GithubHelp home page GithubHelp logo

sap / redis-operator Goto Github PK

View Code? Open in Web Editor NEW
10.0 4.0 4.0 657 KB

Manage Redis clusters in Kubernetes

License: Apache License 2.0

Shell 2.42% Dockerfile 0.76% Makefile 3.18% Go 45.46% Mustache 48.18%
sap-cns sap-cs-devops

redis-operator's Introduction

Kubernetes Operator For Redis™

REUSE status

Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by SAP is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Ltd. and SAP.

About this project

This repository adds a new resource type Redis (redis.cache.cs.sap.com) to Kubernetes clusters, which can be used to deploy redis caches for cluster-internal usage. For example:

apiVersion: cache.cs.sap.com/v1alpha1
kind: Redis
metadata:
  name: test
spec:
  replicas: 3
  sentinel:
    enabled: true
  metrics:
    enabled: true
  tls:
    enabled: true

The controller contained in this repository under the hood uses the bitnami redis chart to install redis in the cluster. As a consequence of this fact, the following topologies are supported:

  • statically configured master with optional read replicas
  • sentinel cluster (i.e. dynamic master with read replicas, master elected by sentinel).

Sharding (redis-cluster) scenarios are not supported.

Sentinel mode

If spec.sentinel.enabled is false, one redis master node will be deployed, and spec.replicas - 1 read replicas. Both master and read nodes are reachable at dedicated services; since the master statefulset currently cannot be scaled beyound 1, only the read part is truly highly available.

If spec.sentinel.enabled is true, then an ensemble of spec.replicas nodes will be deployed, each of which runs the actual redis service, and a sentinel sidecar. As long as a quorum of sentinels is available (more than 50%), they will form a consensus about which of the redis services has the master role, and configure the redis instances accordingly. There will be one service, exposing the sentinels at port 26379, and the redis caches at port 6379; clients which just want to perform read operations, can directly connect to the service at 6379; in order to write to redis, clients have to connect to the sentinel port of the service first, in order to detect the address of the current master, and then connect to the retrieved address at 6379.

Note that the field spec.sentinel.enabled is immutable.

Encryption

TLS encryption can be turned on by setting spec.tls.enabled. Without further configuration, a self-signed certificate will be created. As an alternative, if available, certificate and key can be retrieved from cert-manager. With

spec:
  tls:
    enabled: true
    certManager: {}

a self-signing issuer will be generated; an existing issuer could be referenced as well, such as:

spec:
  tls:
    enabled: true
    certManager:
      issuer:
        # group: cert-manager.io
        kind: ClusterIssuer
        name: cluster-ca

Persistence

AOF persistence can be enabled by setting spec.persistence.enabled to true. It may be tweaked by setting spec.persistence.storageClass and spec.persistence.size; note that the latter fields are immutable.

Metrics

If spec.metrics.enabled is set to true, an prometheus exporter sidecar will be added to the pods, which can be scraped at port 9121 (optionally via the corresponding service and ServiceMonitor, if prometheus-operator is used).

Binding secret

By default, a binding secret like the following will be generated:

apiVersion: v1
kind: Secret
metadata:
  name: redis-test-binding
type: Opaque
stringData:
  caData: |
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
  host: redis-test.testns.svc.cluster.local
  masterName: mymaster
  password: BM5vR1ziGE
  port: "6379"
  sentinelEnabled: "true"
  sentinelHost: redis-test.testns.svc.cluster.local
  sentinelPort: "26379"
  tlsEnabled: "true"

The format of the secret data can be overridden by specifying a go temmplate as spec.binding.template. In that go template, the following variables may be used:

  • .sentinelEnabled (whether sentinel mode is enabled or not)
  • .masterHost, .masterPort, .replicaHost, .replicaPort (only if sentinel is disabled)
  • .host, .port, .sentinelHost, .sentinelPort, .masterName (only if sentinel is enabled)
  • .tlsEnabled (whether TLS encryption is enabled or not)
  • .caData (CA certificate that clients may use to connect to redis)

Customize pod settings

The following attributes allow to tweak the created pods/containers:

  • spec.nodeSelector
  • spec.affinity
  • spec.topologySpreadConstraints
  • spec.tolerations
  • spec.priorityClassName
  • spec.podSecurityContext
  • spec.podLabels
  • spec.podAnnotations
  • spec.resources
  • spec.securityContext
  • spec.sentinel.resources
  • spec.sentinel.securityContext
  • spec.metrics.resources
  • spec.metrics.securityContext

For topology spread constraints, a special logic applies: if undefined, then some weak spread constraints will be generated, such as

topologySpreadConstraints:
- labelSelector:
    matchLabels:
      app.kubernetes.io/component: node
      app.kubernetes.io/instance: test
      app.kubernetes.io/name: redis
  maxSkew: 1
  nodeAffinityPolicy: Honor
  nodeTaintsPolicy: Honor
  topologyKey: kubernetes.io/hostname
  whenUnsatisfiable: ScheduleAnyway
  matchLabelKeys:
  - controller-revision-hash

This does not harm but helps to ensure proper spreading of the redis pods across Kubernetes nodes. In addition, if a supplied constraint misses both labelSelector and matchLabelKeys, then these attributes will be automatically populated by the controller, as in the above example.

Requirements and Setup

The recommended deployment method is to use the Helm chart:

helm upgrade -i redis-operator oci://ghcr.io/sap/redis-operator-helm/redis-operator

Documentation

The API reference is here: https://pkg.go.dev/github.com/sap/redis-operator.

Support, Feedback, Contributing

This project is open to feature requests/suggestions, bug reports etc. via GitHub issues. Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines.

Code of Conduct

We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its Code of Conduct at all times.

Licensing

Copyright 2023 SAP SE or an SAP affiliate company and redis-operator contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.

redis-operator's People

Contributors

cbarbian-sap avatar dafe-corporate-sap avatar erp4sme-devops-github-admin-user avatar jaroslav-viravec avatar renovate[bot] avatar shegox avatar zdenko-kovac avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

cbarbian-sap isabella232 pavan-sap

redis-operator's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

  • chore(deps): update non-minor dependencies (docker.io/bitnami/redis, github.com/sap/admission-webhook-runtime)
  • fix(go.mod/go.sum): update minor dependencies (golang) (github.com/cert-manager/cert-manager, github.com/google/uuid, github.com/onsi/ginkgo/v2, github.com/onsi/gomega, github.com/redis/go-redis/v9, github.com/sap/component-operator-runtime, github.com/sap/go-generics, go, golang.org/x/mod, k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery, k8s.io/client-go, k8s.io/kube-aggregator, sigs.k8s.io/controller-runtime)
  • chore(actions): update github-actions (major) (actions/setup-go, actions/upload-artifact, docker/build-push-action, docker/login-action, docker/metadata-action, docker/setup-buildx-action)
  • Click on this checkbox to rebase all open PRs at once

Detected dependencies

dockerfile
Dockerfile
  • golang 1.22
github-actions
.github/workflows/build.yaml
  • actions/checkout v4
  • actions/setup-go v4
  • actions/checkout v4
  • docker/setup-buildx-action v2
  • docker/metadata-action v4
  • docker/build-push-action v4
  • actions/upload-artifact v3
  • ubuntu 22.04
  • ubuntu 22.04
.github/workflows/publish.yaml
  • actions/checkout v4
  • docker/setup-buildx-action v2
  • docker/login-action v2
  • docker/metadata-action v4
  • docker/build-push-action v4
  • actions/checkout v4
  • actions/checkout v4
  • actions/checkout v4
  • benc-uk/workflow-dispatch v1
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
.github/workflows/release.yaml
  • actions/checkout v4
  • ubuntu 22.04
gomod
go.mod
  • go 1.21.5
  • github.com/Masterminds/sprig/v3 v3.2.3
  • github.com/cert-manager/cert-manager v1.13.3
  • github.com/google/uuid v1.4.0
  • github.com/onsi/ginkgo/v2 v2.13.2
  • github.com/onsi/gomega v1.30.0
  • github.com/pkg/errors v0.9.1
  • github.com/redis/go-redis/v9 v9.3.0
  • github.com/sap/admission-webhook-runtime v0.1.12
  • github.com/sap/component-operator-runtime v0.1.18
  • github.com/sap/go-generics v0.1.7
  • golang.org/x/mod v0.14.0
  • k8s.io/api v0.28.4
  • k8s.io/apiextensions-apiserver v0.28.4
  • k8s.io/apimachinery v0.28.4
  • k8s.io/client-go v0.28.4
  • k8s.io/kube-aggregator v0.28.4
  • sigs.k8s.io/controller-runtime v0.16.3
  • sigs.k8s.io/yaml v1.4.0
helm-values
pkg/operator/data/charts/redis/values.yaml
  • docker.io/bitnami/redis 7.2.0-debian-11-r7@sha256:acd9b289a84b03881f73eb05e3bfb3aab0ed5ccb10258bfbfac37b5d37a7a239
  • docker.io/bitnami/redis-sentinel 7.2.4-debian-11-r6
  • docker.io/bitnami/redis-exporter 1.57.0-debian-11-r9
  • docker.io/bitnami/bitnami-shell 11-debian-11-r114
  • docker.io/bitnami/bitnami-shell 11-debian-11-r114
helmv3
pkg/operator/data/charts/redis/Chart.yaml
  • Check this box to trigger a request for Renovate to run again on this repository

Istio injection fails on redis clusters

The istio envoy sidecar does not come up on redis clusters created by redis-operator.

2023-07-21T10:02:14.848381Z    info    starting Http service at 127.0.0.1:15004

2023-07-21T10:02:14.848462Z    info    Starting proxy agent
2023-07-21T10:02:14.848498Z    info    starting
2023-07-21T10:02:14.848524Z    info    Envoy command: [-c etc/istio/proxy/envoy-rev.json --drain-time-s 45 --drain-strategy immediate --local-address-ip-version v4 --file-flush-interval-msec 1000 --disable-hot-restart --allow-unknown-static-fields --log-format %Y-%m-%dT%T.%fZ    %l    envoy %n %g:%#    %v    thread=%t -l warning --component-log-level misc:error --concurrency 2]
2023-07-21T10:02:34.819688Z    warn    ca    ca request failed, starting attempt 1 in 103.063351ms
2023-07-21T10:02:34.922902Z    warn    ca    ca request failed, starting attempt 2 in 201.200697ms
2023-07-21T10:02:35.124920Z    warn    ca    ca request failed, starting attempt 3 in 422.03637ms
2023-07-21T10:02:35.547808Z    warn    ca    ca request failed, starting attempt 4 in 761.562536ms
2023-07-21T10:02:56.310433Z    warn    sds    failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 100.68.17.248:15012: i/o timeout"
2023-07-21T10:02:56.776685Z    warn    ca    ca request failed, starting attempt 1 in 109.765121ms
2023-07-21T10:02:56.886978Z    warn    ca    ca request failed, starting attempt 2 in 183.653145ms
2023-07-21T10:02:57.071356Z    warn    ca    ca request failed, starting attempt 3 in 413.458643ms
2023-07-21T10:02:57.484989Z    warn    ca    ca request failed, starting attempt 4 in 776.255744ms
2023-07-21T10:03:14.871321Z    info    Status server has successfully terminated
2023-07-21T10:03:14.871405Z    error    accept tcp :15020: use of closed network connection
2023-07-21T10:03:14.871433Z    info    Agent draining Proxy
2023-07-21T10:03:14.872503Z    info    Graceful termination period is 5s, starting...

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.