217 lines
13 KiB
Plaintext
217 lines
13 KiB
Plaintext
CHART NAME: {{ .Chart.Name }}
|
|
CHART VERSION: {{ .Chart.Version }}
|
|
APP VERSION: {{ .Chart.AppVersion }}
|
|
|
|
Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.
|
|
|
|
** Please be patient while the chart is being deployed **
|
|
|
|
{{- if .Values.diagnosticMode.enabled }}
|
|
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
|
|
|
|
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
|
|
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
|
|
|
|
Get the list of pods by executing:
|
|
|
|
kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
|
|
|
|
Access the pod you want to debug by executing
|
|
|
|
kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
|
|
|
|
In order to replicate the container startup scripts execute this command:
|
|
|
|
For Redis:
|
|
|
|
/opt/bitnami/scripts/redis/entrypoint.sh /opt/bitnami/scripts/redis/run.sh
|
|
|
|
{{- if .Values.sentinel.enabled }}
|
|
|
|
For Redis Sentinel:
|
|
|
|
/opt/bitnami/scripts/redis-sentinel/entrypoint.sh /opt/bitnami/scripts/redis-sentinel/run.sh
|
|
|
|
{{- end }}
|
|
{{- else }}
|
|
|
|
{{- if contains .Values.master.service.type "LoadBalancer" }}
|
|
{{- if not .Values.auth.enabled }}
|
|
{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }}
|
|
|
|
-------------------------------------------------------------------------------
|
|
WARNING
|
|
|
|
By specifying "master.service.type=LoadBalancer" and "auth.enabled=false" you have
|
|
most likely exposed the Redis® service externally without any authentication
|
|
mechanism.
|
|
|
|
For security reasons, we strongly suggest that you switch to "ClusterIP" or
|
|
"NodePort". As alternative, you can also switch to "auth.enabled=true"
|
|
providing a valid password on "password" parameter.
|
|
|
|
-------------------------------------------------------------------------------
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- if and .Values.auth.enabled .Values.auth.usePasswordFiles (not .Values.auth.usePasswordFileFromSecret) (or (empty .Values.master.initContainers) (empty .Values.replica.initContainers)) }}
|
|
|
|
-------------------------------------------------------------------------------
|
|
WARNING
|
|
|
|
By specifying ".Values.auth.usePasswordFiles=true" and ".Values.auth.usePasswordFileFromSecret=false"
|
|
Redis is expecting that the password is mounted as a file in each pod
|
|
(by default in /opt/bitnami/redis/secrets/redis-password)
|
|
|
|
Ensure that you specify the respective initContainers in
|
|
both .Values.master.initContainers and .Values.replica.initContainers
|
|
in order to populate the contents of this file.
|
|
|
|
-------------------------------------------------------------------------------
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.architecture "replication" }}
|
|
{{- if .Values.sentinel.enabled }}
|
|
|
|
Redis® can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster:
|
|
|
|
{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} for read only operations
|
|
|
|
For read/write operations, first access the Redis® Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above.
|
|
|
|
{{- else }}
|
|
|
|
Redis® can be accessed on the following DNS names from within your cluster:
|
|
|
|
{{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }})
|
|
{{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }})
|
|
|
|
{{- end }}
|
|
{{- else }}
|
|
|
|
Redis® can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster:
|
|
|
|
{{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
|
|
|
|
{{- end }}
|
|
|
|
{{ if .Values.auth.enabled }}
|
|
|
|
To get your password run:
|
|
|
|
export REDIS_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d)
|
|
|
|
{{- end }}
|
|
|
|
To connect to your Redis® server:
|
|
|
|
1. Run a Redis® pod that you can use as a client:
|
|
|
|
kubectl run --namespace {{ include "common.names.namespace" . }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
|
|
|
|
{{- if .Values.tls.enabled }}
|
|
|
|
Copy your TLS certificates to the pod:
|
|
|
|
kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert redis-client:/tmp/client.cert
|
|
kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key redis-client:/tmp/client.key
|
|
kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert redis-client:/tmp/CA.cert
|
|
|
|
{{- end }}
|
|
|
|
Use the following command to attach to the pod:
|
|
|
|
kubectl exec --tty -i redis-client \
|
|
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
|
|
--namespace {{ include "common.names.namespace" . }} -- bash
|
|
|
|
2. Connect using the Redis® CLI:
|
|
|
|
{{- if eq .Values.architecture "replication" }}
|
|
{{- if .Values.sentinel.enabled }}
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.redis }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.sentinel }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access
|
|
{{- else }}
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-master" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
{{- end }}
|
|
{{- else }}
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }}-master{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
{{- end }}
|
|
|
|
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
|
|
|
|
Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to redis.
|
|
|
|
{{- else }}
|
|
|
|
To connect to your database from outside the cluster execute the following commands:
|
|
|
|
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
|
|
{{- if contains "NodePort" .Values.sentinel.service.type }}
|
|
|
|
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
|
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
|
|
{{- else if contains "LoadBalancer" .Values.sentinel.service.type }}
|
|
|
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
|
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
|
|
|
|
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
|
|
{{- else if contains "ClusterIP" .Values.sentinel.service.type }}
|
|
|
|
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} &
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
|
|
{{- end }}
|
|
{{- else }}
|
|
{{- if contains "NodePort" .Values.master.service.type }}
|
|
|
|
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
|
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
|
|
{{- else if contains "LoadBalancer" .Values.master.service.type }}
|
|
|
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
|
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
|
|
|
|
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
|
|
{{- else if contains "ClusterIP" .Values.master.service.type }}
|
|
|
|
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} &
|
|
{{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- include "redis.checkRollingTags" . }}
|
|
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
|
|
{{- include "common.warnings.rollingTag" .Values.sysctl.image }}
|
|
{{- include "redis.validateValues" . }}
|
|
|
|
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }}
|
|
{{- if $.Values.sentinel.service.nodePorts.sentinel }}
|
|
No need to upgrade, ports and nodeports have been set from values
|
|
{{- else }}
|
|
#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!#
|
|
YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- $resourceSections := list "metrics" "replica" "sentinel" "sysctl" "volumePermissions" }}
|
|
{{- if not (and (eq .Values.architecture "replication") .Values.sentinel.enabled) }}
|
|
{{- $resourceSections = append $resourceSections "master" -}}
|
|
{{- end }}
|
|
{{- include "common.warnings.resources" (dict "sections" $resourceSections "context" $) }}
|
|
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }}
|
|
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image .Values.sysctl.image) "context" $) }}
|