From 547717ea6eeb017540796a589ccbde4b35bef98d Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Wed, 15 Apr 2020 17:16:33 -0400 Subject: [PATCH 01/14] Allow configuring multiple Redis instances From #1644 Allow configuration of multiple Redis instances, for splitting persistence classes. This implements the necessary configuration items, and templating of configuration and secrets. Currently, it is expected that if this configuration is used, all Redis instances will be external to this Helm chart. This means that we expect `redis.install` to be false, and all necessary queues to be individuall configured under `global.redis`. Side effects of this change: - ignorance of `.Values.redis`, in favor of `.Values.global.redis` - DRY-ification of `resque.yml` across all GitLab charts to a central template (`gitlab.rails.redis.resque`) - Secret mounting blocks are now rendered via `gitlab.redis.secrets`, which in turn consumes `gitlab.redis.secret` - Base implementation of ActionCable's `cable.yml` Questions remaining: - Does `gitlab/geo-logcursor` need all of these configurations? - Does `gitlab/gitlab-exporter` actually access Redis as configured? Documentation to be done: - Add additional Redis properties to documentation - Move Redis configuration documentation our of Unicorn - Add documentation of multiple Redis to doc/advanced/external-redis --- .../1644-support-multiple-redis.yml | 5 ++ .../geo-logcursor/templates/configmap.yml | 13 ++- .../geo-logcursor/templates/deployment.yaml | 8 +- .../gitlab-exporter/templates/deployment.yaml | 8 +- .../charts/migrations/templates/_jobspec.yaml | 8 +- .../migrations/templates/configmap.yaml | 9 +- .../charts/sidekiq/templates/configmap.yaml | 13 ++- .../charts/sidekiq/templates/deployment.yaml | 10 +-- .../task-runner/templates/backup-job.yaml | 8 +- .../task-runner/templates/configmap.yaml | 13 ++- .../task-runner/templates/deployment.yaml | 8 +- .../charts/unicorn/templates/configmap.yml | 15 ++-- .../charts/unicorn/templates/deployment.yaml | 8 +- charts/gitlab/templates/_rails.redis.tpl | 89 +++++++++++++++++++ charts/gitlab/templates/_redis.tpl | 75 +++++++++++++--- examples/redis/cache.yaml | 17 ++++ examples/redis/multiple.yaml | 38 ++++++++ examples/redis/sentinels.yaml | 8 ++ templates/_checkConfig.tpl | 19 ++++ templates/_redis.tpl | 12 ++- 20 files changed, 278 insertions(+), 106 deletions(-) create mode 100644 changelogs/unreleased/1644-support-multiple-redis.yml create mode 100644 charts/gitlab/templates/_rails.redis.tpl create mode 100644 examples/redis/cache.yaml create mode 100644 examples/redis/multiple.yaml create mode 100644 examples/redis/sentinels.yaml diff --git a/changelogs/unreleased/1644-support-multiple-redis.yml b/changelogs/unreleased/1644-support-multiple-redis.yml new file mode 100644 index 0000000000..2bf15c9679 --- /dev/null +++ b/changelogs/unreleased/1644-support-multiple-redis.yml @@ -0,0 +1,5 @@ +--- +title: Support configuration of multiple Redisinstances +merge_request: 1287 +author: +type: added diff --git a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml index f01bb8cb7b..b24a0784eb 100644 --- a/charts/gitlab/charts/geo-logcursor/templates/configmap.yml +++ b/charts/gitlab/charts/geo-logcursor/templates/configmap.yml @@ -29,14 +29,11 @@ data: {{- include "gitlab.geo.database.yml" . | nindent 4 }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - resque.yml.erb: | - production: - # Redis (single instance) - url: {{ template "gitlab.redis.url" . }} -{{- if .Values.global.redis.sentinels }} - {{- include "gitlab.redis.sentinels" . | nindent 6 }} -{{- end }} - id: + {{- include "gitlab.rails.redis.resque" . | nindent 2 }} + {{- include "gitlab.rails.redis.cache" . | nindent 2 }} + {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} + {{- include "gitlab.rails.redis.queues" . | nindent 2 }} + {{- include "gitlab.rails.redis.cable" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/geo-logcursor/templates/deployment.yaml b/charts/gitlab/charts/geo-logcursor/templates/deployment.yaml index 427fbca1e3..01d77fc6de 100644 --- a/charts/gitlab/charts/geo-logcursor/templates/deployment.yaml +++ b/charts/gitlab/charts/geo-logcursor/templates/deployment.yaml @@ -169,13 +169,7 @@ spec: items: - key: secrets.yml path: rails-secrets/secrets.yml - {{- if .Values.global.redis.password.enabled }} - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - {{- end }} + {{- include "gitlab.redis.secrets" . | nindent 10 }} - secret: name: {{ template "gitlab.psql.password.secret" . }} items: diff --git a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml index 240959bcf7..6840f72fad 100644 --- a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml @@ -123,13 +123,7 @@ spec: items: - key: {{ template "gitlab.psql.password.key" . }} path: postgres/psql-password - {{- if .Values.global.redis.password.enabled }} - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - {{- end }} + {{- include "gitlab.redis.secret" .| nindent 10 }} - name: gitlab-exporter-secrets emptyDir: medium: "Memory" diff --git a/charts/gitlab/charts/migrations/templates/_jobspec.yaml b/charts/gitlab/charts/migrations/templates/_jobspec.yaml index a49e33ae37..f97b9d3d44 100644 --- a/charts/gitlab/charts/migrations/templates/_jobspec.yaml +++ b/charts/gitlab/charts/migrations/templates/_jobspec.yaml @@ -119,13 +119,7 @@ spec: items: - key: {{ template "gitlab.gitaly.authToken.key" . }} path: gitaly/gitaly_token - {{- if .Values.global.redis.password.enabled }} - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - {{- end }} + {{- include "gitlab.redis.secrets" . | nindent 10 }} - secret: name: {{ template "gitlab.psql.password.secret" . }} items: diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index b7ed888db3..f29c28222c 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -27,14 +27,7 @@ data: database_geo.yml.erb: | {{- include "gitlab.geo.database.yml" $ | nindent 4 }} {{- end }} - resque.yml.erb: | - production: - # Redis (single instance) - url: {{ template "gitlab.redis.url" . }} -{{- if .Values.global.redis.sentinels }} - {{- include "gitlab.redis.sentinels" . | nindent 6 }} -{{- end }} - id: + {{- include "gitlab.rails.redis.resque" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index 84d071cd43..dfb4ac8bd1 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -31,14 +31,11 @@ data: {{- end }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - resque.yml.erb: | - production: - # Redis (single instance) - url: {{ template "gitlab.redis.url" . }} -{{- if .Values.global.redis.sentinels }} - {{- include "gitlab.redis.sentinels" . | nindent 6 }} -{{- end }} - id: + {{- include "gitlab.rails.redis.resque" . | nindent 2 }} + {{- include "gitlab.rails.redis.cache" . | nindent 2 }} + {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} + {{- include "gitlab.rails.redis.queues" . | nindent 2 }} + {{- include "gitlab.rails.redis.cable" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/charts/sidekiq/templates/deployment.yaml index c025e487d3..202d50f975 100644 --- a/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -11,8 +11,6 @@ {{- $nodeSelector := .Values.nodeSelector -}} {{- $minioEnabled := .Values.global.minio.enabled -}} {{- $minioSecret := include "gitlab.minio.credentials.secret" . -}} -{{- $redisSecret := include "gitlab.redis.password.secret" . -}} -{{- $redisKey := include "gitlab.redis.password.key" . -}} {{- $gitalySecret := include "gitlab.gitaly.authToken.secret" . -}} {{- $gitalyKey := include "gitlab.gitaly.authToken.key" . -}} {{- $railsSecretName := include "gitlab.rails-secrets.secret" . -}} @@ -284,13 +282,7 @@ spec: items: - key: {{ $gitalyKey }} path: gitaly/gitaly_token - {{- if $.Values.global.redis.password.enabled }} - - secret: - name: {{ $redisSecret }} - items: - - key: {{ $redisKey }} - path: redis/password - {{- end }} + {{- include "gitlab.redis.secrets" $ | nindent 10 }} - secret: name: {{ template "gitlab.psql.password.secret" $ }} items: diff --git a/charts/gitlab/charts/task-runner/templates/backup-job.yaml b/charts/gitlab/charts/task-runner/templates/backup-job.yaml index 2bb3321f11..d3e5b01afe 100644 --- a/charts/gitlab/charts/task-runner/templates/backup-job.yaml +++ b/charts/gitlab/charts/task-runner/templates/backup-job.yaml @@ -151,13 +151,7 @@ spec: items: - key: {{ template "gitlab.gitaly.authToken.key" . }} path: gitaly/gitaly_token - {{- if .Values.global.redis.password.enabled }} - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - {{- end }} + {{- include "gitlab.redis.secrets" . | nindent 16 }} - secret: name: {{ template "gitlab.psql.password.secret" . }} items: diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/task-runner/templates/configmap.yaml index 64c35e34e1..9a4980fc70 100644 --- a/charts/gitlab/charts/task-runner/templates/configmap.yaml +++ b/charts/gitlab/charts/task-runner/templates/configmap.yaml @@ -25,14 +25,11 @@ data: {{- end }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - resque.yml.erb: | - production: - # Redis (single instance) - url: {{ template "gitlab.redis.url" . }} -{{- if .Values.global.redis.sentinels }} - {{- include "gitlab.redis.sentinels" . | nindent 6 }} -{{- end }} - id: + {{- include "gitlab.rails.redis.resque" . | nindent 2 }} + {{- include "gitlab.rails.redis.cache" . | nindent 2 }} + {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} + {{- include "gitlab.rails.redis.queues" . | nindent 2 }} + {{- include "gitlab.rails.redis.cable" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/charts/task-runner/templates/deployment.yaml b/charts/gitlab/charts/task-runner/templates/deployment.yaml index bd800e451f..a16740d1a6 100644 --- a/charts/gitlab/charts/task-runner/templates/deployment.yaml +++ b/charts/gitlab/charts/task-runner/templates/deployment.yaml @@ -166,13 +166,7 @@ spec: items: - key: {{ template "gitlab.gitaly.authToken.key" . }} path: gitaly/gitaly_token - {{- if .Values.global.redis.password.enabled }} - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - {{- end }} + {{- include "gitlab.redis.secrets" . | nindent 10 }} - secret: name: {{ template "gitlab.psql.password.secret" . }} items: diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index a68e3d8e25..45d5818491 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -31,14 +31,11 @@ data: {{- end }} smtp_settings.rb: | {{- include "gitlab.smtp_settings" . | nindent 4 }} - resque.yml.erb: | - production: - # Redis (single instance) - url: {{ template "gitlab.redis.url" . }} -{{- if .Values.global.redis.sentinels }} - {{- include "gitlab.redis.sentinels" . | nindent 6 }} -{{- end }} - id: + {{- include "gitlab.rails.redis.resque" . | nindent 2 }} + {{- include "gitlab.rails.redis.cache" . | nindent 2 }} + {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} + {{- include "gitlab.rails.redis.queues" . | nindent 2 }} + {{- include "gitlab.rails.redis.cable" . | nindent 2 }} unicorn.rb: | # This file should be equivalent to `unicorn.rb` from: # * gitlab-foss: https://gitlab.com/gitlab-org/gitlab-foss/blob/master/config/unicorn.rb.example @@ -291,7 +288,7 @@ data: Sentinel = [ {{ template "gitlab.redis.workhorse.sentinel-list" . }} ] {{- end }} {{- if .Values.global.redis.password.enabled }} - Password = "<%= File.read("/etc/gitlab/redis/password").strip.dump[1..-2] %>" + Password = "<%= File.read("/etc/gitlab/redis/redis-password").strip.dump[1..-2] %>" {{- end }} configure: | set -e diff --git a/charts/gitlab/charts/unicorn/templates/deployment.yaml b/charts/gitlab/charts/unicorn/templates/deployment.yaml index 86553a3386..a8f8529e0e 100644 --- a/charts/gitlab/charts/unicorn/templates/deployment.yaml +++ b/charts/gitlab/charts/unicorn/templates/deployment.yaml @@ -309,13 +309,7 @@ spec: items: - key: {{ template "gitlab.gitaly.authToken.key" . }} path: gitaly/gitaly_token - {{- if .Values.global.redis.password.enabled }} - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password - {{- end }} + {{- include "gitlab.redis.secrets" . | nindent 10 }} - secret: name: {{ template "gitlab.psql.password.secret" . }} items: diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl new file mode 100644 index 0000000000..b51254894b --- /dev/null +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -0,0 +1,89 @@ +{{/* ######### Redis related templates for Rails consumption */}} + +{{- define "gitlab.rails.redis.yaml" -}} +{{- $name := default "resque" .redisConfigFile -}} +{{ $name }}.yml.erb: | + production: + url: {{ template "gitlab.redis.url" . }} + {{- if .Values.global.redis.sentinels }} + {{- include "gitlab.redis.sentinels" . | nindent 4 }} + {{- end }} + id: + {{- if eq (default "" .redisConfig) "actioncable" }} + adapter: redis + {{- if .Values.global.redis.actioncable.channelPrefix }} + channel_prefix: {{ .Values.global.redis.actioncable.channelPrefix }} + {{- end }} + {{- end }} +{{- end -}} + +{{- define "gitlab.rails.redis.resque" -}} +{{- $_ := set . "redisConfig" nil }} +{{- $_ := set . "redisConfigFile" nil }} +{{- include "gitlab.rails.redis.yaml" . -}} +{{- end -}} + +{{- define "gitlab.rails.redis.cache" -}} +{{- if .Values.global.redis.cache -}} +{{- $_ := set . "redisConfig" "cache" }} +{{- $_ := set . "redisConfigFile" "redis.cache" }} +{{- include "gitlab.rails.redis.yaml" . -}} +{{- $_ := set . "redisConfig" nil }} +{{- end -}} +{{- end -}} + +{{- define "gitlab.rails.redis.sharedState" -}} +{{- if .Values.global.redis.sharedState -}} +{{- $_ := set . "redisConfig" "sharedState" }} +{{- $_ := set . "redisConfigFile" "redis.shared_state" }} +{{- include "gitlab.rails.redis.yaml" . -}} +{{- $_ := set . "redisConfig" nil }} +{{- end -}} +{{- end -}} + +{{- define "gitlab.rails.redis.queues" -}} +{{- if .Values.global.redis.queues -}} +{{- $_ := set . "redisConfig" "queues" }} +{{- $_ := set . "redisConfigFile" "redis.queues" }} +{{- include "gitlab.rails.redis.yaml" . -}} +{{- $_ := set . "redisConfig" nil }} +{{- end -}} +{{- end -}} + +{{/* +cable.yml configuration +If no `global.redis.actioncable`, use `global.redis` +*/}} +{{- define "gitlab.rails.redis.cable" -}} +{{- if .Values.global.redis.actioncable -}} +{{- $_ := set . "redisConfig" "actioncable" }} +{{- end -}} +{{- $_ := set . "redisConfigFile" "cable" }} +{{- include "gitlab.rails.redis.yaml" . -}} +{{- $_ := set . "redisConfig" nil }} +{{- end -}} + +{{- define "gitlab.redis.secrets" -}} +{{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} +{{- if index $.Values.global.redis $redis -}} +{{- if index $.Values.global.redis $redis "password" -}} +{{- if index $.Values.global.redis $redis "password" "enabled" -}} +{{- $_ := set $ "redisConfig" $redis }} +{{ include "gitlab.redis.secret" $ }} +{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $_ := set . "redisConfig" nil }} +{{- if .Values.global.redis.password.enabled }} +{{ include "gitlab.redis.secret" . }} +{{- end }} +{{- end -}} + +{{- define "gitlab.redis.secret" -}} +- secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/{{ printf "%s-password" (default "redis" .redisConfig) }} +{{- end -}} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index f7ed199b24..bf5b53a59a 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -6,12 +6,16 @@ If the redis host is provided, it will use that, otherwise it will fallback to the service name */}} {{- define "gitlab.redis.host" -}} -{{- if or .Values.redis.host .Values.global.redis.host -}} -{{- coalesce .Values.redis.host .Values.global.redis.host -}} -{{- else -}} -{{- $name := default "redis" .Values.redis.serviceName -}} -{{- printf "%s-%s-master" .Release.Name $name -}} -{{- end -}} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- if .redisConfig -}} +{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- end -}} +{{- if .redisGlobal.host -}} +{{- .redisGlobal.host -}} +{{- else -}} +{{- $name := default "redis" .Values.redis.serviceName -}} +{{- printf "%s-%s-master" .Release.Name $name -}} +{{- end -}} {{- end -}} {{/* @@ -20,19 +24,27 @@ If the redis port is provided, it will use that, otherwise it will fallback to 6379 default */}} {{- define "gitlab.redis.port" -}} -{{- coalesce .Values.redis.port .Values.global.redis.port 6379 -}} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- if .redisConfig -}} +{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- end -}} +{{- default 6379 .redisGlobal.port -}} {{- end -}} {{/* Return the redis scheme, or redis. Allowing people to use rediss clusters */}} {{- define "gitlab.redis.scheme" -}} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- if .redisConfig -}} +{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- end -}} {{- $valid := list "redis" "rediss" "tcp" -}} -{{- $name := coalesce .Values.redis.scheme .Values.global.redis.scheme "redis" -}} +{{- $name := default .redisGlobal.scheme "redis" -}} {{- if has $name $valid -}} -{{ $name }} +{{ $name }} {{- else -}} -{{ cat "Invalid redis scheme" $name | fail }} +{{ cat "Invalid redis scheme" $name | fail }} {{- end -}} {{- end -}} @@ -40,20 +52,32 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters Return the redis url. */}} {{- define "gitlab.redis.url" -}} -{{ template "gitlab.redis.scheme" . }}://{{- if .Values.global.redis.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/password").strip) %>@{{- end -}}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- if .redisConfig -}} +{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- end -}} +{{ template "gitlab.redis.scheme" . }}://{{- if .redisGlobal.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfig) }}").strip) %>@{{- end -}}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} {{- end -}} {{/* Build the structure describing sentinels */}} {{- define "gitlab.redis.sentinels" -}} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- if .redisConfig -}} +{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- end -}} sentinels: -{{- range $i, $entry := .Values.global.redis.sentinels }} +{{- range $i, $entry := .redisGlobal.sentinels }} - host: {{ $entry.host }} port: {{ default 26379 $entry.port }} {{- end }} {{- end -}} +{{/* +Return Sentinel list in format for Workhorse +Note: Workhorse only uses the primary Redis (global.redis) +*/}} {{- define "gitlab.redis.workhorse.sentinel-list" }} {{- $sentinelList := list }} {{- range $i, $entry := .Values.global.redis.sentinels }} @@ -61,3 +85,30 @@ sentinels: {{- end }} {{- $sentinelList | join "," }} {{- end -}} + + + +{{- define "gitlab.redis.secrets" -}} +{{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} +{{- if index $.Values.global.redis $redis -}} +{{- if index $.Values.global.redis $redis "password" -}} +{{- if index $.Values.global.redis $redis "password" "enabled" -}} +{{- $_ := set $ "redisConfig" $redis }} +{{ include "gitlab.redis.secret" $ }} +{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $_ := set . "redisConfig" nil }} +{{- if .Values.global.redis.password.enabled }} +{{ include "gitlab.redis.secret" . }} +{{- end }} +{{- end -}} + +{{- define "gitlab.redis.secret" -}} +- secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/{{ printf "%s-password" (default "redis" .redisConfig) }} +{{- end -}} diff --git a/examples/redis/cache.yaml b/examples/redis/cache.yaml new file mode 100644 index 0000000000..f73c6de12c --- /dev/null +++ b/examples/redis/cache.yaml @@ -0,0 +1,17 @@ +redis: + install: false +global: + redis: + host: redis.example + port: 9001 + password: + enabled: true + secret: redis-secret + key: redis-password + cache: + host: cache.redis.example + port: 9002 + password: + enabled: true + secret: cache-secret + key: cache-password diff --git a/examples/redis/multiple.yaml b/examples/redis/multiple.yaml new file mode 100644 index 0000000000..42e7d14721 --- /dev/null +++ b/examples/redis/multiple.yaml @@ -0,0 +1,38 @@ +redis: + install: false +global: + redis: + host: redis.example + port: 9001 + password: + enabled: true + secret: redis-secret + key: redis-password + cache: + host: cache.redis.example + port: 9002 + password: + enabled: true + secret: cache-secret + key: cache-password + sharedState: + host: shared.redis.example + port: 9003 + password: + enabled: true + secret: shared-secret + key: shared-password + queues: + host: queues.redis.example + port: 9004 + password: + enabled: true + secret: queues-secret + key: queues-password + actioncable: + host: cable.redis.example + port: 9005 + password: + enabled: true + secret: cable-secret + key: cable-password diff --git a/examples/redis/sentinels.yaml b/examples/redis/sentinels.yaml new file mode 100644 index 0000000000..a6ded9dc6a --- /dev/null +++ b/examples/redis/sentinels.yaml @@ -0,0 +1,8 @@ +redis: + install: false +global: + redis: + host: redis.example + sentinels: + - host: s1.redis.example + - host: s2.redis.example diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index f377e6300e..4dba1e61d2 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -31,6 +31,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages := append $messages (include "gitlab.checkConfig.geo.database" .) -}} {{- $messages := append $messages (include "gitlab.checkConfig.geo.secondary.database" .) -}} {{- $messages := append $messages (include "gitlab.task-runner.replicas" .) -}} +{{- $messages := append $messages (include "gitlab.checkConfig.multipleRedis" .) -}} {{- /* prepare output */}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} @@ -139,3 +140,21 @@ task-runner: replicas is greater than 1, with persistence enabled. {{- end -}} {{- end -}} {{/* END gitlab.task-runner.replicas */}} + +{{/* +Ensure that `redis.install: false` if configuring multiple Redis instances +*/}} +{{- define "gitlab.checkConfig.multipleRedis" -}} +{{/* "cache" "sharedState" "queues" "actioncable" */}} +{{- $x := dict "count" 0 -}} +{{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} +{{- if hasKey $.Values.global.redis $redis -}} +{{- $_ := set $x "count" ( add1 $x.count ) -}} +{{- end -}} +{{- end -}} +{{- if and .Values.redis.install ( $x.count | lt 0 ) }} +redis: + If configuring multiple Redis servers, you can not use the in-chart Redis server. Please see https://docs.gitlab.com/charts/charts/globals#configure-redis-settings +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.multipleRedis */}} diff --git a/templates/_redis.tpl b/templates/_redis.tpl index bb5b09a3bc..84c8ebc23f 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -7,12 +7,20 @@ This define is not currently used, but left in place for when the a dynamic secret name can be specified to the Redis chart. */}} {{- define "gitlab.redis.password.secret" -}} -{{- default (printf "%s-redis-secret" .Release.Name) .Values.global.redis.password.secret | quote -}} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- if .redisConfig -}} +{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- end -}} +{{- coalesce .redisGlobal.password.secret .Values.global.redis.password.secret (printf "%s-redis-secret" .Release.Name) | quote -}} {{- end -}} {{/* Return the redis password secret key */}} {{- define "gitlab.redis.password.key" -}} -{{- coalesce .Values.global.redis.password.key "secret" | quote -}} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- if .redisConfig -}} +{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- end -}} +{{- coalesce .redisGlobal.password.key .Values.global.redis.password.key "secret" | quote -}} {{- end -}} -- GitLab From 8699fdbbef77b5df16cf700d5cbcdcc15d602132 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Thu, 16 Apr 2020 17:59:34 -0400 Subject: [PATCH 02/14] Multi-Redis: allow inheritance of settings from global.redis Managing inheritance was something we should have looked into earlier. The initial implementation had a hard requiremente to provide all settings on a per-node basis, as opposed to allowing each Redis config node to inherit from the global if settings were not present. Changes made here allow us to build from the `global.redis.*` when not all properties of `global.redis.queue.*` are populated. This saves needless re-entering of values such as password secrets. Note: Explicitly left out of this are the Sentinel configurations. --- charts/gitlab/templates/_rails.redis.tpl | 13 ++++----- charts/gitlab/templates/_redis.tpl | 34 +++++++++++------------- templates/_redis.tpl | 10 ++----- 3 files changed, 22 insertions(+), 35 deletions(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index b51254894b..411d9a0860 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -65,14 +65,11 @@ If no `global.redis.actioncable`, use `global.redis` {{- define "gitlab.redis.secrets" -}} {{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} -{{- if index $.Values.global.redis $redis -}} -{{- if index $.Values.global.redis $redis "password" -}} -{{- if index $.Values.global.redis $redis "password" "enabled" -}} -{{- $_ := set $ "redisConfig" $redis }} -{{ include "gitlab.redis.secret" $ }} -{{- end }} -{{- end -}} -{{- end -}} +{{- $config := mustMergeOverwrite (pick (deepCopy $.Values.global.redis) "password" ) ( index $.Values.global.redis $redis )}} +{{- if $config.password.enabled -}} +{{- $_ := set $ "redisConfig" $redis }} +{{ include "gitlab.redis.secret" $ }} +{{- end }} {{- end -}} {{- $_ := set . "redisConfig" nil }} {{- if .Values.global.redis.password.enabled }} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index bf5b53a59a..1921f8c0d0 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -6,10 +6,7 @@ If the redis host is provided, it will use that, otherwise it will fallback to the service name */}} {{- define "gitlab.redis.host" -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} -{{- if .redisConfig -}} -{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} -{{- end -}} +{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "host" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- if .redisGlobal.host -}} {{- .redisGlobal.host -}} {{- else -}} @@ -24,10 +21,7 @@ If the redis port is provided, it will use that, otherwise it will fallback to 6379 default */}} {{- define "gitlab.redis.port" -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} -{{- if .redisConfig -}} -{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} -{{- end -}} +{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "port" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- default 6379 .redisGlobal.port -}} {{- end -}} @@ -35,10 +29,7 @@ to 6379 default Return the redis scheme, or redis. Allowing people to use rediss clusters */}} {{- define "gitlab.redis.scheme" -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} -{{- if .redisConfig -}} -{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} -{{- end -}} +{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "scheme" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- $valid := list "redis" "rediss" "tcp" -}} {{- $name := default .redisGlobal.scheme "redis" -}} {{- if has $name $valid -}} @@ -52,20 +43,25 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters Return the redis url. */}} {{- define "gitlab.redis.url" -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} -{{- if .redisConfig -}} -{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} {{- end -}} -{{ template "gitlab.redis.scheme" . }}://{{- if .redisGlobal.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfig) }}").strip) %>@{{- end -}}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} + +{{/* +Return the password section of the Redis URI, if needed. +*/}} +{{- define "gitlab.redis.url.password" -}} +{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- if .redisGlobal.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfig) }}").strip) %>@{{- end -}} {{- end -}} {{/* Build the structure describing sentinels */}} {{- define "gitlab.redis.sentinels" -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} -{{- if .redisConfig -}} -{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} +{{- if .redisConfig }} +{{- $_ := set . "redisGlobal" ( index .Values.global.redis .redisConfig ) -}} +{{- else -}} +{{- $_ := set . "redisGlobal" .Values.global.redis -}} {{- end -}} sentinels: {{- range $i, $entry := .redisGlobal.sentinels }} diff --git a/templates/_redis.tpl b/templates/_redis.tpl index 84c8ebc23f..f26a558a28 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -7,10 +7,7 @@ This define is not currently used, but left in place for when the a dynamic secret name can be specified to the Redis chart. */}} {{- define "gitlab.redis.password.secret" -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} -{{- if .redisConfig -}} -{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} -{{- end -}} +{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- coalesce .redisGlobal.password.secret .Values.global.redis.password.secret (printf "%s-redis-secret" .Release.Name) | quote -}} {{- end -}} @@ -18,9 +15,6 @@ a dynamic secret name can be specified to the Redis chart. Return the redis password secret key */}} {{- define "gitlab.redis.password.key" -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} -{{- if .redisConfig -}} -{{- $_ := set . "redisGlobal" (index .Values.global.redis .redisConfig) -}} -{{- end -}} +{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- coalesce .redisGlobal.password.key .Values.global.redis.password.key "secret" | quote -}} {{- end -}} -- GitLab From c6df0b50c925c3f3370ffb0b80834df4d16c363e Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Thu, 16 Apr 2020 18:21:12 -0400 Subject: [PATCH 03/14] Multi-Redis: fix mailroom and workhorse secrets configuration - Workhorse: fix the init script - mailroom: mount the correct secret path --- charts/gitlab/charts/mailroom/templates/deployment.yaml | 2 +- charts/gitlab/charts/unicorn/templates/configmap.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/mailroom/templates/deployment.yaml b/charts/gitlab/charts/mailroom/templates/deployment.yaml index 303e22481c..d6008500d6 100644 --- a/charts/gitlab/charts/mailroom/templates/deployment.yaml +++ b/charts/gitlab/charts/mailroom/templates/deployment.yaml @@ -115,7 +115,7 @@ spec: name: {{ template "gitlab.redis.password.secret" . }} items: - key: {{ template "gitlab.redis.password.key" . }} - path: redis/password + path: redis/redis-password {{- end }} - secret: name: {{ .Values.global.appConfig.incomingEmail.password.secret | required "Missing required secret containing the IMAP password for incoming email. Make sure to set `global.appConfig.incomingEmail.password.secret`" }} diff --git a/charts/gitlab/charts/unicorn/templates/configmap.yml b/charts/gitlab/charts/unicorn/templates/configmap.yml index 45d5818491..b06877a249 100644 --- a/charts/gitlab/charts/unicorn/templates/configmap.yml +++ b/charts/gitlab/charts/unicorn/templates/configmap.yml @@ -296,7 +296,7 @@ data: cp -v -r -L /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret {{- if .Values.global.redis.password.enabled }} mkdir -p /init-secrets-workhorse/redis - cp -v -r -L /init-config/redis/password /init-secrets-workhorse/redis/ + cp -v -r -L /init-config/redis/redis-password /init-secrets-workhorse/redis/ {{- end }} # Leave this here - This line denotes end of block to the parser. {{- end }} -- GitLab From a06b2a5670336d043858862db307ba1c76ce063f Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Thu, 16 Apr 2020 19:00:32 -0400 Subject: [PATCH 04/14] Multi-Redis: use mergeOverwrite for compatbility with Helm v2.16 Helm v2.16 does not support `mustMergeOverwrite`, but does support `mergeOverwrite`. --- charts/gitlab/templates/_rails.redis.tpl | 2 +- charts/gitlab/templates/_redis.tpl | 8 ++++---- templates/_redis.tpl | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 411d9a0860..1928db31c2 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -65,7 +65,7 @@ If no `global.redis.actioncable`, use `global.redis` {{- define "gitlab.redis.secrets" -}} {{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} -{{- $config := mustMergeOverwrite (pick (deepCopy $.Values.global.redis) "password" ) ( index $.Values.global.redis $redis )}} +{{- $config := mergeOverwrite (pick (deepCopy $.Values.global.redis) "password" ) ( index $.Values.global.redis $redis )}} {{- if $config.password.enabled -}} {{- $_ := set $ "redisConfig" $redis }} {{ include "gitlab.redis.secret" $ }} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 1921f8c0d0..3e8f6bcaec 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -6,7 +6,7 @@ If the redis host is provided, it will use that, otherwise it will fallback to the service name */}} {{- define "gitlab.redis.host" -}} -{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "host" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "host" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- if .redisGlobal.host -}} {{- .redisGlobal.host -}} {{- else -}} @@ -21,7 +21,7 @@ If the redis port is provided, it will use that, otherwise it will fallback to 6379 default */}} {{- define "gitlab.redis.port" -}} -{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "port" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "port" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- default 6379 .redisGlobal.port -}} {{- end -}} @@ -29,7 +29,7 @@ to 6379 default Return the redis scheme, or redis. Allowing people to use rediss clusters */}} {{- define "gitlab.redis.scheme" -}} -{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "scheme" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "scheme" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- $valid := list "redis" "rediss" "tcp" -}} {{- $name := default .redisGlobal.scheme "redis" -}} {{- if has $name $valid -}} @@ -50,7 +50,7 @@ Return the redis url. Return the password section of the Redis URI, if needed. */}} {{- define "gitlab.redis.url.password" -}} -{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- if .redisGlobal.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfig) }}").strip) %>@{{- end -}} {{- end -}} diff --git a/templates/_redis.tpl b/templates/_redis.tpl index f26a558a28..fb285c5247 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -7,7 +7,7 @@ This define is not currently used, but left in place for when the a dynamic secret name can be specified to the Redis chart. */}} {{- define "gitlab.redis.password.secret" -}} -{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- coalesce .redisGlobal.password.secret .Values.global.redis.password.secret (printf "%s-redis-secret" .Release.Name) | quote -}} {{- end -}} @@ -15,6 +15,6 @@ a dynamic secret name can be specified to the Redis chart. Return the redis password secret key */}} {{- define "gitlab.redis.password.key" -}} -{{- $_ := set . "redisGlobal" ( mustMergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} {{- coalesce .redisGlobal.password.key .Values.global.redis.password.key "secret" | quote -}} {{- end -}} -- GitLab From 4ad63f7eb6e2295cd9e6731680c14c02e18c9490 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 17 Apr 2020 17:17:27 -0400 Subject: [PATCH 05/14] Multi-Redis: refactor to support older Helm versions Refactor to make use of a custom template handling the merge of Redis configurations. Older Helm verions to not include the necessary parts of Sprig needed for the original behavior. Now: walk the settings for the desired items, using pluck to inherit from `global.redis` where `global.redis.x` does not have the property. This method also allows for nil / false returns, so we don't break any defaulting behaviors already in place, nor have to implement them within the range walk. Compatible with Helm v2.14, v2.16, v3.0, v3.1, and v3.2.0-rc1 --- charts/gitlab/templates/_rails.redis.tpl | 20 +++++++++---------- charts/gitlab/templates/_redis.tpl | 10 +++++----- templates/_redis.tpl | 25 ++++++++++++++++++++++-- 3 files changed, 38 insertions(+), 17 deletions(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 1928db31c2..78abab3e29 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -18,8 +18,8 @@ {{- end -}} {{- define "gitlab.rails.redis.resque" -}} -{{- $_ := set . "redisConfig" nil }} -{{- $_ := set . "redisConfigFile" nil }} +{{- $_ := set . "redisConfig" "" }} +{{- $_ := set . "redisConfigFile" "" }} {{- include "gitlab.rails.redis.yaml" . -}} {{- end -}} @@ -28,7 +28,7 @@ {{- $_ := set . "redisConfig" "cache" }} {{- $_ := set . "redisConfigFile" "redis.cache" }} {{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" nil }} +{{- $_ := set . "redisConfig" "" }} {{- end -}} {{- end -}} @@ -37,7 +37,7 @@ {{- $_ := set . "redisConfig" "sharedState" }} {{- $_ := set . "redisConfigFile" "redis.shared_state" }} {{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" nil }} +{{- $_ := set . "redisConfig" "" }} {{- end -}} {{- end -}} @@ -46,7 +46,7 @@ {{- $_ := set . "redisConfig" "queues" }} {{- $_ := set . "redisConfigFile" "redis.queues" }} {{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" nil }} +{{- $_ := set . "redisConfig" "" }} {{- end -}} {{- end -}} @@ -60,18 +60,18 @@ If no `global.redis.actioncable`, use `global.redis` {{- end -}} {{- $_ := set . "redisConfigFile" "cable" }} {{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" nil }} +{{- $_ := set . "redisConfig" "" }} {{- end -}} {{- define "gitlab.redis.secrets" -}} {{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} -{{- $config := mergeOverwrite (pick (deepCopy $.Values.global.redis) "password" ) ( index $.Values.global.redis $redis )}} -{{- if $config.password.enabled -}} -{{- $_ := set $ "redisConfig" $redis }} +{{- $_ := set $ "redisConfig" $redis -}} +{{- include "gitlab.redis.configMerge" $ -}} +{{- if $.redisGlobal.password.enabled }} {{ include "gitlab.redis.secret" $ }} {{- end }} {{- end -}} -{{- $_ := set . "redisConfig" nil }} +{{- $_ := set . "redisConfig" "" }} {{- if .Values.global.redis.password.enabled }} {{ include "gitlab.redis.secret" . }} {{- end }} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 3e8f6bcaec..afbde0b8c0 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -6,7 +6,7 @@ If the redis host is provided, it will use that, otherwise it will fallback to the service name */}} {{- define "gitlab.redis.host" -}} -{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "host" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- include "gitlab.redis.configMerge" . -}} {{- if .redisGlobal.host -}} {{- .redisGlobal.host -}} {{- else -}} @@ -21,7 +21,7 @@ If the redis port is provided, it will use that, otherwise it will fallback to 6379 default */}} {{- define "gitlab.redis.port" -}} -{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "port" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- include "gitlab.redis.configMerge" . -}} {{- default 6379 .redisGlobal.port -}} {{- end -}} @@ -29,7 +29,7 @@ to 6379 default Return the redis scheme, or redis. Allowing people to use rediss clusters */}} {{- define "gitlab.redis.scheme" -}} -{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "scheme" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- include "gitlab.redis.configMerge" . -}} {{- $valid := list "redis" "rediss" "tcp" -}} {{- $name := default .redisGlobal.scheme "redis" -}} {{- if has $name $valid -}} @@ -50,7 +50,7 @@ Return the redis url. Return the password section of the Redis URI, if needed. */}} {{- define "gitlab.redis.url.password" -}} -{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- include "gitlab.redis.configMerge" . -}} {{- if .redisGlobal.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfig) }}").strip) %>@{{- end -}} {{- end -}} @@ -95,7 +95,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- end -}} {{- end -}} {{- end -}} -{{- $_ := set . "redisConfig" nil }} +{{- $_ := set . "redisConfig" "" }} {{- if .Values.global.redis.password.enabled }} {{ include "gitlab.redis.secret" . }} {{- end }} diff --git a/templates/_redis.tpl b/templates/_redis.tpl index fb285c5247..a9e983906c 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -1,4 +1,25 @@ {{/* ######### Redis related templates */}} +{{ $_ := set $ "redisConfig" "" }} +{{ $_ := set $ "redisGlobal" (dict "redisConfig" "bogus") }} +{{/* +Build a dict of redis configuration + +- inherit from global.redis, all but sentinels +- use values within children, if they exist, even if "empty" +*/}} +{{- define "gitlab.redis.configMerge" -}} +{{- $_ := set $ "redisConfig" (default "" $.redisConfig) -}} +{{/* # prevent repeat operations -- default mess is to handle `.redisGlobal` not existing yet */}} +{{- if or (not $.redisGlobal) (ne (default "" $.redisConfig) (default "" (index (default (dict) $.redisGlobal) "redisConfig") )) -}} +{{/* # reset, preventing pollution. stashing the .redisConfig used to make this */}} +{{- $_ := set . "redisGlobal" (dict "redisConfig" $.redisConfig) -}} +{{- range $want := list "host" "port" "password" "scheme" -}} +{{- $_ := set $.redisGlobal $want (pluck $want (index $.Values.global.redis $.redisConfig) $.Values.global.redis | first) -}} +{{- end -}} +{{- else -}} +{{/* printf "gitlab.redis.configMerge: %s - %s" $.redisConfig (toJson $.redisGlobal) | fail */}} +{{- end -}} +{{- end -}} {{/* Return the redis password secret name @@ -7,7 +28,7 @@ This define is not currently used, but left in place for when the a dynamic secret name can be specified to the Redis chart. */}} {{- define "gitlab.redis.password.secret" -}} -{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- include "gitlab.redis.configMerge" . -}} {{- coalesce .redisGlobal.password.secret .Values.global.redis.password.secret (printf "%s-redis-secret" .Release.Name) | quote -}} {{- end -}} @@ -15,6 +36,6 @@ a dynamic secret name can be specified to the Redis chart. Return the redis password secret key */}} {{- define "gitlab.redis.password.key" -}} -{{- $_ := set . "redisGlobal" ( mergeOverwrite (pick (deepCopy .Values.global.redis) "password" ) ( index .Values.global.redis (default "" .redisConfig) ) ) -}} +{{- include "gitlab.redis.configMerge" . -}} {{- coalesce .redisGlobal.password.key .Values.global.redis.password.key "secret" | quote -}} {{- end -}} -- GitLab From 06bc7c05f195147e2401ceb70672197c560b4ca6 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 17 Apr 2020 22:51:38 -0400 Subject: [PATCH 06/14] Multi-Redis: alterations based on feedback - Cleanup mailroom volume secret template - Remove duplicate functions - Rename .redisConfig to .redisConfigName - Rename .redisGlobal to .redisMergedConfig - Relocate calls to set .redisConfigName to "" - Use dict passing context to gitlab.rails.redis.yaml --- .../gitlab-exporter/templates/deployment.yaml | 2 +- .../charts/mailroom/templates/deployment.yaml | 8 +-- charts/gitlab/templates/_rails.redis.tpl | 71 ++++++------------- charts/gitlab/templates/_redis.tpl | 37 +++++----- templates/_redis.tpl | 27 ++++--- 5 files changed, 52 insertions(+), 93 deletions(-) diff --git a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml index 6840f72fad..41e8ee8921 100644 --- a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml @@ -123,7 +123,7 @@ spec: items: - key: {{ template "gitlab.psql.password.key" . }} path: postgres/psql-password - {{- include "gitlab.redis.secret" .| nindent 10 }} + {{- include "gitlab.redis.secret" . | nindent 10 }} - name: gitlab-exporter-secrets emptyDir: medium: "Memory" diff --git a/charts/gitlab/charts/mailroom/templates/deployment.yaml b/charts/gitlab/charts/mailroom/templates/deployment.yaml index d6008500d6..f95ec24714 100644 --- a/charts/gitlab/charts/mailroom/templates/deployment.yaml +++ b/charts/gitlab/charts/mailroom/templates/deployment.yaml @@ -110,13 +110,7 @@ spec: projected: defaultMode: 0400 sources: - {{- if .Values.global.redis.password.enabled }} - - secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/redis-password - {{- end }} + {{- include "gitlab.redis.secret" . | nindent 10 }} - secret: name: {{ .Values.global.appConfig.incomingEmail.password.secret | required "Missing required secret containing the IMAP password for incoming email. Make sure to set `global.appConfig.incomingEmail.password.secret`" }} items: diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 78abab3e29..4291604ab2 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -1,52 +1,49 @@ {{/* ######### Redis related templates for Rails consumption */}} +{{/* +Render a Redis `resque` format configuration for Rails. +Input: dict "context" $ "name" string +*/}} {{- define "gitlab.rails.redis.yaml" -}} -{{- $name := default "resque" .redisConfigFile -}} -{{ $name }}.yml.erb: | +{{ .name }}.yml.erb: | production: - url: {{ template "gitlab.redis.url" . }} - {{- if .Values.global.redis.sentinels }} - {{- include "gitlab.redis.sentinels" . | nindent 4 }} + url: {{ template "gitlab.redis.url" .context }} + {{- if .context.Values.global.redis.sentinels }} + {{- include "gitlab.redis.sentinels" .context | nindent 4 }} {{- end }} id: - {{- if eq (default "" .redisConfig) "actioncable" }} + {{- if eq .name "cable" }} adapter: redis - {{- if .Values.global.redis.actioncable.channelPrefix }} - channel_prefix: {{ .Values.global.redis.actioncable.channelPrefix }} + {{- if .context.Values.global.redis.actioncable.channelPrefix }} + channel_prefix: {{ .context.Values.global.redis.actioncable.channelPrefix }} {{- end }} {{- end }} +{{- $_ := set . "redisConfigName" "" }} {{- end -}} {{- define "gitlab.rails.redis.resque" -}} -{{- $_ := set . "redisConfig" "" }} -{{- $_ := set . "redisConfigFile" "" }} -{{- include "gitlab.rails.redis.yaml" . -}} +{{- $_ := set . "redisConfigName" "" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" . "name" "resque") -}} {{- end -}} {{- define "gitlab.rails.redis.cache" -}} {{- if .Values.global.redis.cache -}} -{{- $_ := set . "redisConfig" "cache" }} -{{- $_ := set . "redisConfigFile" "redis.cache" }} -{{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" "" }} +{{- $_ := set . "redisConfigName" "cache" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cache") -}} {{- end -}} {{- end -}} {{- define "gitlab.rails.redis.sharedState" -}} {{- if .Values.global.redis.sharedState -}} -{{- $_ := set . "redisConfig" "sharedState" }} -{{- $_ := set . "redisConfigFile" "redis.shared_state" }} -{{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" "" }} +{{- $_ := set . "redisConfigName" "sharedState" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" . "name" "redis.shared_state") -}} {{- end -}} {{- end -}} {{- define "gitlab.rails.redis.queues" -}} {{- if .Values.global.redis.queues -}} -{{- $_ := set . "redisConfig" "queues" }} -{{- $_ := set . "redisConfigFile" "redis.queues" }} -{{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" "" }} +{{- $_ := set . "redisConfigName" "queues" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.queues") -}} {{- end -}} {{- end -}} @@ -56,31 +53,7 @@ If no `global.redis.actioncable`, use `global.redis` */}} {{- define "gitlab.rails.redis.cable" -}} {{- if .Values.global.redis.actioncable -}} -{{- $_ := set . "redisConfig" "actioncable" }} +{{- $_ := set . "redisConfigName" "actioncable" }} {{- end -}} -{{- $_ := set . "redisConfigFile" "cable" }} -{{- include "gitlab.rails.redis.yaml" . -}} -{{- $_ := set . "redisConfig" "" }} -{{- end -}} - -{{- define "gitlab.redis.secrets" -}} -{{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} -{{- $_ := set $ "redisConfig" $redis -}} -{{- include "gitlab.redis.configMerge" $ -}} -{{- if $.redisGlobal.password.enabled }} -{{ include "gitlab.redis.secret" $ }} -{{- end }} -{{- end -}} -{{- $_ := set . "redisConfig" "" }} -{{- if .Values.global.redis.password.enabled }} -{{ include "gitlab.redis.secret" . }} -{{- end }} -{{- end -}} - -{{- define "gitlab.redis.secret" -}} -- secret: - name: {{ template "gitlab.redis.password.secret" . }} - items: - - key: {{ template "gitlab.redis.password.key" . }} - path: redis/{{ printf "%s-password" (default "redis" .redisConfig) }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "cable") -}} {{- end -}} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index afbde0b8c0..3fde6cb3bd 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -7,8 +7,8 @@ to the service name */}} {{- define "gitlab.redis.host" -}} {{- include "gitlab.redis.configMerge" . -}} -{{- if .redisGlobal.host -}} -{{- .redisGlobal.host -}} +{{- if .redisMergedConfig.host -}} +{{- .redisMergedConfig.host -}} {{- else -}} {{- $name := default "redis" .Values.redis.serviceName -}} {{- printf "%s-%s-master" .Release.Name $name -}} @@ -22,7 +22,7 @@ to 6379 default */}} {{- define "gitlab.redis.port" -}} {{- include "gitlab.redis.configMerge" . -}} -{{- default 6379 .redisGlobal.port -}} +{{- default 6379 .redisMergedConfig.port -}} {{- end -}} {{/* @@ -31,7 +31,7 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters {{- define "gitlab.redis.scheme" -}} {{- include "gitlab.redis.configMerge" . -}} {{- $valid := list "redis" "rediss" "tcp" -}} -{{- $name := default .redisGlobal.scheme "redis" -}} +{{- $name := default .redisMergedConfig.scheme "redis" -}} {{- if has $name $valid -}} {{ $name }} {{- else -}} @@ -51,20 +51,20 @@ Return the password section of the Redis URI, if needed. */}} {{- define "gitlab.redis.url.password" -}} {{- include "gitlab.redis.configMerge" . -}} -{{- if .redisGlobal.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfig) }}").strip) %>@{{- end -}} +{{- if .redisMergedConfig.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %>@{{- end -}} {{- end -}} {{/* Build the structure describing sentinels */}} {{- define "gitlab.redis.sentinels" -}} -{{- if .redisConfig }} -{{- $_ := set . "redisGlobal" ( index .Values.global.redis .redisConfig ) -}} +{{- if .redisConfigName }} +{{- $_ := set . "redisMergedConfig" ( index .Values.global.redis .redisConfigName ) -}} {{- else -}} -{{- $_ := set . "redisGlobal" .Values.global.redis -}} +{{- $_ := set . "redisMergedConfig" .Values.global.redis -}} {{- end -}} sentinels: -{{- range $i, $entry := .redisGlobal.sentinels }} +{{- range $i, $entry := .redisMergedConfig.sentinels }} - host: {{ $entry.host }} port: {{ default 26379 $entry.port }} {{- end }} @@ -82,20 +82,15 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- $sentinelList | join "," }} {{- end -}} - - {{- define "gitlab.redis.secrets" -}} {{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} -{{- if index $.Values.global.redis $redis -}} -{{- if index $.Values.global.redis $redis "password" -}} -{{- if index $.Values.global.redis $redis "password" "enabled" -}} -{{- $_ := set $ "redisConfig" $redis }} -{{ include "gitlab.redis.secret" $ }} -{{- end }} -{{- end -}} -{{- end -}} +{{- $_ := set $ "redisConfigName" $redis -}} +{{- include "gitlab.redis.configMerge" $ -}} +{{- if $.redisMergedConfig.password.enabled }} +{{ include "gitlab.redis.secret" $ }} +{{- end }} {{- end -}} -{{- $_ := set . "redisConfig" "" }} +{{- $_ := set . "redisConfigName" "" }} {{- if .Values.global.redis.password.enabled }} {{ include "gitlab.redis.secret" . }} {{- end }} @@ -106,5 +101,5 @@ Note: Workhorse only uses the primary Redis (global.redis) name: {{ template "gitlab.redis.password.secret" . }} items: - key: {{ template "gitlab.redis.password.key" . }} - path: redis/{{ printf "%s-password" (default "redis" .redisConfig) }} + path: redis/{{ printf "%s-password" (default "redis" .redisConfigName) }} {{- end -}} diff --git a/templates/_redis.tpl b/templates/_redis.tpl index a9e983906c..3477a08202 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -1,6 +1,5 @@ {{/* ######### Redis related templates */}} -{{ $_ := set $ "redisConfig" "" }} -{{ $_ := set $ "redisGlobal" (dict "redisConfig" "bogus") }} + {{/* Build a dict of redis configuration @@ -8,28 +7,26 @@ Build a dict of redis configuration - use values within children, if they exist, even if "empty" */}} {{- define "gitlab.redis.configMerge" -}} -{{- $_ := set $ "redisConfig" (default "" $.redisConfig) -}} -{{/* # prevent repeat operations -- default mess is to handle `.redisGlobal` not existing yet */}} -{{- if or (not $.redisGlobal) (ne (default "" $.redisConfig) (default "" (index (default (dict) $.redisGlobal) "redisConfig") )) -}} -{{/* # reset, preventing pollution. stashing the .redisConfig used to make this */}} -{{- $_ := set . "redisGlobal" (dict "redisConfig" $.redisConfig) -}} +{{- $_ := set $ "redisConfigName" (default "" $.redisConfigName) -}} +{{/* # prevent repeat operations + # -- check if redisConfigName is the current populated content in .redisMergedConfig */}} +{{- if or (not $.redisMergedConfig) (ne (default "" $.redisConfigName) (default "" (index (default (dict) $.redisMergedConfig) "redisConfigName") )) -}} +{{/* # reset, preventing pollution. stashing the .redisConfigName used to make this */}} +{{- $_ := set . "redisMergedConfig" (dict "redisConfigName" $.redisConfigName) -}} {{- range $want := list "host" "port" "password" "scheme" -}} -{{- $_ := set $.redisGlobal $want (pluck $want (index $.Values.global.redis $.redisConfig) $.Values.global.redis | first) -}} +{{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}} {{- end -}} {{- else -}} -{{/* printf "gitlab.redis.configMerge: %s - %s" $.redisConfig (toJson $.redisGlobal) | fail */}} +{{/* printf "gitlab.redis.configMerge: %s - %s" $.redisConfigName (toJson $.redisMergedConfig) | fail */}} {{- end -}} {{- end -}} {{/* Return the redis password secret name - -This define is not currently used, but left in place for when the -a dynamic secret name can be specified to the Redis chart. -*/}} +*/}}g {{- define "gitlab.redis.password.secret" -}} {{- include "gitlab.redis.configMerge" . -}} -{{- coalesce .redisGlobal.password.secret .Values.global.redis.password.secret (printf "%s-redis-secret" .Release.Name) | quote -}} +{{- default (printf "%s-redis-secret" .Release.Name) .redisMergedConfig.password.secret | quote -}} {{- end -}} {{/* @@ -37,5 +34,5 @@ Return the redis password secret key */}} {{- define "gitlab.redis.password.key" -}} {{- include "gitlab.redis.configMerge" . -}} -{{- coalesce .redisGlobal.password.key .Values.global.redis.password.key "secret" | quote -}} +{{- default "secret" .redisMergedConfig.password.key | quote -}} {{- end -}} -- GitLab From 49b1ba44bbf838c943dc8e56c3ddc49e18370ee5 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 17 Apr 2020 23:42:42 -0400 Subject: [PATCH 07/14] Multi-Redis: fix over-populating redis-secrets when not in use --- charts/gitlab/templates/_redis.tpl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 3fde6cb3bd..5fadc3f10a 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -84,9 +84,8 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- define "gitlab.redis.secrets" -}} {{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} -{{- $_ := set $ "redisConfigName" $redis -}} -{{- include "gitlab.redis.configMerge" $ -}} -{{- if $.redisMergedConfig.password.enabled }} +{{- if index $.Values.global.redis $redis -}} +{{- $_ := set $ "redisConfigName" $redis -}} {{ include "gitlab.redis.secret" $ }} {{- end }} {{- end -}} -- GitLab From c28deb9221be0be55a59c10d08baa8609ee13d4d Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 17 Apr 2020 23:43:10 -0400 Subject: [PATCH 08/14] Multi-Redis: fix actioncable templating channelPrefix --- charts/gitlab/templates/_rails.redis.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 4291604ab2..86315a54ed 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -14,7 +14,7 @@ Input: dict "context" $ "name" string id: {{- if eq .name "cable" }} adapter: redis - {{- if .context.Values.global.redis.actioncable.channelPrefix }} + {{- if index .context.Values.global.redis "actioncable" }} channel_prefix: {{ .context.Values.global.redis.actioncable.channelPrefix }} {{- end }} {{- end }} -- GitLab From 666d77a93e9157254fbae7c912c582bcecdc81e9 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Sat, 18 Apr 2020 19:53:17 +0000 Subject: [PATCH 09/14] Apply suggestion to changelogs/unreleased/1644-support-multiple-redis.yml --- changelogs/unreleased/1644-support-multiple-redis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/1644-support-multiple-redis.yml b/changelogs/unreleased/1644-support-multiple-redis.yml index 2bf15c9679..993176c038 100644 --- a/changelogs/unreleased/1644-support-multiple-redis.yml +++ b/changelogs/unreleased/1644-support-multiple-redis.yml @@ -1,5 +1,5 @@ --- -title: Support configuration of multiple Redisinstances +title: Support configuration of multiple Redis instances merge_request: 1287 author: type: added -- GitLab From 969a744b2919869ea5ec87547fefc4399ccd6eb2 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Sat, 18 Apr 2020 19:53:21 +0000 Subject: [PATCH 10/14] Apply suggestion to charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml --- charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml index 41e8ee8921..082fa7b920 100644 --- a/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml +++ b/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml @@ -123,7 +123,7 @@ spec: items: - key: {{ template "gitlab.psql.password.key" . }} path: postgres/psql-password - {{- include "gitlab.redis.secret" . | nindent 10 }} + {{- include "gitlab.redis.secret" . | nindent 10 }} - name: gitlab-exporter-secrets emptyDir: medium: "Memory" -- GitLab From 0bd9a991d4bb97dbcc1802e03b4ca3d0f9c4097d Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Sat, 18 Apr 2020 20:44:35 +0000 Subject: [PATCH 11/14] Apply suggestion to charts/gitlab/templates/_rails.redis.tpl --- charts/gitlab/templates/_rails.redis.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 86315a54ed..46653f8bb7 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -18,7 +18,7 @@ Input: dict "context" $ "name" string channel_prefix: {{ .context.Values.global.redis.actioncable.channelPrefix }} {{- end }} {{- end }} -{{- $_ := set . "redisConfigName" "" }} +{{- $_ := set .context "redisConfigName" "" }} {{- end -}} {{- define "gitlab.rails.redis.resque" -}} -- GitLab From 545d6507c389c939e28ad1dc2a5657c887e93752 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Sat, 18 Apr 2020 20:44:58 +0000 Subject: [PATCH 12/14] Apply suggestion to charts/gitlab/templates/_redis.tpl --- charts/gitlab/templates/_redis.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 5fadc3f10a..98e3c8114b 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -31,7 +31,7 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters {{- define "gitlab.redis.scheme" -}} {{- include "gitlab.redis.configMerge" . -}} {{- $valid := list "redis" "rediss" "tcp" -}} -{{- $name := default .redisMergedConfig.scheme "redis" -}} +{{- $name := default "redis" .redisMergedConfig.scheme -}} {{- if has $name $valid -}} {{ $name }} {{- else -}} -- GitLab From 11cfb02d4c298df09edca06a0197a8c6e1554087 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Sat, 18 Apr 2020 21:25:03 +0000 Subject: [PATCH 13/14] Apply suggestion to charts/gitlab/templates/_redis.tpl --- charts/gitlab/templates/_redis.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 98e3c8114b..750304fe7d 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -89,6 +89,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{ include "gitlab.redis.secret" $ }} {{- end }} {{- end -}} +{{/* reset 'redisConfigName', to get global.redis.password's Secret item */}} {{- $_ := set . "redisConfigName" "" }} {{- if .Values.global.redis.password.enabled }} {{ include "gitlab.redis.secret" . }} -- GitLab From a636b0d543623bda3f4fa86be6cc2f41b21a5c72 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Sat, 18 Apr 2020 18:49:10 -0400 Subject: [PATCH 14/14] Multi-redis: apply multiple feedback - cleanup extraneous `else` case - re-order `lt` in checkConfig - add all Redis to migrations - remove un-needed `default` call. --- charts/gitlab/charts/migrations/templates/configmap.yaml | 4 ++++ charts/gitlab/templates/_redis.tpl | 2 +- templates/_checkConfig.tpl | 2 +- templates/_redis.tpl | 4 +--- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/gitlab/charts/migrations/templates/configmap.yaml b/charts/gitlab/charts/migrations/templates/configmap.yaml index f29c28222c..ebe3442db5 100644 --- a/charts/gitlab/charts/migrations/templates/configmap.yaml +++ b/charts/gitlab/charts/migrations/templates/configmap.yaml @@ -28,6 +28,10 @@ data: {{- include "gitlab.geo.database.yml" $ | nindent 4 }} {{- end }} {{- include "gitlab.rails.redis.resque" . | nindent 2 }} + {{- include "gitlab.rails.redis.cache" . | nindent 2 }} + {{- include "gitlab.rails.redis.sharedState" . | nindent 2 }} + {{- include "gitlab.rails.redis.queues" . | nindent 2 }} + {{- include "gitlab.rails.redis.cable" . | nindent 2 }} gitlab.yml.erb: | production: &base gitlab: diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 750304fe7d..8a91796b84 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -85,7 +85,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- define "gitlab.redis.secrets" -}} {{- range $redis := list "cache" "sharedState" "queues" "actioncable" -}} {{- if index $.Values.global.redis $redis -}} -{{- $_ := set $ "redisConfigName" $redis -}} +{{- $_ := set $ "redisConfigName" $redis }} {{ include "gitlab.redis.secret" $ }} {{- end }} {{- end -}} diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 4dba1e61d2..46f40f9316 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -152,7 +152,7 @@ Ensure that `redis.install: false` if configuring multiple Redis instances {{- $_ := set $x "count" ( add1 $x.count ) -}} {{- end -}} {{- end -}} -{{- if and .Values.redis.install ( $x.count | lt 0 ) }} +{{- if and .Values.redis.install ( lt 0 $x.count ) }} redis: If configuring multiple Redis servers, you can not use the in-chart Redis server. Please see https://docs.gitlab.com/charts/charts/globals#configure-redis-settings {{- end -}} diff --git a/templates/_redis.tpl b/templates/_redis.tpl index 3477a08202..e9bc2f1883 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -10,14 +10,12 @@ Build a dict of redis configuration {{- $_ := set $ "redisConfigName" (default "" $.redisConfigName) -}} {{/* # prevent repeat operations # -- check if redisConfigName is the current populated content in .redisMergedConfig */}} -{{- if or (not $.redisMergedConfig) (ne (default "" $.redisConfigName) (default "" (index (default (dict) $.redisMergedConfig) "redisConfigName") )) -}} +{{- if or (not $.redisMergedConfig) (ne $.redisConfigName (default "" (index (default (dict) $.redisMergedConfig) "redisConfigName") )) -}} {{/* # reset, preventing pollution. stashing the .redisConfigName used to make this */}} {{- $_ := set . "redisMergedConfig" (dict "redisConfigName" $.redisConfigName) -}} {{- range $want := list "host" "port" "password" "scheme" -}} {{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}} {{- end -}} -{{- else -}} -{{/* printf "gitlab.redis.configMerge: %s - %s" $.redisConfigName (toJson $.redisMergedConfig) | fail */}} {{- end -}} {{- end -}} -- GitLab