Commit b0be0c79 authored by Gerard Hickey's avatar Gerard Hickey 🇺🇲 Committed by DJ Mountney

Added basic Redis Sentinel support

parent e64d408f
---
title: Added Redis Sentinel support
merge_request: 999
type: added
......@@ -27,10 +27,27 @@ data:
:namespace: resque:gitlab
:queue: email_receiver
:worker: EmailReceiverWorker
{{- if .Values.global.redis.sentinels }}
:sentinels:
{{- range $i, $entry := .Values.global.redis.sentinels }}
-
:host: {{ $entry.host }}
:port: {{ $entry.port}}
{{- end }}
{{- end }}
:arbitration_method: redis
:arbitration_options:
:redis_url: {{ template "gitlab.redis.url" . }}
:namespace: mail_room:gitlab
{{- if .Values.global.redis.sentinels }}
:sentinels:
{{- range $i, $entry := .Values.global.redis.sentinels }}
-
:host: {{ $entry.host }}
:port: {{ $entry.port}}
{{- end }}
{{- end }}
configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "mailroom" "optional" "redis") | nindent 4 }}
# Leave this here - This line denotes end of block to the parser.
......
......@@ -27,6 +27,9 @@ data:
production:
# Redis (single instance)
url: {{ template "gitlab.redis.url" . }}
{{- if .Values.global.redis.sentinels }}
{{ include "gitlab.redis.sentinels" . | indent 6 }}
{{- end }}
id:
gitlab.yml.erb: |
production: &base
......
......@@ -31,6 +31,9 @@ data:
production:
# Redis (single instance)
url: {{ template "gitlab.redis.url" . }}
{{- if .Values.global.redis.sentinels }}
{{ include "gitlab.redis.sentinels" . | indent 6 }}
{{- end }}
id:
gitlab.yml.erb: |
production: &base
......
......@@ -25,6 +25,9 @@ data:
production:
# Redis (single instance)
url: {{ template "gitlab.redis.url" . }}
{{- if .Values.global.redis.sentinels }}
{{ include "gitlab.redis.sentinels" . | indent 6 }}
{{- end }}
id:
gitlab.yml.erb: |
production: &base
......
......@@ -31,6 +31,9 @@ data:
production:
# Redis (single instance)
url: {{ template "gitlab.redis.url" . }}
{{- if .Values.global.redis.sentinels }}
{{ include "gitlab.redis.sentinels" . | indent 6 }}
{{- end }}
id:
unicorn.rb: |
# This file should be equivalent to `unicorn.rb` from:
......
......@@ -42,3 +42,14 @@ Return the redis url.
{{- define "gitlab.redis.url" -}}
{{ template "gitlab.redis.scheme" . }}://{{- if .Values.global.redis.password.enabled -}}:<%= URI.escape(File.read("/etc/gitlab/redis/password").strip) %>@{{- end -}}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}
{{- end -}}
{{/*
Build the structure describing sentinels
*/}}
{{- define "gitlab.redis.sentinels" -}}
sentinels:
{{- range $i, $entry := .Values.global.redis.sentinels }}
- host: {{ $entry.host }}
port: {{ default 26379 $entry.port }}
{{- end }}
{{- end -}}
......@@ -30,3 +30,9 @@ helm install . \
--set global.redis.password.secret=gitlab-redis \
--set global.redis.password.key=redis-password \
```
If you are connecting to a Redis HA cluster that has Sentinel servers
running, the `global.redis.host` attribute needs to be set to the cluster
name as specified in the `sentinel.conf`. Sentinel servers can be referenced
using the `global.redis.sentinels[0].host` and `global.redis.sentinels[0].port`
values for the `--set` flag. The index is zero based.
......@@ -112,18 +112,29 @@ redis:
host: redis.example.com
serviceName: redis
port: 6379
sentinels:
- host: sentinel1.example.com
port: 26379
password:
secret: gitlab-redis
key: redis-password
```
| Name | Type | Default | Description |
|:----------------|:-------:|:--------|:------------|
| host | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. |
| password.key | String | | The name of the key in the secret below that contains the password. |
| password.secret | String | | The name of the Kubernetes `Secret` to pull from. |
| port | Integer | `6379` | The port on which to connect to the Redis server. |
| serviceName | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| Name | Type | Default | Description |
|:-----------------|:-------:|:--------|:------------|
| host | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. If using Redis Sentinels, the `host` attribute needs to be set to the cluster name as specified in the `sentinel.conf`.|
| password.key | String | | The name of the key in the secret below that contains the password. |
| password.secret | String | | The name of the Kubernetes `Secret` to pull from. |
| port | Integer | `6379` | The port on which to connect to the Redis server. |
| serviceName | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| sentinels.[].host| String | | The hostname of Redis Sentinel server for a Redis HA setup. |
| sentinels.[].port| Integer | `26379` | The port on which to connect to the Redis Sentinel server. |
_Note:_ The current Redis Sentinel support only supports Sentinels that have
been deployed separately from the GitLab chart. As a result, the Redis
deployment through the GitLab chart should be disabled with `redis.enabled=false`
and `redis-ha.enabled=false`. The Secret containing the Redis password
will need to be manually created before deploying the GitLab chart.
### Unicorn
......
......@@ -78,6 +78,9 @@ redis:
host: redis.example.com
serviceName: redis
port: 6379
sentinels:
- host: sentinel1.example.com
port: 26379
password:
secret: gitlab-redis
key: redis-password
......@@ -85,7 +88,7 @@ redis:
#### host
The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`
The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. If using Redis Sentinels, the `host` attribute needs to be set to the cluster name as specified in the `sentinel.conf`.
#### serviceName
......@@ -102,6 +105,20 @@ The `password` attribute for Redis has two sub keys:
- `secret` defines the name of the Kubernetes `Secret` to pull from
- `key` defines the name of the key in the above secret that contains the password.
#### sentinels
The `sentinels` attribute allows for a connection to a Redis HA cluster.
The sub keys describe each Sentinel connection.
- `host` defines the hostname for the Sentinel service
- `port` defines the port number to reach the Sentinel service, defaults to `26379`
_Note:_ The current Redis Sentinel support only supports Sentinels that have
been deployed separately from the GitLab chart. As a result, the Redis
deployment through the GitLab chart should be disabled with `redis.enabled=false`
and `redis-ha.enabled=false`. The Secret containing the Redis password
will need to be manually created before deploying the GitLab chart.
### PostgreSQL
```YAML
......
......@@ -131,18 +131,29 @@ that is shared across all Sidekiq pods.
redis:
host: rank-racoon-redis
port: 6379
sentinels:
- host: sentinel1.example.com
port: 26379
password:
secret: gitlab-redis
key: redis-password
```
| Name | Type | Default | Description |
|:----------------- |:-------:|:------- |:----------- |
| `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. |
| `password.key` | String | | The `password.key` attribute for PostgreSQL defines the name of the key in the secret (below) that contains the password. |
| `password.secret` | String | | The `password.secret` attribute for PostgreSQL defines the name of the Kubernetes `Secret` to pull from. |
| `port` | Integer | `6379` | The port on which to connect to the Redis server. |
| `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| Name | Type | Default | Description |
|:------------------ |:-------:|:------- |:----------- |
| `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. If using Redis Sentinels, the `host` attribute needs to be set to the cluster name as specified in the `sentinel.conf`. |
| `password.key` | String | | The `password.key` attribute for Redis defines the name of the key in the secret (below) that contains the password. |
| `password.secret` | String | | The `password.secret` attribute for Redis defines the name of the Kubernetes `Secret` to pull from. |
| `port` | Integer | `6379` | The port on which to connect to the Redis server. |
| `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| `sentinels.[].host`| String | | The hostname of Redis Sentinel server for a Redis HA setup. |
| `sentinels.[].port`| Integer | `26379` | The port on which to connect to the Redis Sentinel server. |
_Note:_ The current Redis Sentinel support only supports Sentinels that have
been deployed separately from the GitLab chart. As a result, the Redis
deployment through the GitLab chart should be disabled with `redis.enabled=false`
and `redis-ha.enabled=false`. The Secret containing the Redis password
will need to be manually created before deploying the GitLab chart.
### PostgreSQL
......
......@@ -193,20 +193,31 @@ redis:
host: redis.example.com
serviceName: redis
port: 6379
sentinels:
- host: sentinel1.example.com
port: 26379
password:
enabled: true
secret: gitlab-redis
key: redis-password
```
| Name | Type | Default | Description |
|:----------------- |:-------:|:------- |:----------- |
| `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. |
| `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| `port` | Integer | `6379` | The port on which to connect to the Redis server. |
| `password.key` | String | | The `password.key` attribute for Redis defines the name of the key in the secret (below) that contains the password. |
| `password.secret` | String | | The `password.secret` attribute for Redis defines the name of the Kubernetes `Secret` to pull from. |
| `password.enabled`| Bool | true | The `password.enabled` provides a toggle for using a password with the Redis instance. |
| Name | Type | Default | Description |
|:------------------ |:-------:|:------- |:----------- |
| `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. If using Redis Sentinels, the `host` attribute needs to be set to the cluster name as specified in the `sentinel.conf`.|
| `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| `port` | Integer | `6379` | The port on which to connect to the Redis server. |
| `password.key` | String | | The `password.key` attribute for Redis defines the name of the key in the secret (below) that contains the password. |
| `password.secret` | String | | The `password.secret` attribute for Redis defines the name of the Kubernetes `Secret` to pull from. |
| `password.enabled` | Bool | true | The `password.enabled` provides a toggle for using a password with the Redis instance. |
| `sentinels.[].host`| String | | The hostname of Redis Sentinel server for a Redis HA setup. |
| `sentinels.[].port`| Integer | `26379` | The port on which to connect to the Redis Sentinel server. |
_Note:_ The current Redis Sentinel support only supports Sentinels that have
been deployed separately from the GitLab chart. As a result, the Redis
deployment through the GitLab chart should be disabled with `redis.enabled=false`
and `redis-ha.enabled=false`. The Secret containing the Redis password
will need to be manually created before deploying the GitLab chart.
### PostgreSQL
......
......@@ -163,12 +163,23 @@ global:
host: redis.example.com
# serviceName:
port: 6379
sentinels:
- host: sentinel1.example.com
port: 26379
- host: sentinel2.example.com
port: 26379
password:
enabled: true
secret: gitlab-redis
key: redis-password
```
_Note:_ The current Redis Sentinel support only supports Sentinels that have
been deployed separately from the GitLab chart. As a result, the Redis
deployment through the GitLab chart should be disabled with `redis.enabled=false`
and `redis-ha.enabled=false`. The Secret containing the Redis password
will need to be manually created before deploying the GitLab chart.
## Configure Grafana integration
The GitLab global grafana settings are located under `global.grafana`. At this time, the only setting available is `global.grafana.enabled`.
......
......@@ -58,16 +58,27 @@ redis:
host: redis.example.com
serviceName: redis
port: 8080
sentinels:
- host: sentinel1.example.com
port: 26379
password:
secret: gitlab-redis
key: redis-password
```
- `redis` - the name for what the current chart needs to connect to
- `host` - overrides the use of serviceName, comment out by default use `0.0.0.0` as the example
- `host` - overrides the use of serviceName, comment out by default use `0.0.0.0` as the example. If using Redis Sentinels, the `host` attribute needs to be set to the cluster name as specified in the `sentinel.conf`.
- `serviceName` - intended to be used by default instead of the host, connect using the Kubernetes Service name
- `port` - the port to connect on. Comment out by default, and use the default port as the example.
- `password`- defines settings for the Kubernetes Secret containing the password.
- `sentinels.[].host` - defines the hostname of Redis Sentinel server for a Redis HA setup.
- `sentinels.[].port` - defines the port on which to connect to the Redis Sentinel server. Defaults to `26379`.
_Note:_ The current Redis Sentinel support only supports Sentinels that have
been deployed separately from the GitLab chart. As a result, the Redis
deployment through the GitLab chart should be disabled with `redis.enabled=false`
and `redis-ha.enabled=false`. The Secret containing the Redis password
will need to be manually created before deploying the GitLab chart.
### Sharing secrets
......
......@@ -114,6 +114,10 @@ Generate a random 64 character alpha-numeric password for Redis. Replace
kubectl create secret generic <name>-redis-secret --from-literal=secret=$(head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64)
```
If deploying with an already existing Redis cluster, please use the password
for accessing the Redis cluster that has been base64 encoded instead of a
randomly generated one.
### GitLab Shell secret
Generate a random 64 character alpha-numeric secret for GitLab Shell. Replace
......
......@@ -83,6 +83,9 @@ global:
# key:
# host: redis.hostedsomewhere.else
# port: 6379
# sentinels:
# - host:
# port:
## doc/charts/globals.md#configure-gitaly-settings
gitaly:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment