fix: add HA templates and modify the code #1284
Conversation
omrozowicz-splunk
requested review from
Kawron,
cwadhwani-splunk and
gmaiyani-crest
|
|
||
| # RedBeat uses redis-sentinel:// with master_name query | ||
| : "${REDIS_URL:=${REDBEAT_SCHEME}/${REDIS_DB}#master_name=${REDIS_MASTER_NAME}}" | ||
| SENTINEL_CHECK="redis://${REDIS_SENTINEL_SERVICE}:${REDIS_SENTINEL_PORT}" |
There was a problem hiding this comment.
shouldn't it be also in the if statment above in case REDIS_PASSWORD is set?
There was a problem hiding this comment.
this is what I thought too, but when I tested that it didn't work at all with password 😅 I can check it once again just to be sure
There was a problem hiding this comment.
ok, I know why — sed -i "s/\${REDIS_PASSWORD}/$REDIS_PASSWORD/g" /data/sentinel.conf I have in config is handling Redis password (to access redis instances and know their roles) and not the sentinel's one. Sentinel instances are running without password, and from what I read it is standard practice for internal setups. It's enough to have redis passwrod protected. I'll test again if we need password in SENTINEL_SCHEME and REDBEAT_SCHEME
| - -c | ||
| - | | ||
| {{- if .Values.redis.auth.enabled }} | ||
| redis-cli -a "$REDIS_PASSWORD" ping |
There was a problem hiding this comment.
This is an overkill, but you can use set REDISCLI_AUTH env to authenticate without passing the password in the command, so it won't be visible in history or process list. See: https://stackoverflow.com/a/64372000
For this case I think this is okay, because the password is also visible in the config files, but I've just wanted to share this nice feautre : )
There was a problem hiding this comment.
I use env to authenticate anyway, this is being rendered to redis-cli -a "$REDIS_PASSWORD" ping, $REDIS_PASSWORD is not becoming visible from the k8s perspective
| {{- if .Values.redis.auth.enabled }} | ||
| sentinel auth-pass mymaster ${REDIS_PASSWORD} | ||
| {{- end }} | ||
| sentinel down-after-milliseconds mymaster 5000 |
There was a problem hiding this comment.
Maybe we could parametrize this parameters? Would be there any benefit from fine-tuning those values for customer? If not, I would leave it as it
There was a problem hiding this comment.
not sure about the parameters, but for sure I can use that env variable for mymaster
| app.kubernetes.io/component: sentinel | ||
| spec: | ||
| serviceName: {{ .Release.Name }}-redis-sentinel | ||
| replicas: {{ .Values.redis.sentinel.replicas | default 3 }} |
There was a problem hiding this comment.
I wonder if we need "default" here? It is already set to 3 in values.yaml
There was a problem hiding this comment.
this is what we generally do in this project as a fallback, not sure if it is necessary, but I know sometimes users edit our values.yaml directly in the local package instead of creating their own 🙈
| metadata: | ||
| name: job-robot | ||
| namespace: sc4snmp | ||
| namespace: {{ .Release.Namespace | quote }} |
There was a problem hiding this comment.
when searching for: "namespace: sc4snmp" in IDE I still found some occurances. Shouldn't it be cleaned as well?
There was a problem hiding this comment.
Yes, this is an issue I found while looking at those UI files. I think I deleted it from all the templates but didn't run make render after that so you probably see it in rendered manifests. Let me update it.
| value: "0" | ||
| - name: SC4SNMP_VERSION | ||
| value: {{ .Chart.Version | default "0.0.0" }} | ||
| {{- include "splunk-connect-for-snmp.redis-env" . | nindent 0 }} |
There was a problem hiding this comment.
I think that nident with 0 does not do anything
There was a problem hiding this comment.
nindent 0 adds a newline before the content and indents all lines by 0 spaces. In this case, alternatively I could use it like:
{{ include "splunk-connect-for-snmp.redis-env" . }}
| command: | ||
| - sh | ||
| - -c | ||
| - redis-cli -p 26379 ping |
There was a problem hiding this comment.
Will it work if redis is password protected? Password is not passed by -a or REDISCLI_AUTH env
There was a problem hiding this comment.
check: #1284 (comment) -> sentinel does not have own authentication
| command: | ||
| - sh | ||
| - -c | ||
| - redis-cli -p 26379 sentinel get-master-addr-by-name mymaster | grep snmp-redis-ha-0 |
There was a problem hiding this comment.
also here we hardcoded release name as snmp whereas in otherplaces it is templated {{ .Release.Name }}
There was a problem hiding this comment.
I deleted it completely as after first failover it doesn't work (as other replica is a master)
| - name: REDIS_SENTINEL_PORT | ||
| value: "26379" | ||
| - name: REDIS_MASTER_NAME | ||
| value: mymaster |
There was a problem hiding this comment.
can we set different default name?
There was a problem hiding this comment.
Any name would work, the only thing is that it must be the same everywhere. From what I learned it is better not to give user option to change this name, as it is easy to break this way.
| !!!note | ||
| The `storageClassName` must point to a `StorageClass` that supports network-attached volumes with `ReadWriteMany` (or `ReadWriteOnce` with cross-node support). Examples: NFS, Ceph, EBS, GCP Persistent Disk, Azure Disk. | ||
|
|
||
| For MicrokK8s on Ubuntu, you can enable NFS this way: |
|
|
||
| For MicrokK8s on Ubuntu, you can enable NFS this way: | ||
|
|
||
| 1. Enable NFS client on ALL nodes: |
There was a problem hiding this comment.
maybe we want to emphasize more that this is just an example, not solution we recommend and support while configuring?
There was a problem hiding this comment.
I added EXAMPLE: before the section
3 participants
Description
This PR adds HA Sentinel option to Redis component. Some of the main changes:
construct-redis-url.shreplicationoption toredis.modeFixes # (issue)
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
Checklist