT} + cluster-config-file /data/nodes.conf + cluster-migration-barrier 1 + masterauth ${REDIS_PASSWORD} + masteruser default + appendonly ${APPEND_ONLY} + appendfsync ${APPEND_ONLY_FSYNC} + protected-mode no + requirepass ${REDIS_PASSWORD} + type: Opaque +parameters: + - name: NAME + description: The name of the application for labelling all artifacts. + displayName: Application Name + required: true + value: redis + - name: APPEND_ONLY + description: The file format mode that Redis will save in (no for RDB, yes for AOF) + displayName: Redis Persistence Mode + required: true + value: "yes" + - name: APPEND_ONLY_FSYNC + description: The fsync policy of AOF(Append only file). + displayName: Redis + required: true + value: always + - name: CLUSTER_ENABLED + description: The file format mode that Redis will save in (no for RDB, yes for AOF) + displayName: Redis Persistence Mode + required: true + value: "yes" + - name: CLUSTER_NODE_TIMEOUT + description: Cluster node timeout. + displayName: Cluster node timeout in milliseconds. + required: true + value: "15000" + - name: REDIS_PASSWORD + description: Redis password + displayName: Redis password + generate: expression + from: "[a-zA-Z0-9]{32}" + required: true From 0b27d13228fb2b3806f6080cf3d88a7ac9cbb5ab Mon Sep 17 00:00:00 2001 From: guru-aot Date: Tue, 4 Feb 2025 15:51:07 -0700 Subject: [PATCH 6/6] reverted --- devops/Makefile | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/devops/Makefile b/devops/Makefile index 7804950ac9..0f4abbf9fd 100644 --- a/devops/Makefile +++ b/devops/Makefile @@ -19,6 +19,7 @@ export IS_FULLTIME_ALLOWED := $(or $(IS_FULLTIME_ALLOWED), false) export BYPASS_APPLICATION_SUBMIT_VALIDATIONS := $(or $(BYPASS_APPLICATION_SUBMIT_VALIDATIONS), false) export SWAGGER_ENABLED := $(or ${SWAGGER_ENABLED}, true) export APPLICATION_ARCHIVE_DAYS := $(or ${APPLICATION_ARCHIVE_DAYS}, 43) +export REDIS_PORT := $(or ${REDIS_PORT}, 6379) export CLAMAV_PORT := $(or ${CLAMAV_PORT}, 3310) export API_PORT := $(or ${API_PORT}, 7070) export QUEUE_CONSUMERS_PORT := $(or ${QUEUE_CONSUMERS_PORT}, 7000) @@ -272,6 +273,26 @@ build-web: @oc -n $(BUILD_NAMESPACE) process -f $(BUILD_TEMPLATE_PATH) -p TAG=$(BUILD_REF) -p SOURCE_REPOSITORY_REF=$(BUILD_REF) -p SOURCE_CONTEXT_DIR=$(SOURCE_CONTEXT_DIR)web -p NAME=$(WEB_BUILD_REF) | oc -n $(BUILD_NAMESPACE) apply -f - @oc -n $(BUILD_NAMESPACE) start-build bc/$(WEB_BUILD_REF) --wait +init-redis: + @echo "++\n Init Redis in $(NAMESPACE) \n++" + @oc -n $(NAMESPACE) process -f openshift/database/redis-secrets.yml | oc -n $(NAMESPACE) apply -f - + +deploy-redis: + @oc -n $(NAMESPACE) process -f openshift/database/redis-ha-deploy.yml -p IMAGE_NAME="redis" -p IMAGE_TAG="6.2.7-alpine" -p IMAGE_REGISTRY="artifacts.developer.gov.bc.ca/docker-remote" | oc -n $(NAMESPACE) apply -f - + +# Command to initialize the redis cluster. +# Make sure that all the redis pods are up and running before initializing the cluster. +init-redis-cluster: + REDIS_PASSWORD=$$(oc get secret -n $(NAMESPACE) redis-creds -o jsonpath='{.data.password}' | base64 -d); \ + REDIS_NODES=$$(oc get pods -n $(NAMESPACE) -l app=redis -o jsonpath='{range .items[*]}{.status.podIP}:$(REDIS_PORT) ' | sed 's/ :$(REDIS_PORT) $$/ /'); \ + oc exec -n $(NAMESPACE) -it redis-0 -- redis-cli -a $$REDIS_PASSWORD --cluster create $$REDIS_NODES --cluster-replicas 1 + +# Command to tell one Redis node to connect to another node and join the cluster. +# This is typically done when you are setting up a Redis Cluster or adding new nodes to an existing cluster to ensure they are aware of each other and can communicate effectively. +redis-cluster-meet: + REDIS_PASSWORD=$$(oc get secret -n $(NAMESPACE) redis-creds -o jsonpath='{.data.password}' | base64 -d); \ + oc get pods -n $(NAMESPACE) -l app=redis -o jsonpath='{range.items[*]}{.status.podIP} $(REDIS_PORT) {end}' | xargs -n2 oc exec -n $(NAMESPACE) -it redis-0 -- redis-cli -a $$REDIS_PASSWORD -c CLUSTER MEET + run-db-migrations: test -n "$(NAMESPACE)" test -n "$(BUILD_NAMESPACE)" @@ -493,6 +514,11 @@ deploy-forms: | oc -n $(NAMESPACE) apply -f - $(call rollout_and_wait,deployment/$(FORMS_NAME)) +# Remove redis and resources including secrets from openshift namespace. +delete-redis: + @echo "+\n++ Removing redis and resources on $(NAMESPACE)\n+" + @oc delete -n $(NAMESPACE) all,rc,svc,dc,route,pvc,secret,configmap,sa -l app=redis + update-sysdig-team: @echo "Updating Sysdig Team for license plate 0c27fb.\n" @oc project 0c27fb-tools