From 48bae0de9f690418168027b53e096c8bbb912062 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 1 Dec 2022 16:42:48 +0100 Subject: [PATCH 01/15] redis: Introduce support for Redis Cluster and specifying acl user Changelog: added --- .../charts/mailroom/templates/_helpers.tpl | 4 ++ charts/gitlab/templates/_rails.redis.tpl | 1 + charts/gitlab/templates/_redis.tpl | 16 +++++- doc/charts/globals.md | 1 + spec/configuration/redis_spec.rb | 54 +++++++++++++++++++ templates/_redis.tpl | 4 +- values.yaml | 4 ++ 7 files changed, 81 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/charts/mailroom/templates/_helpers.tpl b/charts/gitlab/charts/mailroom/templates/_helpers.tpl index 4dbefb897a..637b29c5ec 100644 --- a/charts/gitlab/charts/mailroom/templates/_helpers.tpl +++ b/charts/gitlab/charts/mailroom/templates/_helpers.tpl @@ -20,4 +20,8 @@ If global.redis.queues is present, use this. If not present, use global.redis {{- if $sentinels -}} :{{- $sentinels | replace " port:" " :port:" | replace " host:" " :host:" -}} {{- end -}} +{{- $cluster := include "gitlab.redis.cluster" . }} +{{- if $cluster -}} +:{{- $cluster | replace " port:" " :port:" | replace " host:" " :host:" -}} +{{- end -}} {{- end -}} diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 688bd6eb07..d813676433 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -9,6 +9,7 @@ Input: dict "context" $ "name" string production: url: {{ template "gitlab.redis.url" .context }} {{- include "gitlab.redis.sentinels" .context | nindent 4 }} + {{- include "gitlab.redis.cluster" .context | nindent 4 }} id: {{- if eq .name "cable" }} adapter: redis diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index a735376017..3794da5d57 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -57,7 +57,7 @@ Return the password section of the Redis URI, if needed. */}} {{- define "gitlab.redis.url.password" -}} {{- include "gitlab.redis.configMerge" . -}} -{{- if .redisMergedConfig.password.enabled -}}:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %>@{{- end -}} +{{- if .redisMergedConfig.password.enabled -}}{{ .redisMergedConfig.user }}:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %>@{{- end -}} {{- end -}} {{/* @@ -74,6 +74,20 @@ sentinels: {{- end -}} {{- end -}} +{{/* +Build the structure describing redis cluster +*/}} +{{- define "gitlab.redis.cluster" -}} +{{- include "gitlab.redis.selectedMergedConfig" . -}} +{{- if .redisMergedConfig.cluster -}} +cluster: +{{- range $i, $entry := .redisMergedConfig.cluster }} + - host: {{ $entry.host }} + port: {{ default 6379 $entry.port }} +{{- end }} +{{- end -}} +{{- end -}} + {{/*Set redisMergedConfig*/}} {{- define "gitlab.redis.selectedMergedConfig" -}} {{- if .redisConfigName }} diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 73a86dd2cd..e24adefa0f 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -407,6 +407,7 @@ global: | `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. | | `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. | | `port` | Integer | `6379` | The port on which to connect to the Redis server. | +| `user` | String | | The user used to authenticate against Redis (Redis 6.0+). | | `password.enabled` | Boolean | true | The `password.enabled` provides a toggle for using a password with the Redis instance. | | `password.key` | String | | The `password.key` attribute for Redis defines the name of the key in the secret (below) that contains the password. | | `password.secret` | String | | The `password.secret` attribute for Redis defines the name of the Kubernetes `Secret` to pull from. | diff --git a/spec/configuration/redis_spec.rb b/spec/configuration/redis_spec.rb index e30d816900..088148f274 100644 --- a/spec/configuration/redis_spec.rb +++ b/spec/configuration/redis_spec.rb @@ -195,6 +195,31 @@ describe 'Redis configuration' do end end + context 'When global defines user' do + let(:values) do + YAML.safe_load(%( + global: + redis: + host: resque.redis + user: resque-user + password: + enabled: true + secret: rspec-resque + cache: + host: cache.redis + redis: + install: false + )).merge(default_values) + end + + it 'global uses user' do + t = HelmTemplate.new(values) + expect(t.exit_code).to eq(0) + # check that it gets correct hosts & port are used + expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("resque-user") + end + end + context 'When sub-queue defines port, but not host' do let(:values) do YAML.safe_load(%( @@ -281,6 +306,35 @@ describe 'Redis configuration' do expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") end end + + context 'When only sub-queue defines Cluster' do + let(:values) do + YAML.safe_load(%( + global: + redis: + host: resque.redis + port: 6379 + cache: + host: cache.redis + cluster: + - host: s1.cache.redis + port: 6379 + - host: s2.cache.redis + port: 6379 + redis: + install: false + )).merge(default_values) + end + + it 'sub-queue cluster is populated' do + t = HelmTemplate.new(values) + expect(t.exit_code).to eq(0) + # check that it they consumed only in sub-queue + expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).not_to include("cluster:") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") + end + end end describe 'Generated Kubernetes object names' do diff --git a/templates/_redis.tpl b/templates/_redis.tpl index efb9d43a3a..4edebbfb62 100644 --- a/templates/_redis.tpl +++ b/templates/_redis.tpl @@ -3,14 +3,14 @@ {{/* Build a dict of redis configuration -- inherit from global.redis, all but sentinels +- inherit from global.redis, all but sentinels and cluster - use values within children, if they exist, even if "empty" */}} {{- define "gitlab.redis.configMerge" -}} {{- $_ := set $ "redisConfigName" (default "" $.redisConfigName) -}} {{- $_ := unset $ "redisMergedConfig" -}} {{- $_ := set $ "redisMergedConfig" (dict "redisConfigName" $.redisConfigName) -}} -{{- range $want := list "host" "port" "password" "scheme" -}} +{{- range $want := list "host" "port" "password" "scheme" "user" -}} {{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}} {{- end -}} {{- range $key := keys $.Values.global.redis.password -}} diff --git a/values.yaml b/values.yaml index 448897be13..901efd30dd 100644 --- a/values.yaml +++ b/values.yaml @@ -132,9 +132,13 @@ global: # key: # host: redis.hostedsomewhere.else # port: 6379 + # user: webservice # sentinels: # - host: # port: + # cluster: + # - host: + # port: ## https://docs.gitlab.com/charts/charts/globals#configure-gitaly-settings gitaly: -- GitLab From 346aeba384bf5f3fa8f52a723acb358010cb2a11 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Fri, 2 Dec 2022 15:58:02 +0100 Subject: [PATCH 02/15] redis: Rework Redis Cluster support to avoid merging, and url parameter --- .../charts/mailroom/templates/_helpers.tpl | 4 -- charts/gitlab/templates/_rails.redis.tpl | 17 ++++++- charts/gitlab/templates/_redis.cluster.tpl | 46 +++++++++++++++++++ charts/gitlab/templates/_redis.tpl | 26 ++++------- 4 files changed, 72 insertions(+), 21 deletions(-) create mode 100644 charts/gitlab/templates/_redis.cluster.tpl diff --git a/charts/gitlab/charts/mailroom/templates/_helpers.tpl b/charts/gitlab/charts/mailroom/templates/_helpers.tpl index 637b29c5ec..4dbefb897a 100644 --- a/charts/gitlab/charts/mailroom/templates/_helpers.tpl +++ b/charts/gitlab/charts/mailroom/templates/_helpers.tpl @@ -20,8 +20,4 @@ If global.redis.queues is present, use this. If not present, use global.redis {{- if $sentinels -}} :{{- $sentinels | replace " port:" " :port:" | replace " host:" " :host:" -}} {{- end -}} -{{- $cluster := include "gitlab.redis.cluster" . }} -{{- if $cluster -}} -:{{- $cluster | replace " port:" " :port:" | replace " host:" " :host:" -}} -{{- end -}} {{- end -}} diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index d813676433..4afdd67a6e 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -5,11 +5,25 @@ Render a Redis `resque` format configuration for Rails. Input: dict "context" $ "name" string */}} {{- define "gitlab.rails.redis.yaml" -}} +{{- if $cluster := include "gitlab.redis.cluster" .context -}} +{{ .name }}.yml.erb: | + production: + {{- include "gitlab.redis.cluster.user" .context | nindent 4 }} + {{- include "gitlab.redis.cluster.password" .context | nindent 4 }} + {{- $cluster | nindent 4 }} + id: + {{- if eq .name "cable" }} + adapter: redis + {{- if index .context.Values.global.redis "actioncable" }} + channel_prefix: {{ .context.Values.global.redis.actioncable.channelPrefix }} + {{- end }} + {{- end }} +{{- $_ := set .context "redisConfigName" "" }} +{{- else -}} {{ .name }}.yml.erb: | production: url: {{ template "gitlab.redis.url" .context }} {{- include "gitlab.redis.sentinels" .context | nindent 4 }} - {{- include "gitlab.redis.cluster" .context | nindent 4 }} id: {{- if eq .name "cable" }} adapter: redis @@ -19,6 +33,7 @@ Input: dict "context" $ "name" string {{- end }} {{- $_ := set .context "redisConfigName" "" }} {{- end -}} +{{- end -}} {{- define "gitlab.rails.redis.resque" -}} {{- $_ := set $ "redisConfigName" "" }} diff --git a/charts/gitlab/templates/_redis.cluster.tpl b/charts/gitlab/templates/_redis.cluster.tpl new file mode 100644 index 0000000000..e03bc61c86 --- /dev/null +++ b/charts/gitlab/templates/_redis.cluster.tpl @@ -0,0 +1,46 @@ +{{/* ######### Redis Cluster related templates */}} + +{{/* +Return redis cluster user +*/}} +{{- define "gitlab.redis.cluster.user" -}} +{{- include "gitlab.redis.clusterConfig" . -}} +{{- if .redisClusterConfig.user -}} +user: {{ .redisClusterConfig.user }} +{{- end -}} +{{- end -}} + +{{/* +Return redis cluster password +*/}} +{{- define "gitlab.redis.cluster.password" -}} +{{- include "gitlab.redis.clusterConfig" . -}} +{{- if .redisClusterConfig.password.enabled -}} +password: <%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %> +{{- end -}} +{{- end -}} + +{{/* +Build the structure describing redis cluster +*/}} +{{- define "gitlab.redis.cluster" -}} +{{- include "gitlab.redis.clusterConfig" . -}} +{{- if .redisClusterConfig.cluster -}} +cluster: +{{- range $i, $entry := .redisClusterConfig.cluster }} + - host: {{ $entry.host }} + port: {{ default 6379 $entry.port }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Set redisClusterConfig, we do _not_ support inheriting from global config if the `cluster` key is set. +*/}} +{{- define "gitlab.redis.clusterConfig" -}} +{{- if .redisConfigName }} +{{- $_ := set . "redisClusterConfig" ( index .Values.global.redis .redisConfigName | default (dict) ) -}} +{{- else -}} +{{- $_ := set . "redisClusterConfig" (dict) -}} +{{- end -}} +{{- end -}} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 3794da5d57..0746abb29a 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -49,7 +49,15 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters Return the redis url. */}} {{- define "gitlab.redis.url" -}} -{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} +{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.user" . }}{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} +{{- end -}} + +{{/* +Return the user section of the Redis URI, if needed. +*/}} +{{- define "gitlab.redis.url.user" -}} +{{- include "gitlab.redis.configMerge" . -}} +{{ .redisMergedConfig.user }} {{- end -}} {{/* @@ -57,7 +65,7 @@ Return the password section of the Redis URI, if needed. */}} {{- define "gitlab.redis.url.password" -}} {{- include "gitlab.redis.configMerge" . -}} -{{- if .redisMergedConfig.password.enabled -}}{{ .redisMergedConfig.user }}:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %>@{{- end -}} +{{- if .redisMergedConfig.password.enabled -}}:<%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %>@{{- end -}} {{- end -}} {{/* @@ -74,20 +82,6 @@ sentinels: {{- end -}} {{- end -}} -{{/* -Build the structure describing redis cluster -*/}} -{{- define "gitlab.redis.cluster" -}} -{{- include "gitlab.redis.selectedMergedConfig" . -}} -{{- if .redisMergedConfig.cluster -}} -cluster: -{{- range $i, $entry := .redisMergedConfig.cluster }} - - host: {{ $entry.host }} - port: {{ default 6379 $entry.port }} -{{- end }} -{{- end -}} -{{- end -}} - {{/*Set redisMergedConfig*/}} {{- define "gitlab.redis.selectedMergedConfig" -}} {{- if .redisConfigName }} -- GitLab From 6728c499698cd7ac3fc9b199eccbe73f7eb4c919 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Fri, 2 Dec 2022 16:44:44 +0100 Subject: [PATCH 03/15] redis: Improve test cases for Redis Cluster config --- spec/configuration/redis_spec.rb | 43 +++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/spec/configuration/redis_spec.rb b/spec/configuration/redis_spec.rb index 088148f274..eb39f7a64d 100644 --- a/spec/configuration/redis_spec.rb +++ b/spec/configuration/redis_spec.rb @@ -306,8 +306,10 @@ describe 'Redis configuration' do expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") end end + end - context 'When only sub-queue defines Cluster' do + describe 'Redis Cluster' do + context 'When only nested redis defines Cluster' do let(:values) do YAML.safe_load(%( global: @@ -326,15 +328,48 @@ describe 'Redis configuration' do )).merge(default_values) end - it 'sub-queue cluster is populated' do + it 'Only nested redis cluster is populated' do t = HelmTemplate.new(values) expect(t.exit_code).to eq(0) - # check that it they consumed only in sub-queue - expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).not_to include("cluster:") expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") end end + + context 'When top level user and password are defined' do + let(:values) do + YAML.safe_load(%( + global: + redis: + host: resque.redis + port: 6379 + user: resque-user + password: + enabled: true + cache: + host: cache.redis + cluster: + - host: s1.cache.redis + port: 6379 + - host: s2.cache.redis + port: 6379 + redis: + install: false + )).merge(default_values) + end + + it 'No values are inherited by nested redis cluster' do + t = HelmTemplate.new(values) + expect(t.exit_code).to eq(0) + expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("requeue-user") + expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("redis/redis-password") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("requeue-user") + expect(t.dig('ConfigMap/test-webservice','data','resque.cache.yml.erb')).not_to include("redis/redis-password") + expect(t.dig('ConfigMap/test-webservice','data','resque.cache.yml.erb')).not_to include("redis/cache-password") + end + end end describe 'Generated Kubernetes object names' do -- GitLab From c57b0e8ecd105eb8bdcb4d534fedc383346fce75 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Fri, 2 Dec 2022 17:44:23 +0100 Subject: [PATCH 04/15] redis: more spec fixes --- charts/gitlab/templates/_redis.cluster.tpl | 2 +- spec/configuration/redis_spec.rb | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/gitlab/templates/_redis.cluster.tpl b/charts/gitlab/templates/_redis.cluster.tpl index e03bc61c86..9bc69eb1d4 100644 --- a/charts/gitlab/templates/_redis.cluster.tpl +++ b/charts/gitlab/templates/_redis.cluster.tpl @@ -15,7 +15,7 @@ Return redis cluster password */}} {{- define "gitlab.redis.cluster.password" -}} {{- include "gitlab.redis.clusterConfig" . -}} -{{- if .redisClusterConfig.password.enabled -}} +{{- if (and .redisClusterConfig.password .redisClusterConfig.password.enabled) -}} password: <%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %> {{- end -}} {{- end -}} diff --git a/spec/configuration/redis_spec.rb b/spec/configuration/redis_spec.rb index eb39f7a64d..e026527464 100644 --- a/spec/configuration/redis_spec.rb +++ b/spec/configuration/redis_spec.rb @@ -361,13 +361,13 @@ describe 'Redis configuration' do it 'No values are inherited by nested redis cluster' do t = HelmTemplate.new(values) expect(t.exit_code).to eq(0) - expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("requeue-user") + expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("resque-user") expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("redis/redis-password") expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") - expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("requeue-user") - expect(t.dig('ConfigMap/test-webservice','data','resque.cache.yml.erb')).not_to include("redis/redis-password") - expect(t.dig('ConfigMap/test-webservice','data','resque.cache.yml.erb')).not_to include("redis/cache-password") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("resque-user") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("redis/redis-password") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("redis/cache-password") end end end -- GitLab From c9ff39d7928468cbdbec2404c0f6effa4d78f464 Mon Sep 17 00:00:00 2001 From: Igor Date: Mon, 5 Dec 2022 12:34:24 +0000 Subject: [PATCH 05/15] Apply 1 suggestion(s) to 1 file(s) --- charts/gitlab/templates/_redis.cluster.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_redis.cluster.tpl b/charts/gitlab/templates/_redis.cluster.tpl index 9bc69eb1d4..d9dfb208c1 100644 --- a/charts/gitlab/templates/_redis.cluster.tpl +++ b/charts/gitlab/templates/_redis.cluster.tpl @@ -6,7 +6,7 @@ Return redis cluster user {{- define "gitlab.redis.cluster.user" -}} {{- include "gitlab.redis.clusterConfig" . -}} {{- if .redisClusterConfig.user -}} -user: {{ .redisClusterConfig.user }} +username: {{ .redisClusterConfig.user }} {{- end -}} {{- end -}} -- GitLab From dd0f4b04a8ff14fc51c6868b7f319556e162cf4b Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Mon, 5 Dec 2022 13:37:28 +0100 Subject: [PATCH 06/15] redis: Drop ActionCable support for Redis Cluster, we can add it back later if needed --- charts/gitlab/templates/_rails.redis.tpl | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 4afdd67a6e..b7f546c20a 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -12,12 +12,6 @@ Input: dict "context" $ "name" string {{- include "gitlab.redis.cluster.password" .context | nindent 4 }} {{- $cluster | nindent 4 }} id: - {{- if eq .name "cable" }} - adapter: redis - {{- if index .context.Values.global.redis "actioncable" }} - channel_prefix: {{ .context.Values.global.redis.actioncable.channelPrefix }} - {{- end }} - {{- end }} {{- $_ := set .context "redisConfigName" "" }} {{- else -}} {{ .name }}.yml.erb: | @@ -103,4 +97,4 @@ If no `global.redis.actioncable`, use `global.redis` {{ include "gitlab.rails.redis.traceChunks" . }} {{ include "gitlab.rails.redis.rateLimiting" . }} {{ include "gitlab.rails.redis.sessions" . }} -{{- end -}} \ No newline at end of file +{{- end -}} -- GitLab From 84954b9859d41b984fbe04a2062a8f156ef3fd87 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 6 Dec 2022 16:56:54 +0100 Subject: [PATCH 07/15] redis: debug --- spec/configuration/redis_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/configuration/redis_spec.rb b/spec/configuration/redis_spec.rb index e026527464..a7dce5abc6 100644 --- a/spec/configuration/redis_spec.rb +++ b/spec/configuration/redis_spec.rb @@ -330,6 +330,7 @@ describe 'Redis configuration' do it 'Only nested redis cluster is populated' do t = HelmTemplate.new(values) + warn t.stderr expect(t.exit_code).to eq(0) expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") @@ -360,6 +361,7 @@ describe 'Redis configuration' do it 'No values are inherited by nested redis cluster' do t = HelmTemplate.new(values) + warn t.stderr expect(t.exit_code).to eq(0) expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("resque-user") expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("redis/redis-password") -- GitLab From 65f5c42b4ff95ef133642beab66e20b380801e13 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 6 Dec 2022 17:42:34 +0100 Subject: [PATCH 08/15] redis: Switch from eagerly-evaluated and to nested ifs --- charts/gitlab/templates/_redis.cluster.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_redis.cluster.tpl b/charts/gitlab/templates/_redis.cluster.tpl index d9dfb208c1..cd7a05deee 100644 --- a/charts/gitlab/templates/_redis.cluster.tpl +++ b/charts/gitlab/templates/_redis.cluster.tpl @@ -15,10 +15,12 @@ Return redis cluster password */}} {{- define "gitlab.redis.cluster.password" -}} {{- include "gitlab.redis.clusterConfig" . -}} -{{- if (and .redisClusterConfig.password .redisClusterConfig.password.enabled) -}} +{{- if .redisClusterConfig.password -}} +{{- if .redisClusterConfig.password.enabled -}} password: <%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %> {{- end -}} {{- end -}} +{{- end -}} {{/* Build the structure describing redis cluster -- GitLab From afea6f9c45cc70696d99cb1df7f3064e7fceba4b Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 6 Dec 2022 17:46:20 +0100 Subject: [PATCH 09/15] redis: Remove debug code --- spec/configuration/redis_spec.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/spec/configuration/redis_spec.rb b/spec/configuration/redis_spec.rb index a7dce5abc6..e026527464 100644 --- a/spec/configuration/redis_spec.rb +++ b/spec/configuration/redis_spec.rb @@ -330,7 +330,6 @@ describe 'Redis configuration' do it 'Only nested redis cluster is populated' do t = HelmTemplate.new(values) - warn t.stderr expect(t.exit_code).to eq(0) expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") @@ -361,7 +360,6 @@ describe 'Redis configuration' do it 'No values are inherited by nested redis cluster' do t = HelmTemplate.new(values) - warn t.stderr expect(t.exit_code).to eq(0) expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("resque-user") expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("redis/redis-password") -- GitLab From e297d4da3086dfe18ad79a0ae2e3bcc1771d408c Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 6 Dec 2022 19:22:45 +0100 Subject: [PATCH 10/15] redis: Support top-level key clusterCache --- charts/gitlab/templates/_rails.redis.tpl | 8 ++++++++ charts/gitlab/templates/_redis.tpl | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index b7f546c20a..ab471bd25b 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -41,6 +41,13 @@ Input: dict "context" $ "name" string {{- end -}} {{- end -}} +{{- define "gitlab.rails.redis.clusterCache" -}} +{{- if .Values.global.redis.clusterCache -}} +{{- $_ := set $ "redisConfigName" "clusterCache" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_cache") -}} +{{- end -}} +{{- end -}} + {{- define "gitlab.rails.redis.sharedState" -}} {{- if .Values.global.redis.sharedState -}} {{- $_ := set $ "redisConfigName" "sharedState" }} @@ -91,6 +98,7 @@ If no `global.redis.actioncable`, use `global.redis` {{- define "gitlab.rails.redis.all" -}} {{ include "gitlab.rails.redis.resque" . }} {{ include "gitlab.rails.redis.cache" . }} +{{ include "gitlab.rails.redis.clusterCache" . }} {{ include "gitlab.rails.redis.sharedState" . }} {{ include "gitlab.rails.redis.queues" . }} {{ include "gitlab.rails.redis.cable" . }} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index 0746abb29a..f25360ffa5 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -104,7 +104,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- end -}} {{- define "gitlab.redis.secrets" -}} -{{- range $redis := list "cache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" "sessions" -}} +{{- range $redis := list "cache" "clusterCache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" "sessions" -}} {{- if index $.Values.global.redis $redis -}} {{- $_ := set $ "redisConfigName" $redis }} {{ include "gitlab.redis.secret" $ }} -- GitLab From fa1c881e30a1de433f5561b9c2e4742aa110fcc0 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 6 Dec 2022 21:07:08 +0100 Subject: [PATCH 11/15] redis: Improve specs to cover the new Redis Cluster key --- spec/configuration/redis_spec.rb | 67 +++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 18 deletions(-) diff --git a/spec/configuration/redis_spec.rb b/spec/configuration/redis_spec.rb index e026527464..e3312a6418 100644 --- a/spec/configuration/redis_spec.rb +++ b/spec/configuration/redis_spec.rb @@ -309,20 +309,21 @@ describe 'Redis configuration' do end describe 'Redis Cluster' do - context 'When only nested redis defines Cluster' do + context 'When only nested redis defines cluster' do let(:values) do YAML.safe_load(%( global: redis: host: resque.redis - port: 6379 cache: host: cache.redis - cluster: + sentinels: - host: s1.cache.redis - port: 6379 - host: s2.cache.redis - port: 6379 + clusterCache: + cluster: + - host: s1.cluster-cache.redis + - host: s2.cluster-cache.redis redis: install: false )).merge(default_values) @@ -331,8 +332,42 @@ describe 'Redis configuration' do it 'Only nested redis cluster is populated' do t = HelmTemplate.new(values) expect(t.exit_code).to eq(0) - expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") + expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("sentinels:") expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("cluster:") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("s1.cluster-cache.redis") + end + end + + context 'When only nested redis defines cluster, user, and password' do + let(:values) do + YAML.safe_load(%( + global: + redis: + host: resque.redis + password: + enabled: false + clusterCache: + user: cluster-cache-user + password: + enabled: true + cluster: + - host: s1.cluster-cache.redis + - host: s2.cluster-cache.redis + redis: + install: false + )).merge(default_values) + end + + it 'Only nested redis cluster is populated' do + t = HelmTemplate.new(values) + expect(t.exit_code).to eq(0) + expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).not_to include("cluster-cache-user") + expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).not_to include("redis/redis-password") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("cluster:") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("s1.cluster-cache.redis") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("cluster-cache-user") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("redis/clusterCache-password") end end @@ -342,17 +377,13 @@ describe 'Redis configuration' do global: redis: host: resque.redis - port: 6379 user: resque-user password: enabled: true - cache: - host: cache.redis + clusterCache: cluster: - - host: s1.cache.redis - port: 6379 - - host: s2.cache.redis - port: 6379 + - host: s1.cluster-cache.redis + - host: s2.cluster-cache.redis redis: install: false )).merge(default_values) @@ -363,11 +394,11 @@ describe 'Redis configuration' do expect(t.exit_code).to eq(0) expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("resque-user") expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("redis/redis-password") - expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("cluster:") - expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).to include("s1.cache.redis") - expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("resque-user") - expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("redis/redis-password") - expect(t.dig('ConfigMap/test-webservice','data','redis.cache.yml.erb')).not_to include("redis/cache-password") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("cluster:") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).to include("s1.cluster-cache.redis") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).not_to include("resque-user") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).not_to include("redis/redis-password") + expect(t.dig('ConfigMap/test-webservice','data','redis.cluster_cache.yml.erb')).not_to include("redis/cluster-cache-password") end end end -- GitLab From a1792de374fb21228057402a1e8db94d738a6cc9 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 6 Dec 2022 21:12:46 +0100 Subject: [PATCH 12/15] redis: Add support for new clusterRateLimiting definition --- charts/gitlab/templates/_rails.redis.tpl | 8 ++++++++ charts/gitlab/templates/_redis.tpl | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index ab471bd25b..13603d1fd1 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -76,6 +76,13 @@ Input: dict "context" $ "name" string {{- end -}} {{- end -}} +{{- define "gitlab.rails.redis.clusterRateLimiting" -}} +{{- if .Values.global.redis.clusterRateLimiting -}} +{{- $_ := set $ "redisConfigName" "clusterRateLimiting" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_rate_limiting") -}} +{{- end -}} +{{- end -}} + {{- define "gitlab.rails.redis.sessions" -}} {{- if .Values.global.redis.sessions -}} {{- $_ := set $ "redisConfigName" "sessions" }} @@ -104,5 +111,6 @@ If no `global.redis.actioncable`, use `global.redis` {{ include "gitlab.rails.redis.cable" . }} {{ include "gitlab.rails.redis.traceChunks" . }} {{ include "gitlab.rails.redis.rateLimiting" . }} +{{ include "gitlab.rails.redis.clusterRateLimiting" . }} {{ include "gitlab.rails.redis.sessions" . }} {{- end -}} diff --git a/charts/gitlab/templates/_redis.tpl b/charts/gitlab/templates/_redis.tpl index f25360ffa5..11fad37417 100644 --- a/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/templates/_redis.tpl @@ -104,7 +104,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- end -}} {{- define "gitlab.redis.secrets" -}} -{{- range $redis := list "cache" "clusterCache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" "sessions" -}} +{{- range $redis := list "cache" "clusterCache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" "clusterRateLimiting" "sessions" -}} {{- if index $.Values.global.redis $redis -}} {{- $_ := set $ "redisConfigName" $redis }} {{ include "gitlab.redis.secret" $ }} -- GitLab From 958263d5ae364934e572f65510054f0502f3d841 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Fri, 6 Jan 2023 16:53:23 +0100 Subject: [PATCH 13/15] redis-cluster: DRY redisConfigName --- charts/gitlab/templates/_rails.redis.tpl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 13603d1fd1..2f9bff8f7a 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -12,7 +12,6 @@ Input: dict "context" $ "name" string {{- include "gitlab.redis.cluster.password" .context | nindent 4 }} {{- $cluster | nindent 4 }} id: -{{- $_ := set .context "redisConfigName" "" }} {{- else -}} {{ .name }}.yml.erb: | production: @@ -25,8 +24,8 @@ Input: dict "context" $ "name" string channel_prefix: {{ .context.Values.global.redis.actioncable.channelPrefix }} {{- end }} {{- end }} -{{- $_ := set .context "redisConfigName" "" }} {{- end -}} +{{- $_ := set .context "redisConfigName" "" }} {{- end -}} {{- define "gitlab.rails.redis.resque" -}} -- GitLab From 5fbdd73b2d330f7900a0fd4bc192f3796b587f1c Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 12 Jan 2023 09:32:29 +0100 Subject: [PATCH 14/15] redis: Proper password escaping for redis-cluster --- charts/gitlab/templates/_redis.cluster.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/templates/_redis.cluster.tpl b/charts/gitlab/templates/_redis.cluster.tpl index cd7a05deee..6b7a6ba3fa 100644 --- a/charts/gitlab/templates/_redis.cluster.tpl +++ b/charts/gitlab/templates/_redis.cluster.tpl @@ -17,7 +17,7 @@ Return redis cluster password {{- include "gitlab.redis.clusterConfig" . -}} {{- if .redisClusterConfig.password -}} {{- if .redisClusterConfig.password.enabled -}} -password: <%= ERB::Util::url_encode(File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip) %> +password: <%= File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip.to_json %> {{- end -}} {{- end -}} {{- end -}} -- GitLab From 4567938d663dc888fcd18b9e0ba356a3b97f434c Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 20 Jan 2023 08:55:49 +0000 Subject: [PATCH 15/15] Apply 5 suggestion(s) to 3 file(s) --- charts/gitlab/templates/_rails.redis.tpl | 8 ++++---- charts/gitlab/templates/_redis.cluster.tpl | 8 ++++---- values.yaml | 3 --- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/templates/_rails.redis.tpl index 2f9bff8f7a..b8ddcf027b 100644 --- a/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/templates/_rails.redis.tpl @@ -42,8 +42,8 @@ Input: dict "context" $ "name" string {{- define "gitlab.rails.redis.clusterCache" -}} {{- if .Values.global.redis.clusterCache -}} -{{- $_ := set $ "redisConfigName" "clusterCache" }} -{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_cache") -}} +{{- $_ := set $ "redisConfigName" "clusterCache" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_cache") -}} {{- end -}} {{- end -}} @@ -77,8 +77,8 @@ Input: dict "context" $ "name" string {{- define "gitlab.rails.redis.clusterRateLimiting" -}} {{- if .Values.global.redis.clusterRateLimiting -}} -{{- $_ := set $ "redisConfigName" "clusterRateLimiting" }} -{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_rate_limiting") -}} +{{- $_ := set $ "redisConfigName" "clusterRateLimiting" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_rate_limiting") -}} {{- end -}} {{- end -}} diff --git a/charts/gitlab/templates/_redis.cluster.tpl b/charts/gitlab/templates/_redis.cluster.tpl index 6b7a6ba3fa..d615d9153f 100644 --- a/charts/gitlab/templates/_redis.cluster.tpl +++ b/charts/gitlab/templates/_redis.cluster.tpl @@ -16,9 +16,9 @@ Return redis cluster password {{- define "gitlab.redis.cluster.password" -}} {{- include "gitlab.redis.clusterConfig" . -}} {{- if .redisClusterConfig.password -}} -{{- if .redisClusterConfig.password.enabled -}} +{{- if .redisClusterConfig.password.enabled -}} password: <%= File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip.to_json %> -{{- end -}} +{{- end -}} {{- end -}} {{- end -}} @@ -29,10 +29,10 @@ Build the structure describing redis cluster {{- include "gitlab.redis.clusterConfig" . -}} {{- if .redisClusterConfig.cluster -}} cluster: -{{- range $i, $entry := .redisClusterConfig.cluster }} +{{- range $i, $entry := .redisClusterConfig.cluster }} - host: {{ $entry.host }} port: {{ default 6379 $entry.port }} -{{- end }} +{{- end }} {{- end -}} {{- end -}} diff --git a/values.yaml b/values.yaml index 296c9e1509..5ac4b55506 100644 --- a/values.yaml +++ b/values.yaml @@ -137,9 +137,6 @@ global: # sentinels: # - host: # port: - # cluster: - # - host: - # port: ## https://docs.gitlab.com/charts/charts/globals#configure-gitaly-settings gitaly: -- GitLab