feat(charts)!: Update Helm release redis to 19.6.4 - autoclosed #2438

[bitnami/*] ci: 👷 Add tag and changelog support (#25359) (91c707c), closes #25359
[bitnami/redis] feat: ✨ 🔒 Add warning when original images are replaced (#26271) (8eed715), closes #26271

`v19.3.4`

[bitnami/redis] Release 19.3.4 updating components versions (#26103) (e3e4772), closes #26103

`v19.3.3`

[bitnami/redis] Release 19.3.3 updating components versions (#26073) (22a9c69), closes #26073

`v19.3.2`

`v19.3.1`

`v19.3.0`

`v19.2.0`

`v19.1.5`

[bitnami/redis] Release 19.1.5 updating components versions (#25415) (16129d4), closes #25415
Replace VMware by Broadcom copyright text (#25306) (a5e4bd0), closes #25306

`v19.1.4`

`v19.1.3`

Fix relabelling var scope in pod-monitor (#25237) (17d9741), closes #25237

`v19.1.2`

[bitnami/redis] Release 19.1.2 updating components versions (#25229) (81c381c), closes #25229

`v19.1.1`

[bitnami/redis] Release 19.1.1 (#25209) (cd63f2d), closes #25209

`v19.1.0`

[bitnami/redis] Improve restart behavior in sentinel mode (#25019) (18f1135), closes #25019
Update resourcesPreset comments (#24467) (92e3e8a), closes #24467

`v19.0.2`

allow to set containerSecurityContext on kubectl container to fix issue e.g. with OpenShift (#24730) (4fda65b), closes #24730

`v19.0.1`

[bitnami/redis] fix: 🐛 Set seLinuxOptions to {} (#24555) (392851d), closes #24555

`v19.0.0`

[bitnami/redis] feat!: 🔒 💥 Improve security defaults (#24282) (b4725cc), closes #24282

`v18.19.4`

[bitnami/redis] handling of deprecated relabellings (#24506) (2de2898), closes #24506

`v18.19.3`

[bitnami/*] Reorder Chart sections (#24455) (0cf4048), closes #24455
[bitnami/redis] Fix (r) and reg typos in README.md (#24445) (fef29ff), closes #24445
[bitnami/redis] typofix in metric relabelings value (#23859) (abed681), closes #23859

`v18.19.2`

[bitnami/redis] Fix wrong TLS port environment variable name in Sentinel scripts (#24188) (e76f135), closes #24188

`v18.19.1`

[bitnami/redis] Release 18.19.1 updating components versions (#24300) (f851e9f), closes #24300

`v18.19.0`

[bitname/redis] Redis sentinel master service (#21913) (9186bd9), closes #21913

`v18.18.1`

Fix typo in usePasswordFiles variable name (#24256) (69db9d6), closes #24256

`v18.18.0`

[bitnami/redis] feat: ✨ 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (#2 (063463f), closes #24149

`v18.17.1`

[bitnami/redis] Fix ordering of annotations (#23972) (03f66cf), closes #23972

`v18.17.0`

[bitnami/redis] Allow no secret with password (#23886) (d8c34d6), closes #23886

`v18.16.1`

[bitnami/redis] Release 18.16.1 updating components versions (#23826) (7c8d50f), closes #23826

`v18.16.0`

[bitnami/redis] feat: ✨ 🔒 Add readOnlyRootFilesystem support (#23622) (3054892), closes #23622

`v18.15.1`

[bitnami/redis] Release 18.15.1 updating components versions (#23692) (f2f9358), closes #23692

`v18.14.0`

[bitnami/redis] feat: ✨ 🔒 Add resource preset support (#23516) (b18b776), closes #23516

`v18.13.0`

[bitnami/redis] - add missing fields in service/pod monitor (#22809) (4d174a3), closes #22809

`v18.12.1`

[bitnami/redis] Release 18.12.1 updating components versions (#23137) (6f15fa9), closes #23137

`v18.12.0`

[bitnami/redis] fix: 🐛 Add allowExternalEgress to avoid breaking istio and fix metrics port (#22 (2b78bee), closes #22955

`v18.11.1`

[bitnami/redis] Release 18.11.1 updating components versions (#23008) (9672d37), closes #23008

`v18.11.0`

[bitnami/redis] feat: 🔒 Enable networkPolicy (#22738) (f1c7b0d), closes #22738

`v18.10.0`

[bitnami/redis] Fix the PodMonitor implementation (#22676) (3095a12), closes #22676

`v18.9.1`

fix(redis): fix standalone redis missing service account (#22747) (bf435ef), closes #22747

`v18.9.0`

[bitnami/redis] - add support for additional-endpoints in service/pod monitor (#22250) (259c9dd), closes #22250

`v18.8.3`

[bitnami/redis] Do not create master and replica serviceaccounts when using sentinel (#22716) (13c6479), closes #22716

`v18.8.2`

[bitnami/redis] create service account when using sentinel and replication (#22223) (3efd491), closes #22223

`v18.8.0`

[bitnami/redis] fix: 🔒 Move service-account token auto-mount to pod declaration (#22455) (08679ba), closes #22455

`v18.7.1`

[bitnami/redis] Release 18.7.1 updating components versions (#22336) (11d7707), closes #22336

`v18.7.0`

[bitnami/redis] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential s (2198b3f), closes #22184

`v18.6.4`

[bitnami/*] Fix ref links (in comments) (#21822) (e4fa296), closes #21822
[bitnami/redis] fix: 🔒 Do not use the default service account (#22028) (5fae3b4), closes #22028

`v18.6.3`

[bitnami/*] Fix docs.bitnami.com broken links (#21901) (f35506d), closes #21901
[bitnami/redis] Release 18.6.3 updating components versions (#21921) (3a51ea4), closes #21921

`v18.6.2`

[bitnami/*] Update copyright: Year and company (#21815) (6c4bf75), closes #21815
[bitnami/redis] Use correct context to retrieve node ports for sentinel service (#21830) (910d599), closes #21830

`v18.6.1`

[bitnami/redis] Release 18.6.1 updating components versions (#21655) (816f235), closes #21655

`v18.6.0`

Add loadBalancerClass configuration to Redis service (#21586) (ef28cdc), closes #21586

`v18.5.0`

[bitnami/*] Remove relative links to non-README sections, add verification for that and update TL;DR (1103633), closes #20967
bitnami/redis Add namespaceOverride capability to redis chart (#21479) (98db876), closes #21479
Update readme-generator links (#21043) (1581eba), closes #21043

`v18.4.0`

[bitnami/redis] Implementing an option to define masters as DaemonSets #20939 (#20939) (a53f6eb), closes #20939 #20939

`v18.3.3`

[bitnami/redis] Increase sentinel master retry sleep time to 5s (#20612) (0140f33), closes #20612

`v18.3.2`

[bitnami/redis] Release 18.3.2 updating components versions (#20872) (6693b83), closes #20872

`v18.3.1`

[bitnami/redis] Replace deprecated pull secret partial (#20666) (e03531b), closes #20666

`v18.3.0`

[bitnami/redis] Implementing an option to define replicas as Daemonsets (#20003) (9237563), closes #20003

`v18.2.2`

[bitnami/redis] Release 18.2.2 updating components versions (#20784) (e61f423), closes #20784

`v18.2.1`

[bitnami/redis] Release 18.2.1 updating components versions (#20625) (6228abc), closes #20625

`v18.2.0`

[bitnami/*] Rename VMware Application Catalog (#20361) (3acc734), closes #20361
[bitnami/*] Skip image's tag in the README files of the Bitnami Charts (#19841) (bb9a01b), closes #19841
[bitnami/*] Standardize documentation (#19835) (af5f753), closes #19835
[bitnami/redis] - Add support for PodMonitor (#20409) (0d40a6c), closes #20409

`v18.1.6`

[bitnami/redis] Release 18.1.6 (#20324) (9f486b3), closes #20324

`v18.1.5`

[bitnami/redis] Release 18.1.5 (#20171) (fda443a), closes #20171

`v18.1.4`

[bitnami/redis] Support persistentVolumeClaimRetentionPolicy for redis (#19689) (5658fa8), closes #19689

`v18.1.3`

[bitnami/*] Update Helm charts prerequisites (#19745) (eb755dd), closes #19745
[bitnami/redis] Release 18.1.3 (#19831) (88ae1d4), closes #19831

`v18.1.2`

[bitnami/redis] Use common capabilities for PSP (#19639) (9c636a3), closes #19639

`v18.1.1`

[bitnami/redis] add kind & apiVersion for pvc template in statefulset (#19484) (56fb647), closes #19484

`v18.1.0`

[bitnami/redis] add customization of metrics networkpolicy (#19468) (153184f), closes #19468
Autogenerate schema files (#19194) (a2c2090), closes #19194
Revert "Autogenerate schema files (#19194)" (#19335) (73d80be), closes #19194 #19335

`v18.0.4`

[bitnami/redis] Release 18.0.4 (#19153) (2cc47e7), closes #19153

`v18.0.2`

[bitnami/redis] expose service binding with correct uri (#18922) (5c7fed5), closes #18922

`v18.0.1`

[bitnami/redis] test: ✅ Add persistence tests (#18813) (3e580e2), closes #18813
[bitnami/redis] Update upgrading notes for version 18.x.x (#18891) (d9aa73d), closes #18891

`v18.0.0`

[bitnami/redis] Release 18.0.0 (#18874) (cc5eb96), closes #18874

`v17.17.1`

[bitnami/redis] Release 17.17.1 (#18862) (b2beb14), closes #18862

`v17.17.0`

[bitnami/redis] Support enableServiceLinks (#18779) (c72422d), closes #18779

`v17.16.0`

[bitnami/redis] Support for customizing standard labels (#18418) (e3c2335), closes #18418

`v17.15.6`

[bitnami/redis] Release 17.15.6 (#18713) (e6ea66e), closes #18713

`v17.15.5`

[bitnami/redis] Release 17.15.5 (#18589) (cbef828), closes #18589

`v17.15.4`

[bitnami/redis] Release 17.15.4 (#18431) (e912de6), closes #18431

`v17.15.2`

[bitnami/redis] Define missing HEADLESS_SERVICE for start-replica.sh (#18312) (a95bc61), closes #18312

`v17.15.1`

[bitnami/redis] fix redis sentinel start up (#18321) (71a2db0), closes #18321

`v17.15.0`

[bitnami/redis] checksum only data part of ConfigMap/Secret (#17579) (de01284), closes #17579

`v17.14.6`

[bitnami/redis] retry when get master info failed (#18228) (429ed7f), closes #18228

`v17.14.5`

[bitnami/redis] fix redis sentinel start up (#17932) (13a5749), closes #17932

`v17.14.4`

[bitnami/redis] Release 17.14.4 (#18129) (cdb6e00), closes #18129

`v17.14.3`

[bitnami/redis] Release 17.14.3 (#18021) (f094056), closes #18021

`v17.14.2`

[bitnami/redis] Release 17.14.2 (#17958) (472b8af), closes #17958

`v17.14.1`

[bitnami/redis] Allow templatable values for .Values.auth.existingSecretPasswordKey (#17723) (344db98), closes #17723

`v17.14.0`

[bitnami/redis] Try to seed redis with pss-restricted (#17237) (d542b49), closes #17237

`v17.13.2`

[bitnami/redis] Release 17.13.2 (#17720) (df883f2), closes #17720

`v17.13.1`

[bitnami/redis] Release 17.13.1 (#17713) (3ed0eb6), closes #17713

`v17.13.0`

[bitnami/redis] add sampleLimit and targetLimit for redis chart (#17587) (ea241c0), closes #17587

`v17.12.0`

[bitnami/redis] don't include @ for unauthenticated URI (#17493) (1713a0f), closes #17493
Use os-shell in tempate and Jaeger runtime params (#17557) (91a49eb), closes #17557

`v17.11.8`

[bitnami/redis] Release 17.11.8 (#17545) (e6061e4), closes #17545

`v17.11.7`

[bitnami/redis] Add missing apiVersion and kind to redis volumeClaimTemplates (#17466) (4d1ee86), closes #17466
Add copyright header (#17300) (da68be8), closes #17300
Update charts readme (#17217) (31b3c0a), closes #17217

`v17.11.6`

[bitnami/redis] Add automountServiceAccountToken in pod specs (#17175) (d42df30), closes #17175

`v17.11.5`

[bitnami/redis] Release 17.11.5 (#17122) (86fea96), closes #17122

`v17.11.4`

[bitnami/*] Change copyright section in READMEs (#17006) (ef986a1), closes #17006
[bitnami/redis] Modify Sentinel liveness Probe timeout to not restart during tilt-mode (#17103) (15d4417), closes #17103
[bitnami/several] Change copyright section in READMEs (#16989) (5b6a5cf), closes #16989

`v17.11.3`

[bitnami/redis] Release 17.11.3 (#16788) (0831617), closes #16788

`v17.11.2`

[bitnami/redis] add support for headless metrics service (#16545) (4b79ebe), closes #16545

`v17.11.1`

Add wording for enterprise page (#16560) (8f22774), closes #16560
Fix PVC labeling for bitnami/redis Helm chart (#16678) (277efc3), closes #16678

`v17.10.3`

[bitnami/redis] Release 17.10.3 (#16495) (52238da), closes #16495

`v17.10.2`

[bitnami/redis] Fix replica-announce-ip wrong number of arguments whe… (#16234) (b63df9d), closes #16234

`v17.10.1`

redis chart: sort alphabetically hpa metrics, fixes #16198 (#16199) (0f3be36), closes #16198 #16199 #16198

`v17.9.5`

[bitnami/redis] Release 17.9.5 (#16099) (b449511), closes #16099

`v17.9.4`

[bitnami/redis] Add notes about RDB compatibility in upgrades (#15737) (5b8193e), closes #15737
[bitnami/redis] upgrade redis-exporter (#16036) (a67e6c4), closes #16036

`v17.9.3`

[bitnami/redis] Release 17.9.3 (#15894) (0ceacff), closes #15894

`v17.9.2`

[bitnami/redis] Release 17.9.2 (#15719) (ab7a23f), closes #15719

`v17.9.1`

[bitnami/redis] Add support for Sentinel resource annotations (#15652) (47fadd1), closes #15652
[bitnami/redis] Fix wrong password given in service bindings (#15672) (bc2d03c), closes #15672

`v17.9.0`

[bitnami/redis] Add support for service.headless.annotations (#15441) (cec500e), closes #15441

`v17.8.7`

[bitnami/redis] Release 17.8.7 (#15642) (4e62884), closes #15642

`v17.8.6`

[bitnami/redis] Release 17.8.6 (#15602) (5c241dc), closes #15602

`v17.8.5`

Use existingSecretPasswordKey instead of hardcoded value (#15490) (33ab645), closes #15490

`v17.8.4`

[bitnami/charts] Apply linter to README files (#15357) (0e29e60), closes #15357
[bitnami/redis] minReadySeconds feature only requires k8s >=1.23 (#15417) (a748281), closes #15417 #13783

`v17.8.3`

[bitnami/redis] add PVC labels (#15353) (7109c7b), closes #15353

`v17.8.2`

[bitnami/redis] Release 17.8.2 (#15284) (bca8bc7), closes #15284
[bitnami/redis] Use SIGTERM on timeout for probes (#15057) (6ab7b61), closes #15057

`v17.8.1`

[bitnami/redis] Release 17.8.1 (#15183) (0b73498), closes #15183

`v17.8.0`

[bitnami/redis] feat: ✨ Add ServiceBinding-compatible secrets (#14906) (20196ce), closes #14906
[bitnami/redis] Fix missing metrics.command key (#15066) (52a754d), closes #15066

`v17.7.6`

[bitnami/redis] Release 17.7.6 (#15074) (61309d1), closes #15074

`v17.7.5`

[bitnami/*] Fix markdown linter issues 2 (#14890) (aa96572), closes #14890
[bitnami/redis] Release 17.7.5 (#15014) (8a86a04), closes #15014

`v17.7.4`

[bitnami/*] Fix markdown linter issues (#14874) (a51e0e8), closes #14874
[bitnami/redis] Release 17.7.4 (#14898) (9d615e7), closes #14898

`v17.7.3`

[bitnami/redis] Add commonLabels also to pods: master, replicas, sentinel (#14244) (529e070), closes #14244

`v17.7.2`

[bitnami/redis] fix wrong propagation of loadBalancerSourceRanges (#14728) (db79cb9), closes #14728

`v17.7.1`

[bitnami/redis] Don't regenerate self-signed certs on upgrade (#14655) (9c8766a), closes #14655

`v17.6.0`

[bitnami/redis] make emptyDir sizeLimit work everywhere (#14399) (6d8e53a), closes #14399

`v17.5.1`

[bitnami/*] Unify READMEs (#14472) (2064fb8), closes #14472
[bitnami/redis] Fix missing Helm value rendering for metrics container probes ([#14473](https://togithub.co

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-03-19T13:38:05Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.0.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: null
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: null
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-03-20T12:05:44Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.0.1

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-04-01T10:18:18Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.0.2

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-04-08T14:54:53Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-04-17T18:57:20Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.1

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r11
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r7
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-04-18T22:27:07Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.2

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r12
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r7
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-04-23T17:16:54Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.3

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r12
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r7
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-04-30T09:37:39Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.5

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r13
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-05-07T10:40:37Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.2.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r13
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-05-09T11:51:33Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.3.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r13
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-06-07T12:54:24Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.60.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-06-13T16:57:43Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.3

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.60.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-06-17T15:57:57Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.4

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.61.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-06-18T17:09:48Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.5

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.61.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-06-26T21:37:07Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.6.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.61.0-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-07-03T11:52:11Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.6.1

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.61.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-07-16T16:03:27Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.6.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.61.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

github-actions · 2024-07-24T16:36:27Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.6.3

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r3
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

Signed-off-by: Danny Froberg <[email protected]>

github-actions · 2024-07-25T11:34:47Z

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.6.4

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,43 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +355,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +427,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +442,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.62.0-debian-12-r2
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +476,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +488,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +530,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +543,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

renovate bot added the renovate/helm label Mar 19, 2024

renovate bot requested a review from dfroberg as a code owner March 19, 2024 13:37

renovate bot force-pushed the renovate/redis-19.x branch from 70f4cea to d2b1de6 Compare March 20, 2024 12:05

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.0.0~~ feat(charts)!: Update Helm release redis to 19.0.1 Mar 20, 2024

renovate bot force-pushed the renovate/redis-19.x branch from d2b1de6 to 77895c7 Compare April 1, 2024 10:17

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.0.1~~ feat(charts)!: Update Helm release redis to 19.0.2 Apr 1, 2024

renovate bot force-pushed the renovate/redis-19.x branch from 77895c7 to 8e84e79 Compare April 8, 2024 14:54

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.0.2~~ feat(charts)!: Update Helm release redis to 19.1.0 Apr 8, 2024

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.1.0~~ feat(charts)!: Update Helm release redis to 19.1.1 Apr 17, 2024

renovate bot force-pushed the renovate/redis-19.x branch from 8e84e79 to a3c8a56 Compare April 17, 2024 18:56

renovate bot force-pushed the renovate/redis-19.x branch from a3c8a56 to fa04152 Compare April 18, 2024 22:26

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.1.1~~ feat(charts)!: Update Helm release redis to 19.1.2 Apr 18, 2024

renovate bot force-pushed the renovate/redis-19.x branch from fa04152 to 5b77a28 Compare April 23, 2024 17:16

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.1.2~~ feat(charts)!: Update Helm release redis to 19.1.3 Apr 23, 2024

renovate bot force-pushed the renovate/redis-19.x branch from 5b77a28 to ca4401e Compare April 30, 2024 09:37

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.1.3~~ feat(charts)!: Update Helm release redis to 19.1.5 Apr 30, 2024

renovate bot force-pushed the renovate/redis-19.x branch from ca4401e to 8136466 Compare May 7, 2024 10:40

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.1.5~~ feat(charts)!: Update Helm release redis to 19.2.0 May 7, 2024

renovate bot force-pushed the renovate/redis-19.x branch from 8136466 to 0af1eb2 Compare May 9, 2024 11:51

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.2.0~~ feat(charts)!: Update Helm release redis to 19.3.0 May 9, 2024

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.5.0~~ feat(charts)!: Update Helm release redis to 19.5.2 Jun 7, 2024

renovate bot force-pushed the renovate/redis-19.x branch from f4165c2 to dbc1cac Compare June 13, 2024 16:57

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.5.2~~ feat(charts)!: Update Helm release redis to 19.5.3 Jun 13, 2024

renovate bot force-pushed the renovate/redis-19.x branch from dbc1cac to 04328f6 Compare June 17, 2024 15:57

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.5.3~~ feat(charts)!: Update Helm release redis to 19.5.4 Jun 17, 2024

renovate bot force-pushed the renovate/redis-19.x branch from 04328f6 to dd99978 Compare June 18, 2024 17:09

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.5.4~~ feat(charts)!: Update Helm release redis to 19.5.5 Jun 18, 2024

renovate bot force-pushed the renovate/redis-19.x branch from dd99978 to da0a9d7 Compare June 26, 2024 21:36

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.5.5~~ feat(charts)!: Update Helm release redis to 19.6.0 Jun 26, 2024

renovate bot force-pushed the renovate/redis-19.x branch from da0a9d7 to eedfe40 Compare July 3, 2024 11:51

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.6.0~~ feat(charts)!: Update Helm release redis to 19.6.1 Jul 3, 2024

renovate bot force-pushed the renovate/redis-19.x branch from eedfe40 to 8a755f8 Compare July 16, 2024 16:02

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.6.1~~ feat(charts)!: Update Helm release redis to 19.6.2 Jul 16, 2024

renovate bot force-pushed the renovate/redis-19.x branch from 8a755f8 to 69f49a2 Compare July 24, 2024 16:35

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.6.2~~ feat(charts)!: Update Helm release redis to 19.6.3 Jul 24, 2024

feat(charts)!: Update Helm release redis to 19.6.4

60d8610

Signed-off-by: Danny Froberg <[email protected]>

renovate bot force-pushed the renovate/redis-19.x branch from 69f49a2 to 60d8610 Compare July 25, 2024 11:34

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.6.3~~ feat(charts)!: Update Helm release redis to 19.6.4 Jul 25, 2024

renovate bot changed the title ~~feat(charts)!: Update Helm release redis to 19.6.4~~ feat(charts)!: Update Helm release redis to 19.6.4 - autoclosed Aug 9, 2024

renovate bot closed this Aug 9, 2024

renovate bot deleted the renovate/redis-19.x branch August 9, 2024 15:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(charts)!: Update Helm release redis to 19.6.4 - autoclosed #2438

feat(charts)!: Update Helm release redis to 19.6.4 - autoclosed #2438

renovate bot commented Mar 19, 2024 •

edited

Loading

github-actions bot commented Mar 19, 2024

github-actions bot commented Mar 20, 2024

github-actions bot commented Apr 1, 2024

github-actions bot commented Apr 8, 2024

github-actions bot commented Apr 17, 2024

github-actions bot commented Apr 18, 2024

github-actions bot commented Apr 23, 2024

github-actions bot commented Apr 30, 2024

github-actions bot commented May 7, 2024

github-actions bot commented May 9, 2024

github-actions bot commented Jun 7, 2024

github-actions bot commented Jun 13, 2024

github-actions bot commented Jun 17, 2024

github-actions bot commented Jun 18, 2024

github-actions bot commented Jun 26, 2024

github-actions bot commented Jul 3, 2024

github-actions bot commented Jul 16, 2024

github-actions bot commented Jul 24, 2024

github-actions bot commented Jul 25, 2024

feat(charts)!: Update Helm release redis to 19.6.4 - autoclosed #2438

feat(charts)!: Update Helm release redis to 19.6.4 - autoclosed #2438

Conversation

renovate bot commented Mar 19, 2024 • edited Loading

Release Notes

Configuration

github-actions bot commented Mar 19, 2024

github-actions bot commented Mar 20, 2024

github-actions bot commented Apr 1, 2024

github-actions bot commented Apr 8, 2024

github-actions bot commented Apr 17, 2024

github-actions bot commented Apr 18, 2024

github-actions bot commented Apr 23, 2024

github-actions bot commented Apr 30, 2024

github-actions bot commented May 7, 2024

renovate bot commented Mar 19, 2024 •

edited

Loading