feat(container)!: Update image redis to v25#373
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
Conversation
--- HelmRelease: database/redis ConfigMap: database/redis-configuration
+++ HelmRelease: database/redis ConfigMap: database/redis-configuration
@@ -8,12 +8,15 @@
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
data:
redis.conf: |-
# User-supplied common configuration:
+ # Enable ReJSON y Redisearch
+ loadmodule /opt/bitnami/redis/lib/redis/modules/redisearch.so
+ loadmodule /opt/bitnami/redis/lib/redis/modules/rejson.so
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# End of common configuration
master.conf: |-
@@ -25,12 +28,13 @@
replica.conf: |-
dir /data
# User-supplied replica configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of replica configuration
+ users.acl: ''
sentinel.conf: |-
dir "/tmp"
port 26379
sentinel monitor redis-master redis-node-0.redis-headless.database.svc.cluster.local 6379 2
sentinel down-after-milliseconds redis-master 60000
sentinel failover-timeout redis-master 180000
--- HelmRelease: database/redis ConfigMap: database/redis-health
+++ HelmRelease: database/redis ConfigMap: database/redis-health
@@ -9,21 +9,21 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
data:
ping_readiness_local.sh: |-
#!/bin/bash
+ timeout=$1
+ run_redis_command() {
+ local args=("-p" "$REDIS_PORT")
+ timeout -s 15 $timeout redis-cli "${args[@]}" "$@"
+ }
+
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
- response=$(
- timeout -s 15 $1 \
- redis-cli \
- -h localhost \
- -p $REDIS_PORT \
- ping
- )
+ response=$(run_redis_command ping)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
if [ "$response" != "PONG" ]; then
echo "$response"
@@ -79,60 +79,7 @@
PORT=$1;
FOUND_PORT=0;
} else if (FOUND_RUNID==1) {
printf "\nsentinel known-sentinel redis-master %s %s %s", IP, PORT, $0; FOUND_RUNID=0;
}
}
- ping_readiness_master.sh: |-
- #!/bin/bash
- [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
- [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
- response=$(
- timeout -s 15 $1 \
- redis-cli \
- -h $REDIS_MASTER_HOST \
- -p $REDIS_MASTER_PORT_NUMBER \
- ping
- )
- if [ "$?" -eq "124" ]; then
- echo "Timed out"
- exit 1
- fi
- if [ "$response" != "PONG" ]; then
- echo "$response"
- exit 1
- fi
- ping_liveness_master.sh: |-
- #!/bin/bash
-
- [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
- [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
- response=$(
- timeout -s 15 $1 \
- redis-cli \
- -h $REDIS_MASTER_HOST \
- -p $REDIS_MASTER_PORT_NUMBER \
- ping
- )
- if [ "$?" -eq "124" ]; then
- echo "Timed out"
- exit 1
- fi
- responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}')
- if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then
- echo "$response"
- exit 1
- fi
- ping_readiness_local_and_master.sh: |-
- script_dir="$(dirname "$0")"
- exit_status=0
- "$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
- "$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
- exit $exit_status
- ping_liveness_local_and_master.sh: |-
- script_dir="$(dirname "$0")"
- exit_status=0
- "$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
- "$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
- exit $exit_status
-
--- HelmRelease: database/redis ConfigMap: database/redis-scripts
+++ HelmRelease: database/redis ConfigMap: database/redis-scripts
@@ -37,26 +37,14 @@
fi
}
get_full_hostname() {
hostname="$1"
full_hostname="${hostname}.${HEADLESS_SERVICE}"
- echo "${full_hostname}"
- }
-
- REDISPORT=$(get_port "$HOSTNAME" "REDIS")
-
- HEADLESS_SERVICE="redis-headless.database.svc.cluster.local"
-
- if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then
- REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST"
- else
- REDIS_SERVICE="redis.database.svc.cluster.local"
- fi
-
- SENTINEL_SERVICE_PORT=$(get_port "redis" "SENTINEL")
+ echo "$full_hostname"
+ }
redis_cli_command() {
local timeout="${1:-0}"
local args=("-h" "$REDIS_SERVICE" "-p" "$SENTINEL_SERVICE_PORT")
local command="redis-cli"
@@ -86,12 +74,20 @@
get_sentinel_master_info() {
sentinel_info_command="$(redis_cli_command 10) sentinel get-master-addr-by-name redis-master"
info "about to run the command: $sentinel_info_command"
retry_while "eval $sentinel_info_command" 2 5
}
+ REDISPORT=$(get_port "$HOSTNAME" "REDIS")
+ REDIS_SERVICE="redis.database.svc.cluster.local"
+ if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then
+ REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST"
+ fi
+ SENTINEL_SERVICE_PORT=$(get_port "redis" "SENTINEL")
+ HEADLESS_SERVICE="redis-headless.database.svc.cluster.local"
+
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
# check if there is a master
master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")"
master_port_in_persisted_conf="$REDIS_MASTER_PORT_NUMBER"
@@ -100,12 +96,16 @@
if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
master_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
info "Found previous master ${master_in_persisted_conf}:${master_port_in_persisted_conf} in /opt/bitnami/redis-sentinel/etc/sentinel.conf"
debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)"
+ fi
+
+ if [[ -f /opt/bitnami/redis/mounted-etc/users.acl ]];then
+ cp /opt/bitnami/redis/mounted-etc/users.acl /opt/bitnami/redis/etc/users.acl
fi
if [[ $redisRetVal -ne 0 ]]; then
if [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then
# Case 1: No active sentinel and in previous sentinel.conf we were the master --> MASTER
info "Configuring the node as master"
@@ -120,13 +120,12 @@
else
# Fetches current master's host and port
REDIS_SENTINEL_INFO=($(get_sentinel_master_info))
info "Current master: REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})"
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
-
if [[ "$REDIS_MASTER_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then
# Case 3: Active sentinel and master it is this node --> MASTER
info "Configuring the node as master"
export REDIS_REPLICATION_MODE="master"
else
# Case 4: Active sentinel and master is not this node --> REPLICA
@@ -269,33 +268,42 @@
if [[ -z "$REDIS_MASTER_HOST" ]] || [[ -z "$REDIS_MASTER_PORT_NUMBER" ]]
then
# Prevent incorrect configuration to be written to sentinel.conf
error "Redis master host is configured incorrectly (host: $REDIS_MASTER_HOST, port: $REDIS_MASTER_PORT_NUMBER)"
exit 1
fi
-
sentinel_conf_set "sentinel monitor" "redis-master "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" 2"
add_known_sentinel() {
hostname="$1"
ip="$2"
-
if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then
sentinel_conf_add "sentinel known-sentinel redis-master $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")"
fi
}
+
add_known_replica() {
hostname="$1"
ip="$2"
-
if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$REDIS_MASTER_HOST" ]]; then
sentinel_conf_add "sentinel known-replica redis-master $(get_full_hostname "$hostname") $(get_port "$hostname" "REDIS")"
fi
}
- # Add available hosts on the network as known replicas & sentinels
+ add_known_sentinel_public_ip() {
+ hostname="$1"
+ ip="$2"
+ sentinel_conf_add "sentinel known-sentinel redis-master $ip $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")"
+ }
+
+ add_known_replica_public_ip() {
+ hostname="$1"
+ ip="$2"
+ sentinel_conf_add "sentinel known-replica redis-master $ip $(get_port "$hostname" "REDIS")"
+ }
+
for node in $(seq 0 $((1-1))); do
hostname="redis-node-$node"
ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')"
add_known_sentinel "$hostname" "$ip"
add_known_replica "$hostname" "$ip"
done
@@ -309,42 +317,48 @@
exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel
prestop-sentinel.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libos.sh
-
HEADLESS_SERVICE="redis-headless.database.svc.cluster.local"
get_full_hostname() {
hostname="$1"
full_hostname="${hostname}.${HEADLESS_SERVICE}"
echo "${full_hostname}"
}
run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
- redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
- else
- redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
- fi
- }
+ redis-cli -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+ else
+ redis-cli -p "$REDIS_SENTINEL_PORT" sentinel "$@"
+ fi
+ }
+
sentinel_failover_finished() {
- REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "redis-master"))
- REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}"
- [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
- }
-
- REDIS_SERVICE="redis.database.svc.cluster.local"
+ REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "redis-master"))
+ echo "REDIS_SENTINEL_INFO: $REDIS_SENTINEL_INFO"
+ REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}"
+ echo "REDIS_MASTER_HOST: $REDIS_MASTER_HOST"
+ echo "REDIS_MASTER_HOST: $(get_full_hostname $HOSTNAME)"
+ # Check if both variables are not empty
+ if [[ -z "$REDIS_MASTER_HOST" ]]; then
+ echo "WARNING: REDIS_MASTER_HOST is empty, assuming failover not finished"
+ return 1
+ fi
+ [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
+ }
if ! sentinel_failover_finished; then
echo "I am the master pod and you are stopping me. Starting sentinel failover"
if retry_while "sentinel_failover_finished" "20" 1; then
- echo "Master has been successfuly failed over to a different pod."
+ echo "Master has been successfully failed over to a different pod."
exit 0
else
echo "Master failover failed"
exit 1
fi
else
@@ -352,12 +366,13 @@
fi
prestop-redis.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libos.sh
+ HEADLESS_SERVICE="redis-headless.database.svc.cluster.local"
run_redis_command() {
local args=("-h" "127.0.0.1")
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
args+=("-p" "$REDIS_TLS_PORT" "--tls" "--cert" "$REDIS_TLS_CERT_FILE" "--key" "$REDIS_TLS_KEY_FILE")
[ -n "$REDIS_TLS_CA_FILE" ] && args+=("--cacert" "$REDIS_TLS_CA_FILE")
@@ -365,42 +380,47 @@
args+=("-p" "$REDIS_PORT")
fi
redis-cli "${args[@]}" "$@"
}
is_master() {
REDIS_ROLE=$(run_redis_command role | head -1)
+ echo "REDIS_ROLE: $REDIS_ROLE"
[[ "$REDIS_ROLE" == "master" ]]
}
-
- HEADLESS_SERVICE="redis-headless.database.svc.cluster.local"
get_full_hostname() {
hostname="$1"
full_hostname="${hostname}.${HEADLESS_SERVICE}"
echo "${full_hostname}"
}
run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
- env -u REDISCLI_AUTH redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
- else
- env -u REDISCLI_AUTH redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
- fi
- }
+ env -u REDISCLI_AUTH redis-cli -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+ else
+ env -u REDISCLI_AUTH redis-cli -p "$REDIS_SENTINEL_PORT" sentinel "$@"
+ fi
+ }
+
sentinel_failover_finished() {
REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "redis-master"))
+ echo "REDIS_SENTINEL_INFO: $REDIS_SENTINEL_INFO"
REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}"
+ echo "REDIS_MASTER_HOST: $REDIS_MASTER_HOST"
+ echo "REDIS_MASTER_HOST: $(get_full_hostname $HOSTNAME)"
[Diff truncated by flux-local]
--- HelmRelease: database/redis Service: database/redis
+++ HelmRelease: database/redis Service: database/redis
@@ -8,13 +8,12 @@
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/component: node
spec:
type: ClusterIP
- sessionAffinity: None
ports:
- name: tcp-redis
port: 6379
targetPort: 6379
nodePort: null
- name: tcp-sentinel
--- HelmRelease: database/redis StatefulSet: database/redis-node
+++ HelmRelease: database/redis StatefulSet: database/redis-node
@@ -25,15 +25,15 @@
labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/component: node
annotations:
- checksum/configmap: 44827545caa1794c0c6696c4406beb71e64dd804ef278fe070efe561c4bc71b7
- checksum/health: 07a9e9f1ff08347b0d2cd65e962feb94d6390f5b64a77ed1346867af2559df4a
- checksum/scripts: 8804e67414a2455406dbbd511f923b6f0382722f2619b93b21426569ab1ba596
+ checksum/configmap: 6ad039f2cafa77bc43c6906b3e078fceb424cd230fc183695a6048c1dec8d633
+ checksum/health: 6a3889b5cbf021e322d618543391c1ef0cccf0c6828842a913e11fe6a2fec715
+ checksum/scripts: 09a33503b9bef042bf5e91f37b7392a4270d5510fb6864104b0bc59cf44643fe
checksum/secret: 2d13b786f06da89ac2b3fe2a139891e91f9c8364803dd5a61634d73badb3cc48
prometheus.io/port: '9121'
prometheus.io/scrape: 'true'
spec:
automountServiceAccountToken: false
securityContext:
@@ -56,20 +56,20 @@
weight: 1
nodeAffinity: null
enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.4.1-debian-12-r2
+ image: registry-1.docker.io/bitnami/redis:latest
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/bash
- - -c
+ - -ec
- /opt/bitnami/scripts/start-scripts/prestop-redis.sh
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
@@ -79,32 +79,32 @@
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
command:
- /bin/bash
+ - -ec
args:
- - -c
- /opt/bitnami/scripts/start-scripts/start-node.sh
env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
- name: BITNAMI_DEBUG
value: 'false'
- name: REDIS_MASTER_PORT_NUMBER
value: '6379'
- name: ALLOW_EMPTY_PASSWORD
value: 'no'
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- name: redis
- key: redis-password
- - name: REDIS_MASTER_PASSWORD
- valueFrom:
- secretKeyRef:
- name: redis
- key: redis-password
+ - name: OPENSSL_FIPS
+ value: 'yes'
+ - name: REDIS_PASSWORD_FILE
+ value: /opt/bitnami/redis/secrets/redis-password
+ - name: REDIS_MASTER_PASSWORD_FILE
+ value: /opt/bitnami/redis/secrets/redis-password
- name: REDIS_TLS_ENABLED
value: 'no'
- name: REDIS_PORT
value: '6379'
- name: REDIS_SENTINEL_TLS_ENABLED
value: 'no'
@@ -120,36 +120,36 @@
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- - sh
- - -c
+ - /bin/bash
+ - -ec
- /health/ping_liveness_local.sh 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- - sh
- - -c
+ - /bin/bash
+ - -ec
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
exec:
command:
- - sh
- - -c
+ - /bin/bash
+ - -ec
- /health/ping_readiness_local.sh 1
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
@@ -161,31 +161,33 @@
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: sentinel-data
mountPath: /opt/bitnami/redis-sentinel/etc
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
- name: redis-data
mountPath: /data
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: empty-dir
mountPath: /opt/bitnami/redis/etc
subPath: app-conf-dir
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: sentinel
- image: docker.io/bitnami/redis-sentinel:7.4.1-debian-12-r2
+ image: registry-1.docker.io/bitnami/redis-sentinel:latest
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/bash
- - -c
+ - -ec
- /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
@@ -195,23 +197,26 @@
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
command:
- /bin/bash
+ - -ec
args:
- - -c
- /opt/bitnami/scripts/start-scripts/start-sentinel.sh
env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
- name: BITNAMI_DEBUG
value: 'false'
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- name: redis
- key: redis-password
+ - name: REDIS_PASSWORD_FILE
+ value: /opt/bitnami/redis/secrets/redis-password
+ - name: OPENSSL_FIPS
+ value: 'yes'
- name: REDIS_SENTINEL_TLS_ENABLED
value: 'no'
- name: REDIS_SENTINEL_PORT
value: '26379'
ports:
- name: redis-sentinel
@@ -221,36 +226,36 @@
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- - sh
- - -c
+ - /bin/bash
+ - -ec
- /health/ping_sentinel.sh 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
exec:
command:
- - sh
- - -c
+ - /bin/bash
+ - -ec
- /health/ping_sentinel.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 6
exec:
command:
- - sh
- - -c
+ - /bin/bash
+ - -ec
- /health/ping_sentinel.sh 1
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
@@ -265,18 +270,20 @@
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: sentinel-data
mountPath: /opt/bitnami/redis-sentinel/etc
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
- name: redis-data
mountPath: /data
- name: config
mountPath: /opt/bitnami/redis-sentinel/mounted-etc
- name: metrics
- image: docker.io/bitnami/redis-exporter:1.66.0-debian-12-r2
+ image: registry-1.docker.io/bitnami/redis-exporter:latest
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
@@ -286,30 +293,29 @@
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
command:
- /bin/bash
- - -c
+ - -ec
- |
- if [[ -f '/secrets/redis-password' ]]; then
- export REDIS_PASSWORD=$(cat /secrets/redis-password)
- fi
+ export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)"
redis_exporter
env:
- name: REDIS_ALIAS
value: redis
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: :9121
- name: REDIS_USER
value: default
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- name: redis
- key: redis-password
+ - name: REDIS_PASSWORD_FILE
+ value: /secrets/redis-password
+ - name: OPENSSL_FIPS
+ value: 'yes'
+ - name: GODEBUG
+ value: fips140=only
ports:
- name: metrics
containerPort: 9121
livenessProbe:
failureThreshold: 5
initialDelaySeconds: 10
@@ -337,21 +343,29 @@
ephemeral-storage: 50Mi
memory: 128Mi
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
+ - name: redis-password
+ mountPath: /secrets/
volumes:
- name: start-scripts
configMap:
name: redis-scripts
defaultMode: 493
- name: health
configMap:
name: redis-health
defaultMode: 493
+ - name: redis-password
+ secret:
+ secretName: redis
+ items:
+ - key: redis-password
+ path: redis-password
- name: config
configMap:
name: redis-configuration
- name: sentinel-data
emptyDir: {}
- name: empty-dir |
--- kubernetes/apps/database/redis/app Kustomization: flux-system/redis HelmRelease: database/redis
+++ kubernetes/apps/database/redis/app Kustomization: flux-system/redis HelmRelease: database/redis
@@ -13,13 +13,13 @@
spec:
chart: redis
sourceRef:
kind: HelmRepository
name: bitnami
namespace: flux-system
- version: 20.4.1
+ version: 25.3.2
install:
remediation:
retries: 3
interval: 30m
timeout: 15m
uninstall: |
renovate
bot
force-pushed
the
renovate/redis-25.x
branch
2 times, most recently
from
a54f15f to
45301f4
Compare
renovate
bot
force-pushed
the
renovate/redis-25.x
branch
from
45301f4 to
dbe60ac
Compare
renovate
bot
force-pushed
the
renovate/redis-25.x
branch
from
dbe60ac to
40f75fd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
20.4.1→25.3.2Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
bitnami/charts (redis)
v23.1.1v22.0.7v22.0.6v22.0.5v22.0.4v22.0.3v22.0.1v22.0.0v21.2.14v21.2.13v21.2.12v21.2.11v21.2.10v21.2.9v21.2.7v21.2.6v21.2.5v21.2.4v21.2.3v21.2.2v21.2.1v21.2.0v21.1.11v21.1.10v21.1.9v21.1.8v21.1.7v21.1.6v21.1.5v21.1.4v21.1.3v21.1.2v21.1.1v21.0.3v21.0.2v21.0.0v20.13.4v20.13.3v20.13.2v20.13.1v20.13.0v20.12.2v20.12.1v20.12.0v20.11.5kubectl-sharedcontainer (#32085) (dad454d), closes #32085v20.11.4v20.11.3v20.11.2v20.11.1v20.11.0v20.10.1v20.10.0usePasswordFiles=trueby default (#32117) (2f80b74), closes #32117v20.9.0v20.8.0v20.7.1v20.7.0v20.6.3v20.6.2v20.6.1v20.6.0v20.5.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.