diff --git a/.github/workflows/create-redis-cluster-DEV.yml b/.github/workflows/create-redis-cluster-DEV.yml index 66d7670..85841a2 100644 --- a/.github/workflows/create-redis-cluster-DEV.yml +++ b/.github/workflows/create-redis-cluster-DEV.yml @@ -29,8 +29,8 @@ jobs: - name: cleanup run : | echo "Cleaning up previous installation (if any)..." - oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis - - name: Deploy Redis + oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha + - name: Deploy Redis pods run: | oc process -f redis/redis-ha.dc.yaml -p REPLICAS=${{ env.REPLICAS }} | oc apply -f - - name: Wait for Readiness @@ -39,6 +39,8 @@ jobs: sleep "$((${{ env.REPLICAS }}*50))" - name: Create Cluster run: | + echo "Retrieve redis password..." + REDIS_PASSWORD=$(oc -o json get secret redis-ha | sed -n 's/.*"REDIS_PASSWORD": "\(.*\)",/\1/p' | base64 --decode) echo "Creating Cluster..." - oc exec -i redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes + oc exec -i redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a $REDIS_PASSWORD echo "Success!" \ No newline at end of file diff --git a/.github/workflows/create-redis-cluster-PROD.yml b/.github/workflows/create-redis-cluster-PROD.yml index 2c371d1..d644131 100644 --- a/.github/workflows/create-redis-cluster-PROD.yml +++ b/.github/workflows/create-redis-cluster-PROD.yml @@ -29,8 +29,8 @@ jobs: - name: cleanup run : | echo "Cleaning up previous installation (if any)..." - oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis - - name: Deploy Redis + oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha + - name: Deploy Redis pods run: | oc process -f redis/redis-ha.dc.yaml -p REPLICAS=${{ env.REPLICAS }} | oc apply -f - - name: Wait for Readiness @@ -39,6 +39,8 @@ jobs: sleep "$((${{ env.REPLICAS }}*50))" - name: Create Cluster run: | + echo "Retrieve redis password..." + REDIS_PASSWORD=$(oc -o json get secret redis-ha | sed -n 's/.*"REDIS_PASSWORD": "\(.*\)",/\1/p' | base64 --decode) echo "Creating Cluster..." - oc exec -i redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes + oc exec -i redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a $REDIS_PASSWORD echo "Success!" diff --git a/.github/workflows/create-redis-cluster-TEST.yml b/.github/workflows/create-redis-cluster-TEST.yml index 8c082b1..02c08de 100644 --- a/.github/workflows/create-redis-cluster-TEST.yml +++ b/.github/workflows/create-redis-cluster-TEST.yml @@ -29,8 +29,8 @@ jobs: - name: cleanup run : | echo "Cleaning up previous installation (if any)..." - oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis - - name: Deploy Redis + oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha + - name: Deploy Redis pods run: | oc process -f redis/redis-ha.dc.yaml -p REPLICAS=${{ env.REPLICAS }} | oc apply -f - - name: Wait for Readiness @@ -39,6 +39,8 @@ jobs: sleep "$((${{ env.REPLICAS }}*50))" - name: Create Cluster run: | + echo "Retrieve redis password..." + REDIS_PASSWORD=$(oc -o json get secret redis-ha | sed -n 's/.*"REDIS_PASSWORD": "\(.*\)",/\1/p' | base64 --decode) echo "Creating Cluster..." - oc exec -i redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes + oc exec -i redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a $REDIS_PASSWORD echo "Success!" diff --git a/redis/README.md b/redis/README.md index e0abb07..f460046 100644 --- a/redis/README.md +++ b/redis/README.md @@ -11,14 +11,13 @@ ###### Redis HA can be deployed by cloning this repository locally from Git - Clone the repository -- Navigate to the `./redis` directory - Logon to Openshift using **oc** commandline tool - Switch to the correct project/namespace you're targeting ###### Delete previous installation if any - Run the following command for cleanup: ``` -oc delete -n all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis +oc delete -n all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha ``` ###### Deploy Redis ``` @@ -29,5 +28,5 @@ oc process -f redis/redis-ha.dc.yaml -p REPLICAS=6 | oc apply -f - - Once all the pods are running, run the following command to initialize the cluster: ``` -oc exec -it redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes +oc exec -it redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a ``` diff --git a/redis/redis-ha.dc.yaml b/redis/redis-ha.dc.yaml index 63d164f..e2f789f 100644 --- a/redis/redis-ha.dc.yaml +++ b/redis/redis-ha.dc.yaml @@ -9,9 +9,9 @@ objects: - apiVersion: v1 kind: ConfigMap metadata: - name: redis + name: redis-ha labels: - app: redis + app: redis-ha data: fix-ip.sh: | #!/bin/sh @@ -25,7 +25,7 @@ objects: sed -i.bak -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${POD_IP}/" ${CLUSTER_CONFIG} fi exec "$@" - redis.conf: |+ + redis.conf: | cluster-enabled yes cluster-require-full-coverage no cluster-node-timeout 15000 @@ -33,12 +33,24 @@ objects: cluster-migration-barrier 1 appendonly yes protected-mode no + requirepass ${REDIS_PASSWORD} + - kind: Secret + apiVersion: v1 + metadata: + name: redis-ha + labels: + app: redis-ha + annotations: + template.openshift.io/expose-password: "{.data['REDIS_PASSWORD']}" + as-copy-of: template.${NAME}-secret + stringData: + REDIS_PASSWORD: "${REDIS_PASSWORD}" - apiVersion: v1 kind: Service metadata: - name: redis + name: redis-ha labels: - app: redis + app: redis-ha spec: ports: - port: 6379 @@ -49,28 +61,28 @@ objects: name: gossip clusterIP: None selector: - app: redis + app: redis-ha - apiVersion: apps/v1 kind: StatefulSet metadata: - name: redis + name: redis-ha labels: - app: redis + app: redis-ha spec: - serviceName: redis + serviceName: redis-ha replicas: ${{REPLICAS}} selector: matchLabels: - app: redis + app: redis-ha template: metadata: labels: - app: redis + app: redis-ha spec: imagePullSecrets: - name: artifactory-creds containers: - - name: redis + - name: redis-ha image: artifacts.developer.gov.bc.ca/docker-remote/redis:7.0.8 ports: - containerPort: 6379 @@ -106,6 +118,9 @@ objects: - name: data mountPath: /data readOnly: false + envFrom: + - secretRef: + name: redis-ha resources: requests: cpu: "10m" @@ -116,13 +131,13 @@ objects: volumes: - name: conf configMap: - name: redis + name: redis-ha defaultMode: 0755 volumeClaimTemplates: - metadata: name: data labels: - name: redis + name: redis-ha spec: accessModes: [ "ReadWriteOnce" ] resources: @@ -132,4 +147,10 @@ parameters: - name: REPLICAS description: Number of Replicas for the Redis cluster required: true - value: "2" \ No newline at end of file + value: "2" + - name: REDIS_PASSWORD + displayName: Redis Connection Password + description: Password for the Redis connection user. + generate: expression + from: '[a-zA-Z0-9]{16}' + required: true \ No newline at end of file