From 7df67dedde9220fdd792988ddade0465a7d2bca2 Mon Sep 17 00:00:00 2001 From: Jeev B Date: Thu, 31 Aug 2023 17:18:47 -0700 Subject: [PATCH] Add redis to flyte-sandbox --- charts/flyte-sandbox/Chart.lock | 7 +- charts/flyte-sandbox/Chart.yaml | 4 + charts/flyte-sandbox/README.md | 8 + charts/flyte-sandbox/values.yaml | 15 + docker/sandbox-bundled/images/manifest.txt | 1 + .../sandbox-bundled/manifests/complete.yaml | 623 +++++++++++++++++- docker/sandbox-bundled/manifests/dev.yaml | 623 +++++++++++++++++- 7 files changed, 1275 insertions(+), 6 deletions(-) diff --git a/charts/flyte-sandbox/Chart.lock b/charts/flyte-sandbox/Chart.lock index 7d720bb84f..e759b845a7 100644 --- a/charts/flyte-sandbox/Chart.lock +++ b/charts/flyte-sandbox/Chart.lock @@ -14,5 +14,8 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami version: 12.1.9 -digest: sha256:e7155e540bbdb98f690eb12e2bd301a19d8b36833336f6991410cb44d8d9bb5e -generated: "2023-03-31T09:25:07.80904-07:00" +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 17.15.6 +digest: sha256:1bcc5f102768a19c19d444b3460dabd0f90847b2d4423134f0ce9c7aa0a256ea +generated: "2023-08-31T16:46:00.478623-07:00" diff --git a/charts/flyte-sandbox/Chart.yaml b/charts/flyte-sandbox/Chart.yaml index cf60b48492..b66a93a0a5 100644 --- a/charts/flyte-sandbox/Chart.yaml +++ b/charts/flyte-sandbox/Chart.yaml @@ -44,3 +44,7 @@ dependencies: version: 12.1.9 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled + - name: redis + version: 17.15.6 + repository: https://charts.bitnami.com/bitnami + condition: redis.enabled diff --git a/charts/flyte-sandbox/README.md b/charts/flyte-sandbox/README.md index 47821a9eac..fdaeddc80e 100644 --- a/charts/flyte-sandbox/README.md +++ b/charts/flyte-sandbox/README.md @@ -11,6 +11,7 @@ A Helm chart for the Flyte local sandbox | file://../flyte-binary | flyte-binary | v0.1.10 | | https://charts.bitnami.com/bitnami | minio | 12.1.1 | | https://charts.bitnami.com/bitnami | postgresql | 12.1.9 | +| https://charts.bitnami.com/bitnami | redis | 18.0.1 | | https://helm.twun.io/ | docker-registry | 2.2.2 | | https://kubernetes.github.io/dashboard/ | kubernetes-dashboard | 6.0.0 | @@ -92,6 +93,13 @@ A Helm chart for the Flyte local sandbox | postgresql.volumePermissions.enabled | bool | `true` | | | postgresql.volumePermissions.image.pullPolicy | string | `"Never"` | | | postgresql.volumePermissions.image.tag | string | `"sandbox"` | | +| redis.auth.enabled | bool | `false` | | +| redis.enabled | bool | `true` | | +| redis.image.pullPolicy | string | `"Never"` | | +| redis.image.tag | string | `"sandbox"` | | +| redis.master.service.nodePorts.redis | int | `30004` | | +| redis.master.service.type | string | `"NodePort"` | | +| redis.replica.replicaCount | int | `0` | | | sandbox.buildkit.enabled | bool | `true` | | | sandbox.buildkit.image.pullPolicy | string | `"Never"` | | | sandbox.buildkit.image.repository | string | `"moby/buildkit"` | | diff --git a/charts/flyte-sandbox/values.yaml b/charts/flyte-sandbox/values.yaml index 8d7b732c55..23ea00a9a7 100644 --- a/charts/flyte-sandbox/values.yaml +++ b/charts/flyte-sandbox/values.yaml @@ -138,6 +138,21 @@ postgresql: tag: sandbox pullPolicy: Never +redis: + enabled: true + image: + tag: sandbox + pullPolicy: Never + auth: + enabled: false + master: + service: + type: NodePort + nodePorts: + redis: 30004 + replica: + replicaCount: 0 + sandbox: # dev Routes requests to an instance of Flyte running locally on a developer's # development environment. This is only usable if the flyte-binary chart is disabled. diff --git a/docker/sandbox-bundled/images/manifest.txt b/docker/sandbox-bundled/images/manifest.txt index 04fb34627c..d2b127ac89 100644 --- a/docker/sandbox-bundled/images/manifest.txt +++ b/docker/sandbox-bundled/images/manifest.txt @@ -1,6 +1,7 @@ docker.io/bitnami/bitnami-shell:sandbox=bitnami/bitnami-shell:11-debian-11-r76 docker.io/bitnami/minio:sandbox=bitnami/minio:2023.1.25-debian-11-r0 docker.io/bitnami/postgresql:sandbox=bitnami/postgresql:15.1.0-debian-11-r20 +docker.io/bitnami/redis:sandbox=bitnami/redis:7.2.0-debian-11-r3 docker.io/envoyproxy/envoy:sandbox=envoyproxy/envoy:v1.23-latest docker.io/kubernetesui/dashboard:sandbox=kubernetesui/dashboard:v2.7.0 docker.io/library/registry:sandbox=registry:2.8.1 diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 3e38ad150b..016a36661a 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -41,6 +41,18 @@ metadata: secrets: - name: flyte-sandbox-minio --- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis + namespace: flyte +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -746,6 +758,221 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-configuration + namespace: flyte +--- +apiVersion: v1 +data: + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-health + namespace: flyte +--- +apiVersion: v1 +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" + start-replica.sh: | + #!/bin/bash + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo 26379 + ;; + "REDIS") + echo 6379 + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + echo "${full_hostname}" + } + + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + HEADLESS_SERVICE="flyte-sandbox-redis-headless.flyte.svc.cluster.local" + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then + cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + + echo "" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + exec redis-server "${ARGS[@]}" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-scripts + namespace: flyte +--- +apiVersion: v1 data: null kind: ConfigMap metadata: @@ -784,7 +1011,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: VWVseW5KSmVXU1YzVlNJTw== + haSharedSecret: OHBZQnRJWVJSNjNZc0xveA== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1058,6 +1285,78 @@ spec: --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-headless + namespace: flyte +spec: + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-master + namespace: flyte +spec: + externalTrafficPolicy: Cluster + internalTrafficPolicy: Cluster + ports: + - name: tcp-redis + nodePort: 30004 + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + sessionAffinity: None + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-replicas + namespace: flyte +spec: + internalTrafficPolicy: Cluster + ports: + - name: tcp-redis + nodePort: null + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service metadata: labels: app.kubernetes.io/instance: flyte-sandbox @@ -1345,7 +1644,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 4ce178c1f966129c50b6efd4e46d6574a7a653a479994ba35c434688aee93476 + checksum/secret: a1315db1e76914635e3793ca32eb64ecd63b1a004092b46d9f65541a96839dc1 labels: app: docker-registry release: flyte-sandbox @@ -1793,3 +2092,323 @@ spec: updateStrategy: rollingUpdate: {} type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-master + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + serviceName: flyte-sandbox-redis-headless + template: + metadata: + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: d8e7bccfb1b74138543285406c65b9316cacb0f2da164a6baa00faed05079b7f + checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: true + containers: + - args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + command: + - /bin/bash + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + image: docker.io/bitnami/redis:sandbox + imagePullPolicy: Never + livenessProbe: + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 6 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/bitnami/scripts/start-scripts + name: start-scripts + - mountPath: /health + name: health + - mountPath: /data + name: redis-data + - mountPath: /opt/bitnami/redis/mounted-etc + name: config + - mountPath: /opt/bitnami/redis/etc/ + name: redis-tmp-conf + - mountPath: /tmp + name: tmp + securityContext: + fsGroup: 1001 + serviceAccountName: flyte-sandbox-redis + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-scripts + name: start-scripts + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-health + name: health + - configMap: + name: flyte-sandbox-redis-configuration + name: config + - emptyDir: {} + name: redis-tmp-conf + - emptyDir: {} + name: tmp + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + name: redis-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-replicas + namespace: flyte +spec: + replicas: 0 + selector: + matchLabels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + serviceName: flyte-sandbox-redis-headless + template: + metadata: + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: d8e7bccfb1b74138543285406c65b9316cacb0f2da164a6baa00faed05079b7f + checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: true + containers: + - args: + - -c + - /opt/bitnami/scripts/start-scripts/start-replica.sh + command: + - /bin/bash + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: replica + - name: REDIS_MASTER_HOST + value: flyte-sandbox-redis-master-0.flyte-sandbox-redis-headless.flyte.svc.cluster.local + - name: REDIS_MASTER_PORT_NUMBER + value: "6379" + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + image: docker.io/bitnami/redis:sandbox + imagePullPolicy: Never + livenessProbe: + exec: + command: + - sh + - -c + - /health/ping_liveness_local_and_master.sh 5 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 6 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/ping_readiness_local_and_master.sh 1 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 22 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/bitnami/scripts/start-scripts + name: start-scripts + - mountPath: /health + name: health + - mountPath: /data + name: redis-data + - mountPath: /opt/bitnami/redis/mounted-etc + name: config + - mountPath: /opt/bitnami/redis/etc + name: redis-tmp-conf + securityContext: + fsGroup: 1001 + serviceAccountName: flyte-sandbox-redis + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-scripts + name: start-scripts + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-health + name: health + - configMap: + name: flyte-sandbox-redis-configuration + name: config + - emptyDir: {} + name: redis-tmp-conf + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + name: redis-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 76e5ed275d..e8014f07d6 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -29,6 +29,18 @@ metadata: secrets: - name: flyte-sandbox-minio --- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis + namespace: flyte +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -485,6 +497,221 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-configuration + namespace: flyte +--- +apiVersion: v1 +data: + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-health + namespace: flyte +--- +apiVersion: v1 +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" + start-replica.sh: | + #!/bin/bash + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo 26379 + ;; + "REDIS") + echo 6379 + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + echo "${full_hostname}" + } + + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + HEADLESS_SERVICE="flyte-sandbox-redis-headless.flyte.svc.cluster.local" + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then + cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + + echo "" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + exec redis-server "${ARGS[@]}" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-scripts + namespace: flyte +--- +apiVersion: v1 data: null kind: ConfigMap metadata: @@ -499,7 +726,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: dURHNWp6VnJvbnFtYm9QZA== + haSharedSecret: NldQRUtkOTFiUk1VWG5Sbg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -775,6 +1002,78 @@ spec: type: NodePort --- apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-headless + namespace: flyte +spec: + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-master + namespace: flyte +spec: + externalTrafficPolicy: Cluster + internalTrafficPolicy: Cluster + ports: + - name: tcp-redis + nodePort: 30004 + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + sessionAffinity: None + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-replicas + namespace: flyte +spec: + internalTrafficPolicy: Cluster + ports: + - name: tcp-redis + nodePort: null + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 kind: PersistentVolume metadata: labels: @@ -933,7 +1232,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 2e8126d6988bdffe867b6f100279c5a27c81bb16d16e9c3b04dd322dbe6b3d61 + checksum/secret: 4363a830d7de44099a96231719d94c413f535e538294141194d0b3a6def23b1f labels: app: docker-registry release: flyte-sandbox @@ -1381,3 +1680,323 @@ spec: updateStrategy: rollingUpdate: {} type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-master + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + serviceName: flyte-sandbox-redis-headless + template: + metadata: + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: d8e7bccfb1b74138543285406c65b9316cacb0f2da164a6baa00faed05079b7f + checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: true + containers: + - args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + command: + - /bin/bash + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + image: docker.io/bitnami/redis:sandbox + imagePullPolicy: Never + livenessProbe: + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 6 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/bitnami/scripts/start-scripts + name: start-scripts + - mountPath: /health + name: health + - mountPath: /data + name: redis-data + - mountPath: /opt/bitnami/redis/mounted-etc + name: config + - mountPath: /opt/bitnami/redis/etc/ + name: redis-tmp-conf + - mountPath: /tmp + name: tmp + securityContext: + fsGroup: 1001 + serviceAccountName: flyte-sandbox-redis + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-scripts + name: start-scripts + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-health + name: health + - configMap: + name: flyte-sandbox-redis-configuration + name: config + - emptyDir: {} + name: redis-tmp-conf + - emptyDir: {} + name: tmp + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + name: redis-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + name: flyte-sandbox-redis-replicas + namespace: flyte +spec: + replicas: 0 + selector: + matchLabels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + serviceName: flyte-sandbox-redis-headless + template: + metadata: + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: d8e7bccfb1b74138543285406c65b9316cacb0f2da164a6baa00faed05079b7f + checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-17.15.6 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: true + containers: + - args: + - -c + - /opt/bitnami/scripts/start-scripts/start-replica.sh + command: + - /bin/bash + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: replica + - name: REDIS_MASTER_HOST + value: flyte-sandbox-redis-master-0.flyte-sandbox-redis-headless.flyte.svc.cluster.local + - name: REDIS_MASTER_PORT_NUMBER + value: "6379" + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + image: docker.io/bitnami/redis:sandbox + imagePullPolicy: Never + livenessProbe: + exec: + command: + - sh + - -c + - /health/ping_liveness_local_and_master.sh 5 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 6 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/ping_readiness_local_and_master.sh 1 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 22 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/bitnami/scripts/start-scripts + name: start-scripts + - mountPath: /health + name: health + - mountPath: /data + name: redis-data + - mountPath: /opt/bitnami/redis/mounted-etc + name: config + - mountPath: /opt/bitnami/redis/etc + name: redis-tmp-conf + securityContext: + fsGroup: 1001 + serviceAccountName: flyte-sandbox-redis + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-scripts + name: start-scripts + - configMap: + defaultMode: 493 + name: flyte-sandbox-redis-health + name: health + - configMap: + name: flyte-sandbox-redis-configuration + name: config + - emptyDir: {} + name: redis-tmp-conf + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: redis + name: redis-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi