From 42caeb8d53546fe1c490187c891141fd54220251 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= Date: Tue, 19 Jan 2021 17:21:14 +0100 Subject: [PATCH 1/7] Adds basic redis templating for KAS configmap - Adds a helper template to configure redis for KAS - Uses the above template in the KAS configmap - Mounts the KAS secret in the KAS POD - Adds basic yaml interface for overridable redis KAS values --- .../gitlab/charts/kas/templates/_helpers.tpl | 21 +++++++++++++++++++ .../charts/kas/templates/configmap.yaml | 3 +++ .../charts/kas/templates/deployment.yaml | 5 +++++ charts/gitlab/charts/kas/values.yaml | 5 +++++ 4 files changed, 34 insertions(+) diff --git a/charts/gitlab/charts/kas/templates/_helpers.tpl b/charts/gitlab/charts/kas/templates/_helpers.tpl index 4c758fcdf4..8ca759ad9a 100644 --- a/charts/gitlab/charts/kas/templates/_helpers.tpl +++ b/charts/gitlab/charts/kas/templates/_helpers.tpl @@ -12,3 +12,24 @@ if there is a shared tls secret for all ingresses. {{- end -}} {{- pluck "secretName" .Values.ingress.tls .Values.global.ingress.tls $defaultName | first -}} {{- end -}} + +{{/* +Build the structure describing sentinels +*/}} +{{- define "kas.redis" -}} +{{- if .Values.global.redis.sharedState -}} +{{- $_ := set $ "redisConfigName" "sharedState" -}} +{{- end -}} +{{- include "gitlab.redis.configMerge" . -}} +{{- if not .redisMergedConfig.sentinels -}} +server: + url: {{ template "gitlab.redis.url" . }} +{{- else -}} +sentinel: + master_name: {{ template "gitlab.redis.host" . }} + addresses: +{{- range $i, $entry := .redisMergedConfig.sentinels }} + - {{ quote (print "tcp://" (trim $entry.host) ":" ( default 26379 $entry.port | int ) ) -}} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/gitlab/charts/kas/templates/configmap.yaml b/charts/gitlab/charts/kas/templates/configmap.yaml index 546fc4073e..ac04b0a3cc 100644 --- a/charts/gitlab/charts/kas/templates/configmap.yaml +++ b/charts/gitlab/charts/kas/templates/configmap.yaml @@ -13,6 +13,9 @@ data: {{- if .Values.customConfig }} {{- .Values.customConfig | toYaml | nindent 4 }} {{- else }} + redis: + {{- include "kas.redis" . | nindent 6 }} + agent: listen: address: ":{{ .Values.service.internalPort }}" diff --git a/charts/gitlab/charts/kas/templates/deployment.yaml b/charts/gitlab/charts/kas/templates/deployment.yaml index a605bc75c1..6fc169f51e 100644 --- a/charts/gitlab/charts/kas/templates/deployment.yaml +++ b/charts/gitlab/charts/kas/templates/deployment.yaml @@ -88,4 +88,9 @@ spec: items: - key: {{ template "gitlab.kas.key" . }} path: .gitlab_kas_secret + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: .gitlab_redis_secret {{- end }} diff --git a/charts/gitlab/charts/kas/values.yaml b/charts/gitlab/charts/kas/values.yaml index 8bef432dd3..90619d4afa 100644 --- a/charts/gitlab/charts/kas/values.yaml +++ b/charts/gitlab/charts/kas/values.yaml @@ -6,6 +6,9 @@ annotations: {} global: kas: enabled: false + redis: + # host: '0.0.0.0' + password: {} # hosts: # kas: # name: kas.example.com @@ -57,3 +60,5 @@ securityContext: runAsUser: 65532 runAsGroup: 65532 fsGroup: 65532 +redis: + password: {} \ No newline at end of file -- GitLab From 6e4e11e3608a59ce6aaad4db01c8307f4b435f7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= Date: Mon, 1 Feb 2021 20:45:47 +0100 Subject: [PATCH 2/7] Adds redis password_file support for kas --- charts/gitlab/charts/kas/templates/_helpers.tpl | 7 ++++--- charts/gitlab/charts/kas/templates/configmap.yaml | 1 - charts/gitlab/charts/kas/templates/deployment.yaml | 6 +----- charts/gitlab/charts/kas/values.yaml | 5 +++++ 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/charts/gitlab/charts/kas/templates/_helpers.tpl b/charts/gitlab/charts/kas/templates/_helpers.tpl index 8ca759ad9a..1240ea55f9 100644 --- a/charts/gitlab/charts/kas/templates/_helpers.tpl +++ b/charts/gitlab/charts/kas/templates/_helpers.tpl @@ -21,10 +21,11 @@ Build the structure describing sentinels {{- $_ := set $ "redisConfigName" "sharedState" -}} {{- end -}} {{- include "gitlab.redis.configMerge" . -}} -{{- if not .redisMergedConfig.sentinels -}} +password_file: /etc/kas/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }} +{{ if not .redisMergedConfig.sentinels -}} server: - url: {{ template "gitlab.redis.url" . }} -{{- else -}} + address: {{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} +{{ else -}} sentinel: master_name: {{ template "gitlab.redis.host" . }} addresses: diff --git a/charts/gitlab/charts/kas/templates/configmap.yaml b/charts/gitlab/charts/kas/templates/configmap.yaml index ac04b0a3cc..1d88697d64 100644 --- a/charts/gitlab/charts/kas/templates/configmap.yaml +++ b/charts/gitlab/charts/kas/templates/configmap.yaml @@ -15,7 +15,6 @@ data: {{- else }} redis: {{- include "kas.redis" . | nindent 6 }} - agent: listen: address: ":{{ .Values.service.internalPort }}" diff --git a/charts/gitlab/charts/kas/templates/deployment.yaml b/charts/gitlab/charts/kas/templates/deployment.yaml index 6fc169f51e..b165b84cd4 100644 --- a/charts/gitlab/charts/kas/templates/deployment.yaml +++ b/charts/gitlab/charts/kas/templates/deployment.yaml @@ -88,9 +88,5 @@ spec: items: - key: {{ template "gitlab.kas.key" . }} path: .gitlab_kas_secret - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: .gitlab_redis_secret + {{- include "gitlab.redis.secrets" . | nindent 12 }} {{- end }} diff --git a/charts/gitlab/charts/kas/values.yaml b/charts/gitlab/charts/kas/values.yaml index 90619d4afa..febbfa3705 100644 --- a/charts/gitlab/charts/kas/values.yaml +++ b/charts/gitlab/charts/kas/values.yaml @@ -61,4 +61,9 @@ securityContext: runAsGroup: 65532 fsGroup: 65532 redis: +# sentinel: +# addresses: + # - localhost:6661 # required +# server: +# address: "localhost:6379" password: {} \ No newline at end of file -- GitLab From eb6d9fcbe71e4458926ce41bb733b3d1ae2d0bfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= Date: Mon, 1 Feb 2021 22:47:30 +0100 Subject: [PATCH 3/7] Plucks sentinels config into the redisMergedConfig --- templates/_redis.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_redis.tpl b/templates/_redis.tpl index f160dc7e29..9f85da3948 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -10,7 +10,7 @@ Build a dict of redis configuration {{- $_ := set $ "redisConfigName" (default "" $.redisConfigName) -}} {{- $_ := unset $ "redisMergedConfig" -}} {{- $_ := set $ "redisMergedConfig" (dict "redisConfigName" $.redisConfigName) -}} -{{- range $want := list "host" "port" "password" "scheme" -}} +{{- range $want := list "host" "port" "password" "scheme" "sentinels" -}} {{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}} {{- end -}} {{- range $key := keys $.Values.global.redis.password -}} -- GitLab From a7d6df972c161e791ad9b0736bc05fd9a0a57c18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= Date: Mon, 1 Feb 2021 22:48:17 +0100 Subject: [PATCH 4/7] Fix sentinel addresses for kas and some blank spaces --- charts/gitlab/charts/kas/templates/_helpers.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/charts/kas/templates/_helpers.tpl b/charts/gitlab/charts/kas/templates/_helpers.tpl index 1240ea55f9..adb86d367c 100644 --- a/charts/gitlab/charts/kas/templates/_helpers.tpl +++ b/charts/gitlab/charts/kas/templates/_helpers.tpl @@ -22,15 +22,15 @@ Build the structure describing sentinels {{- end -}} {{- include "gitlab.redis.configMerge" . -}} password_file: /etc/kas/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }} -{{ if not .redisMergedConfig.sentinels -}} +{{- if not .redisMergedConfig.sentinels }} server: address: {{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} -{{ else -}} +{{- else }} sentinel: master_name: {{ template "gitlab.redis.host" . }} addresses: {{- range $i, $entry := .redisMergedConfig.sentinels }} - - {{ quote (print "tcp://" (trim $entry.host) ":" ( default 26379 $entry.port | int ) ) -}} + - {{ quote (print (trim $entry.host) ":" ( default 26379 $entry.port | int ) ) -}} {{- end -}} {{- end -}} {{- end -}} \ No newline at end of file -- GitLab From 85dcc078051c2033f1c479b0358422f821a964ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= Date: Tue, 2 Feb 2021 15:06:14 +0100 Subject: [PATCH 5/7] Extract redis mergedConfig selection to a reusable tpl --- charts/gitlab/templates/_redis.tpl | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 6fc3a89bd6..5c6c7e37fd 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -64,11 +64,7 @@ Return the password section of the Redis URI, if needed. Build the structure describing sentinels */}} {{- define "gitlab.redis.sentinels" -}} -{{- if .redisConfigName }} -{{- $_ := set . "redisMergedConfig" ( index .Values.global.redis .redisConfigName ) -}} -{{- else -}} -{{- $_ := set . "redisMergedConfig" .Values.global.redis -}} -{{- end -}} +{{- include "gitlab.redis.selectedMergedConfig" . -}} {{- if .redisMergedConfig.sentinels -}} sentinels: {{- range $i, $entry := .redisMergedConfig.sentinels }} @@ -78,6 +74,15 @@ sentinels: {{- end -}} {{- end -}} +{{/*Set redisMergedConfig*/}} +{{- define "gitlab.redis.selectedMergedConfig" -}} +{{- if .redisConfigName }} +{{- $_ := set . "redisMergedConfig" ( index .Values.global.redis .redisConfigName ) -}} +{{- else -}} +{{- $_ := set . "redisMergedConfig" .Values.global.redis -}} +{{- end -}} +{{- end -}} + {{/* Return Sentinel list in format for Workhorse Note: Workhorse only uses the primary Redis (global.redis) -- GitLab From 69c64c5f7c7423c2805b2edf46b3ae572791dff0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= Date: Tue, 2 Feb 2021 15:06:58 +0100 Subject: [PATCH 6/7] Fix KAS Redis sentinel rendering --- charts/gitlab/charts/kas/templates/_helpers.tpl | 10 +++++----- templates/_redis.tpl | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/gitlab/charts/kas/templates/_helpers.tpl b/charts/gitlab/charts/kas/templates/_helpers.tpl index adb86d367c..48aeff9573 100644 --- a/charts/gitlab/charts/kas/templates/_helpers.tpl +++ b/charts/gitlab/charts/kas/templates/_helpers.tpl @@ -14,23 +14,23 @@ if there is a shared tls secret for all ingresses. {{- end -}} {{/* -Build the structure describing sentinels +Build Redis config for KAS */}} {{- define "kas.redis" -}} {{- if .Values.global.redis.sharedState -}} {{- $_ := set $ "redisConfigName" "sharedState" -}} {{- end -}} -{{- include "gitlab.redis.configMerge" . -}} +{{- include "gitlab.redis.selectedMergedConfig" . -}} password_file: /etc/kas/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }} {{- if not .redisMergedConfig.sentinels }} server: address: {{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} {{- else }} sentinel: - master_name: {{ template "gitlab.redis.host" . }} addresses: -{{- range $i, $entry := .redisMergedConfig.sentinels }} + {{- range $i, $entry := .redisMergedConfig.sentinels }} - {{ quote (print (trim $entry.host) ":" ( default 26379 $entry.port | int ) ) -}} -{{- end -}} + {{ end }} + master_name: {{ template "gitlab.redis.host" . }} {{- end -}} {{- end -}} \ No newline at end of file diff --git a/templates/_redis.tpl b/templates/_redis.tpl index 9f85da3948..f160dc7e29 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -10,7 +10,7 @@ Build a dict of redis configuration {{- $_ := set $ "redisConfigName" (default "" $.redisConfigName) -}} {{- $_ := unset $ "redisMergedConfig" -}} {{- $_ := set $ "redisMergedConfig" (dict "redisConfigName" $.redisConfigName) -}} -{{- range $want := list "host" "port" "password" "scheme" "sentinels" -}} +{{- range $want := list "host" "port" "password" "scheme" -}} {{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}} {{- end -}} {{- range $key := keys $.Values.global.redis.password -}} -- GitLab From 81171a886d6145db89c5fa5d7b1eeaa474d05499 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= Date: Tue, 2 Feb 2021 17:53:31 +0100 Subject: [PATCH 7/7] Adds specs to KAS redis config --- spec/configuration/kas_spec.rb | 94 +++++++++++++++++++++++++++++++++- 1 file changed, 92 insertions(+), 2 deletions(-) diff --git a/spec/configuration/kas_spec.rb b/spec/configuration/kas_spec.rb index ed377ad4ba..9591744c77 100644 --- a/spec/configuration/kas_spec.rb +++ b/spec/configuration/kas_spec.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true - require 'spec_helper' +require 'hash_deep_merge' require 'helm_template_helper' require 'yaml' @@ -15,7 +15,7 @@ describe 'kas configuration' do let(:custom_secret_name) { 'kas_custom_secret_name' } let(:custom_config) { {} } - let(:kas_values) do + let(:default_kas_values) do { 'gitlab' => { 'kas' => { @@ -34,6 +34,8 @@ describe 'kas configuration' do } end + let(:kas_values) { default_kas_values } + let(:required_resources) do %w[Deployment ConfigMap Ingress Service HorizontalPodAutoscaler PodDisruptionBudget] end @@ -187,6 +189,94 @@ describe 'kas configuration' do expect(config_yaml_data).to eq(custom_config) end end + + describe 'redis config' do + let(:sentinels) do + { + 'redis' => { + 'host' => 'global.host', + 'sentinels' => [ + { 'host' => 'sentinel1.example.com', 'port' => 26379 }, + { 'host' => 'sentinel2.example.com', 'port' => 26379 } + ] + } + } + end + + context 'when redisConfigName is empty' do + context 'when no sentinel is setup' do + it 'takes the global redis config' do + expect(config_yaml_data['redis']).to include( + "password_file" => "/etc/kas/redis/redis-password", + "server" => { "address" => "test-redis-master.default.svc:6379" }) + end + end + + context 'when sentinel is setup' do + let(:kas_values) do + vals = default_kas_values + vals['global'].deep_merge!(sentinels) + vals.deep_merge!('redis' => { 'install' => false }) + end + + it 'takes the global sentinel redis config' do + expect(config_yaml_data['redis']).to include( + { "sentinel" => { "addresses" => ["sentinel1.example.com:26379", "sentinel2.example.com:26379"], + "master_name" => "global.host" } }) + end + end + end + + context 'when a redis sharedState is setup' do + let(:kas_values) do + vals = default_kas_values + vals['global'].deep_merge!(redis_shared_state_config) + vals.deep_merge!('redis' => { 'install' => false }) + end + let(:redis_shared_state_config) do + { + 'redis' => { + 'host' => "global.host", + 'sharedState' => { + 'host' => "shared.redis", + 'port' => "6378", + 'password' => { + 'enabled' => true, + 'secret' => "shared-secret", + 'key' => "shared-key", + }, + 'sentinels' => sentinels + } + } + } + end + context 'when no sharedState sentinel is setup' do + context 'with no sentinels' do + let(:sentinels) { {} } + it 'configures a sharedState server config' do + expect(config_yaml_data['redis']).to include( + "password_file" => "/etc/kas/redis/sharedState-password", + "server" => { "address" => "shared.redis:6378" }) + end + end + end + + context 'when sharedState sentinel is setup' do + let(:sentinels) do + [ + { 'host' => 'sentinel1.shared.com', 'port' => 26379 }, + { 'host' => 'sentinel2.shared.com', 'port' => 26379 } + ] + end + + it 'configures a sharedState sentinel config' do + expect(config_yaml_data['redis']).to include( + "password_file" => "/etc/kas/redis/sharedState-password", + "sentinel" => { "addresses" => ["sentinel1.shared.com:26379", "sentinel2.shared.com:26379"], "master_name" => "shared.redis" }) + end + end + end + end end end end -- GitLab