Skip to content

Commit

Permalink
Merge pull request #72 from bcgov/develop/km
Browse files Browse the repository at this point in the history 
GRAD2-2841 - Institute - Update Redis cluster and related IaC to be password protected
  • Loading branch information
@kamal-mohammed
kamal-mohammed committed Jun 27, 2024
2 parents d2b9272 + 4c256bc commit 45e268a
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 27 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/create-redis-cluster-DEV.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ jobs:
- name: cleanup
run : |
echo "Cleaning up previous installation (if any)..."
oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis
- name: Deploy Redis
oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha
- name: Deploy Redis pods
run: |
oc process -f redis/redis-ha.dc.yaml -p REPLICAS=${{ env.REPLICAS }} | oc apply -f -
- name: Wait for Readiness
Expand All @@ -39,6 +39,8 @@ jobs:
sleep "$((${{ env.REPLICAS }}*50))"
- name: Create Cluster
run: |
echo "Retrieve redis password..."
REDIS_PASSWORD=$(oc -o json get secret redis-ha | sed -n 's/.*"REDIS_PASSWORD": "\(.*\)",/\1/p' | base64 --decode)
echo "Creating Cluster..."
oc exec -i redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes
oc exec -i redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a $REDIS_PASSWORD
echo "Success!"
8 changes: 5 additions & 3 deletions .github/workflows/create-redis-cluster-PROD.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ jobs:
- name: cleanup
run : |
echo "Cleaning up previous installation (if any)..."
oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis
- name: Deploy Redis
oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha
- name: Deploy Redis pods
run: |
oc process -f redis/redis-ha.dc.yaml -p REPLICAS=${{ env.REPLICAS }} | oc apply -f -
- name: Wait for Readiness
Expand All @@ -39,6 +39,8 @@ jobs:
sleep "$((${{ env.REPLICAS }}*50))"
- name: Create Cluster
run: |
echo "Retrieve redis password..."
REDIS_PASSWORD=$(oc -o json get secret redis-ha | sed -n 's/.*"REDIS_PASSWORD": "\(.*\)",/\1/p' | base64 --decode)
echo "Creating Cluster..."
oc exec -i redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes
oc exec -i redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a $REDIS_PASSWORD
echo "Success!"
8 changes: 5 additions & 3 deletions .github/workflows/create-redis-cluster-TEST.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ jobs:
- name: cleanup
run : |
echo "Cleaning up previous installation (if any)..."
oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis
- name: Deploy Redis
oc delete all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha
- name: Deploy Redis pods
run: |
oc process -f redis/redis-ha.dc.yaml -p REPLICAS=${{ env.REPLICAS }} | oc apply -f -
- name: Wait for Readiness
Expand All @@ -39,6 +39,8 @@ jobs:
sleep "$((${{ env.REPLICAS }}*50))"
- name: Create Cluster
run: |
echo "Retrieve redis password..."
REDIS_PASSWORD=$(oc -o json get secret redis-ha | sed -n 's/.*"REDIS_PASSWORD": "\(.*\)",/\1/p' | base64 --decode)
echo "Creating Cluster..."
oc exec -i redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes
oc exec -i redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a $REDIS_PASSWORD
echo "Success!"
5 changes: 2 additions & 3 deletions redis/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,13 @@
###### Redis HA can be deployed by cloning this repository locally from Git

- Clone the repository
- Navigate to the `./redis` directory
- Logon to Openshift using **oc** commandline tool
- Switch to the correct project/namespace you're targeting

###### Delete previous installation if any
- Run the following command for cleanup:
```
oc delete -n <namespace-env> all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis
oc delete -n <namespace-env> all,rc,svc,dc,route,pvc,secret,configmap,sa,RoleBinding -l app=redis-ha
```
###### Deploy Redis
```
Expand All @@ -29,5 +28,5 @@ oc process -f redis/redis-ha.dc.yaml -p REPLICAS=6 | oc apply -f -
- Once all the pods are running, run the following command to initialize the cluster:

```
oc exec -it redis-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes
oc exec -it redis-ha-0 -- redis-cli --cluster create --cluster-replicas 1 $(oc get pods -l app=redis-ha -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}') --cluster-yes -a <password>
```
51 changes: 36 additions & 15 deletions redis/redis-ha.dc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ objects:
- apiVersion: v1
kind: ConfigMap
metadata:
name: redis
name: redis-ha
labels:
app: redis
app: redis-ha
data:
fix-ip.sh: |
#!/bin/sh
Expand All @@ -25,20 +25,32 @@ objects:
sed -i.bak -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${POD_IP}/" ${CLUSTER_CONFIG}
fi
exec "$@"
redis.conf: |+
redis.conf: |
cluster-enabled yes
cluster-require-full-coverage no
cluster-node-timeout 15000
cluster-config-file /data/nodes.conf
cluster-migration-barrier 1
appendonly yes
protected-mode no
requirepass ${REDIS_PASSWORD}
- kind: Secret
apiVersion: v1
metadata:
name: redis-ha
labels:
app: redis-ha
annotations:
template.openshift.io/expose-password: "{.data['REDIS_PASSWORD']}"
as-copy-of: template.${NAME}-secret
stringData:
REDIS_PASSWORD: "${REDIS_PASSWORD}"
- apiVersion: v1
kind: Service
metadata:
name: redis
name: redis-ha
labels:
app: redis
app: redis-ha
spec:
ports:
- port: 6379
Expand All @@ -49,28 +61,28 @@ objects:
name: gossip
clusterIP: None
selector:
app: redis
app: redis-ha
- apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
name: redis-ha
labels:
app: redis
app: redis-ha
spec:
serviceName: redis
serviceName: redis-ha
replicas: ${{REPLICAS}}
selector:
matchLabels:
app: redis
app: redis-ha
template:
metadata:
labels:
app: redis
app: redis-ha
spec:
imagePullSecrets:
- name: artifactory-creds
containers:
- name: redis
- name: redis-ha
image: artifacts.developer.gov.bc.ca/docker-remote/redis:7.0.8
ports:
- containerPort: 6379
Expand Down Expand Up @@ -106,6 +118,9 @@ objects:
- name: data
mountPath: /data
readOnly: false
envFrom:
- secretRef:
name: redis-ha
resources:
requests:
cpu: "10m"
Expand All @@ -116,13 +131,13 @@ objects:
volumes:
- name: conf
configMap:
name: redis
name: redis-ha
defaultMode: 0755
volumeClaimTemplates:
- metadata:
name: data
labels:
name: redis
name: redis-ha
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
Expand All @@ -132,4 +147,10 @@ parameters:
- name: REPLICAS
description: Number of Replicas for the Redis cluster
required: true
value: "2"
value: "2"
- name: REDIS_PASSWORD
displayName: Redis Connection Password
description: Password for the Redis connection user.
generate: expression
from: '[a-zA-Z0-9]{16}'
required: true

0 comments on commit 45e268a

Please sign in to comment.