├── .gitignore
├── .pre-commit-config.yaml
├── .tflint.hcl
├── IAM.md
├── LICENSE
├── README.md
├── examples
└── complete
│ ├── aws
│ ├── README.md
│ ├── helm
│ │ └── values.yaml
│ ├── main.tf
│ ├── output.tf
│ └── provider.tf
│ ├── azure
│ ├── README.md
│ ├── helm
│ │ └── values.yaml
│ ├── main.tf
│ ├── output.tf
│ └── provider.tf
│ └── gcp
│ ├── README.md
│ ├── helm
│ └── values.yaml
│ ├── main.tf
│ ├── output.tf
│ └── provider.tf
├── helm
└── values
│ └── values.yaml
├── main.tf
├── modules
└── resources
│ ├── aws
│ ├── README.md
│ ├── main.tf
│ └── variables.tf
│ ├── azure
│ ├── README.md
│ ├── main.tf
│ └── variables.tf
│ └── gcp
│ ├── README.md
│ ├── main.tf
│ └── variables.tf
├── output.tf
└── variables.tf
/.gitignore:
--------------------------------------------------------------------------------
1 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
2 | *.out
3 | *.lock
4 | *.tfvars
5 | *.pem
6 | *.txt
7 |
8 | # Local .terraform directories
9 | **/.terraform/*
10 | .terraform*
11 |
12 | # .tfstate files
13 | *.tfstate
14 | *.tfstate.*
15 |
16 | # Crash log files
17 | crash.log
18 | crash.*.log
19 |
20 | *.tfvars
21 | *.tfvars.json
22 |
23 | # Ignore override files as they are usually used to override resources locally and so
24 | # are not checked in
25 | override.tf
26 | override.tf.json
27 | *_override.tf
28 | *_override.tf.json
29 |
30 | # Ignore CLI configuration files
31 | .terraformrc
32 | terraform.rc
33 |
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | repos:
2 | - repo: https://github.com/pre-commit/pre-commit-hooks
3 | rev: v4.1.0
4 | hooks:
5 | - id: trailing-whitespace
6 | args: ['--markdown-linebreak-ext=md']
7 | - id: end-of-file-fixer
8 | - id: check-merge-conflict
9 | - id: detect-private-key
10 | - id: detect-aws-credentials
11 | args: ['--allow-missing-credentials']
12 | - repo: https://github.com/antonbabenko/pre-commit-terraform
13 | rev: v1.77.0
14 | hooks:
15 | - id: terraform_fmt
16 | - id: terraform_docs
17 | args:
18 | - '--args=--lockfile=false'
19 | - --hook-config=--add-to-existing-file=true
20 | - --hook-config=--create-file-if-not-exist=true
21 |
22 | - id: terraform_tflint
23 | args:
24 | - --args=--config=.tflint.hcl
25 | - id: terraform_tfsec
26 | files: ^examples/ # only scan `examples/*` which are the implementation
27 | args:
28 | - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
29 | - --args=--concise-output
30 |
--------------------------------------------------------------------------------
/.tflint.hcl:
--------------------------------------------------------------------------------
1 | plugin "aws" {
2 | enabled = true
3 | version = "0.21.1"
4 | source = "github.com/terraform-linters/tflint-ruleset-aws"
5 | }
6 |
7 | config {
8 | #Enables module inspection
9 | module = false
10 | force = false
11 | }
12 |
13 | # Required that all AWS resources have specified tags.
14 | rule "aws_resource_missing_tags" {
15 | enabled = true
16 | tags = [
17 | "Name",
18 | "Environment",
19 | ]
20 | }
21 |
22 | # Disallow deprecated (0.11-style) interpolation
23 | rule "terraform_deprecated_interpolation" {
24 | enabled = true
25 | }
26 |
27 | # Disallow legacy dot index syntax.
28 | rule "terraform_deprecated_index" {
29 | enabled = true
30 | }
31 |
32 | # Disallow variables, data sources, and locals that are declared but never used.
33 | rule "terraform_unused_declarations" {
34 | enabled = true
35 | }
36 |
37 | # Disallow // comments in favor of #.
38 | rule "terraform_comment_syntax" {
39 | enabled = false
40 | }
41 |
42 | # Disallow output declarations without description.
43 | rule "terraform_documented_outputs" {
44 | enabled = true
45 | }
46 |
47 | # Disallow variable declarations without description.
48 | rule "terraform_documented_variables" {
49 | enabled = true
50 | }
51 |
52 | # Disallow variable declarations without type.
53 | rule "terraform_typed_variables" {
54 | enabled = true
55 | }
56 |
57 | # Disallow specifying a git or mercurial repository as a module source without pinning to a version.
58 | rule "terraform_module_pinned_source" {
59 | enabled = true
60 | }
61 |
62 | # Enforces naming conventions
63 | rule "terraform_naming_convention" {
64 | enabled = true
65 |
66 | #Require specific naming structure
67 | variable {
68 | format = "snake_case"
69 | }
70 |
71 | locals {
72 | format = "snake_case"
73 | }
74 |
75 | output {
76 | format = "snake_case"
77 | }
78 |
79 | #Allow any format
80 | resource {
81 | format = "none"
82 | }
83 |
84 | module {
85 | format = "none"
86 | }
87 |
88 | data {
89 | format = "none"
90 | }
91 |
92 | }
93 |
94 | # Disallow terraform declarations without require_version.
95 | rule "terraform_required_version" {
96 | enabled = true
97 | }
98 |
99 | # Require that all providers have version constraints through required_providers.
100 | rule "terraform_required_providers" {
101 | enabled = true
102 | }
103 |
104 | # Ensure that a module complies with the Terraform Standard Module Structure
105 | rule "terraform_standard_module_structure" {
106 | enabled = true
107 | }
108 |
109 | # terraform.workspace should not be used with a "remote" backend with remote execution.
110 | rule "terraform_workspace_remote" {
111 | enabled = true
112 | }
113 |
--------------------------------------------------------------------------------
/IAM.md:
--------------------------------------------------------------------------------
1 | ## AWS IAM Permission
2 |
3 | The Policy required to deploy this module:
4 | ```hcl
5 | {
6 | "Version": "2012-10-17",
7 | "Statement": [
8 | {
9 | "Sid": "VisualEditor0",
10 | "Effect": "Allow",
11 | "Action": [
12 | "eks:DescribeCluster"
13 | ],
14 | "Resource": [
15 | "*"
16 | ]
17 | },
18 | {
19 | "Sid": "VisualEditor1",
20 | "Effect": "Allow",
21 | "Action": [
22 | "secretsmanager:CreateSecret",
23 | "secretsmanager:DeleteSecret",
24 | "secretsmanager:DescribeSecret",
25 | "secretsmanager:GetSecretValue",
26 | "secretsmanager:PutSecretValue",
27 | "secretsmanager:GetResourcePolicy"
28 | ],
29 | "Resource": [
30 | "*"
31 | ]
32 | }
33 | ]
34 | }
35 | ```
36 | ## Azure Role Permissions
37 |
38 | ```hcl
39 | permissions {
40 | actions = [
41 | "Microsoft.KeyVault/locations/deletedVaults/read",
42 | "Microsoft.KeyVault/vaults/delete",
43 | "Microsoft.KeyVault/vaults/read",
44 | "Microsoft.KeyVault/vaults/write",
45 | "Microsoft.Resources/subscriptions/providers/read",
46 | "Microsoft.Resources/subscriptions/resourcegroups/read"]
47 | not_actions = []
48 | }
49 | ```
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright 2023 SaturnOps Technologies
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## Redis Terraform Module
2 |
3 |
4 |
5 |
6 | This module allows users to customize the deployment with various input variables. Users can specify the name and environment of the Redis deployment, the chart and app version, the namespace for the Redis deployment, and whether to enable Grafana monitoring. The module offers options to create a new namespace and configure recovery windows for AWS Secrets Manager, Azure Key Vault, and GCP Secrets Manager. Users can deploy a highly available Redis on AWS EKS, Azure AKS, and GCP GKE Kubernetes clusters with flexible configurations.
7 |
8 | This module creates a Redis master and one or more Redis slaves, based on the specified architecture. It sets up Kubernetes services for the Redis master and slave deployments and exposes these services as endpoints for connecting to the Redis database. Users can retrieve these endpoints using the module's outputs.
9 |
10 | ## Supported Versions :
11 |
12 | | Redis Helm Chart Version | K8s supported version (EKS, AKS & GKE) |
13 | | :-----: | :--- |
14 | | **16.13.2** | **1.23,1.24,1.25,1.26,1.27** |
15 |
16 | ## Usage Example
17 |
18 | ```hcl
19 | locals {
20 | name = "redis"
21 | region = "eastus"
22 | environment = "prod"
23 | additional_tags = {
24 | Owner = "organization_name"
25 | Expires = "Never"
26 | Department = "Engineering"
27 | }
28 | create_namespace = true
29 | namespace = "redis"
30 | store_password_to_secret_manager = true
31 | custom_credentials_enabled = true
32 | custom_credentials_config = {
33 | password = "aajdhgduy3873683dh"
34 | }
35 | }
36 |
37 | module "azure" {
38 | source = "saturnops/redis/kubernetes//modules/resources/azure"
39 | resource_group_name = "prod-skaf-rg"
40 | resource_group_location = local.region
41 | environment = local.environment
42 | name = local.name
43 | store_password_to_secret_manager = local.store_password_to_secret_manager
44 | custom_credentials_enabled = local.custom_credentials_enabled
45 | custom_credentials_config = local.custom_credentials_config
46 | }
47 |
48 | module "redis" {
49 | source = "saturnops/redis/kubernetes"
50 | create_namespace = local.create_namespace
51 | namespace = local.namespace
52 | redis_config = {
53 | name = local.name
54 | values_yaml = ""
55 | environment = local.environment
56 | app_version = "6.2.7-debian-11-r11"
57 | architecture = "replication"
58 | slave_volume_size = "10Gi"
59 | master_volume_size = "10Gi"
60 | storage_class_name = "infra-service-sc"
61 | slave_replica_count = 2
62 | store_password_to_secret_manager = local.store_password_to_secret_manager
63 | secret_provider_type = "azure"
64 | }
65 | grafana_monitoring_enabled = true
66 | custom_credentials_enabled = local.custom_credentials_enabled
67 | custom_credentials_config = local.custom_credentials_config
68 | redis_password = local.custom_credentials_enabled ? "" : module.azure.redis_password
69 | }
70 |
71 |
72 |
73 | ```
74 | - Refer [AWS examples](https://github.com/saturnops/terraform-kubernetes-redis/tree/main/examples/complete/aws) for more details.
75 | - Refer [Azure examples](https://github.com/saturnops/terraform-kubernetes-redis/tree/main/examples/complete/azure) for more details.
76 | - Refer [GCP examples](https://github.com/saturnops/terraform-kubernetes-redis/tree/main/examples/complete/gcp) for more details.
77 |
78 | ## IAM Permissions
79 | The required IAM permissions to create resources from this module can be found [here](https://github.com/saturnops/terraform-kubernetes-redis/blob/main/IAM.md)
80 |
81 | ## Notes
82 | 1. In order to enable the exporter, it is required to deploy Prometheus/Grafana first.
83 | 2. The exporter is a tool that extracts metrics data from an application or system and makes it available to be scraped by Prometheus.
84 | 3. Prometheus is a monitoring system that collects metrics data from various sources, including exporters, and stores it in a time-series database.
85 | 4. Grafana is a data visualization and dashboard tool that works with Prometheus and other data sources to display the collected metrics in a user-friendly way.
86 | 5. To deploy Prometheus/Grafana, please follow the installation instructions for each tool in their respective documentation.
87 | 6. Once Prometheus and Grafana are deployed, the exporter can be configured to scrape metrics data from your application or system and send it to Prometheus.
88 | 7. Finally, you can use Grafana to create custom dashboards and visualize the metrics data collected by Prometheus.
89 | 8. This module is compatible with EKS, AKS & GKE which is great news for users deploying the module on an AWS, Azure & GCP cloud. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
90 |
91 | ## Requirements
92 |
93 | No requirements.
94 |
95 | ## Providers
96 |
97 | | Name | Version |
98 | |------|---------|
99 | | [helm](#provider\_helm) | n/a |
100 | | [kubernetes](#provider\_kubernetes) | n/a |
101 |
102 | ## Modules
103 |
104 | No modules.
105 |
106 | ## Resources
107 |
108 | | Name | Type |
109 | |------|------|
110 | | [helm_release.redis](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
111 | | [kubernetes_namespace.redis](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
112 |
113 | ## Inputs
114 |
115 | | Name | Description | Type | Default | Required |
116 | |------|-------------|------|---------|:--------:|
117 | | [app\_version](#input\_app\_version) | Version of the Redis application that will be deployed. | `string` | `"6.2.7-debian-11-r11"` | no |
118 | | [chart\_version](#input\_chart\_version) | Version of the chart for the Redis application that will be deployed. | `string` | `"16.13.2"` | no |
119 | | [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no |
120 | | [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | {
"password": ""
} | no |
121 | | [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no |
122 | | [grafana\_monitoring\_enabled](#input\_grafana\_monitoring\_enabled) | Specify whether or not to deploy Redis exporter to collect Redis metrics for monitoring in Grafana. | `bool` | `false` | no |
123 | | [namespace](#input\_namespace) | Namespace where the Redis resources will be deployed. | `string` | `"redis"` | no |
124 | | [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before it can delete the secret. The value can be 0 to force deletion without recovery, or a range from 7 to 30 days. | `number` | `0` | no |
125 | | [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values. | `any` | {
"architecture": "replication",
"environment": "",
"master_volume_size": "",
"name": "",
"slave_replica_count": 1,
"slave_volume_size": "",
"storage_class_name": "",
"store_password_to_secret_manager": true,
"values_yaml": ""
} | no |
126 | | [redis\_password](#input\_redis\_password) | n/a | `string` | `""` | no |
127 |
128 | ## Outputs
129 |
130 | | Name | Description |
131 | |------|-------------|
132 | | [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
133 | | [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 | ##
142 |
143 |
144 |
145 |
146 |
147 | Please give our GitHub repository a ⭐️ to show your support and increase its visibility.
148 |
149 |
150 |
151 |
152 |
153 |
--------------------------------------------------------------------------------
/examples/complete/aws/README.md:
--------------------------------------------------------------------------------
1 | ## Redis Terraform Module Example
2 |
3 |
4 |
5 | This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
6 |
7 |
8 | ## Requirements
9 |
10 | No requirements.
11 |
12 | ## Providers
13 |
14 | | Name | Version |
15 | |------|---------|
16 | | [aws](#provider\_aws) | n/a |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [redis](#module\_redis) | saturnops/redis/kubernetes | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
28 | | [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
29 | | [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
30 | | [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source |
31 |
32 | ## Inputs
33 |
34 | No inputs.
35 |
36 | ## Outputs
37 |
38 | | Name | Description |
39 | |------|-------------|
40 | | [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
41 | | [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
42 |
43 |
--------------------------------------------------------------------------------
/examples/complete/aws/helm/values.yaml:
--------------------------------------------------------------------------------
1 | master:
2 | affinity:
3 | nodeAffinity:
4 | requiredDuringSchedulingIgnoredDuringExecution:
5 | nodeSelectorTerms:
6 | - matchExpressions:
7 | - key: "Infra-Services"
8 | operator: In
9 | values:
10 | - "true"
11 |
12 | replica:
13 | affinity:
14 | nodeAffinity:
15 | requiredDuringSchedulingIgnoredDuringExecution:
16 | nodeSelectorTerms:
17 | - matchExpressions:
18 | - key: "Infra-Services"
19 | operator: In
20 | values:
21 | - "true"
22 |
23 |
24 | commonConfiguration: |-
25 | # Enable AOF https://redis.io/topics/persistence#append-only-file
26 | appendonly yes
27 | maxclients 2000
28 | # Disable RDB persistence, AOF persistence already enabled.
29 | save ""
--------------------------------------------------------------------------------
/examples/complete/aws/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "redis"
3 | region = "us-east-2"
4 | environment = "prod"
5 | additional_tags = {
6 | Owner = "organization_name"
7 | Expires = "Never"
8 | Department = "Engineering"
9 | }
10 | create_namespace = true
11 | namespace = "redis"
12 | store_password_to_secret_manager = false
13 | custom_credentials_enabled = true
14 | custom_credentials_config = {
15 | password = "aajdhgduy3873683dh"
16 | }
17 | }
18 |
19 | module "aws" {
20 | source = "saturnops/redis/kubernetes//modules/resources/aws"
21 | environment = local.environment
22 | name = local.name
23 | store_password_to_secret_manager = local.store_password_to_secret_manager
24 | custom_credentials_enabled = local.custom_credentials_enabled
25 | custom_credentials_config = local.custom_credentials_config
26 | }
27 |
28 | module "redis" {
29 | source = "saturnops/redis/kubernetes"
30 | create_namespace = local.create_namespace
31 | namespace = local.namespace
32 | redis_config = {
33 | name = local.name
34 | values_yaml = file("./helm/values.yaml")
35 | environment = local.environment
36 | app_version = "6.2.7-debian-11-r11"
37 | architecture = "replication"
38 | slave_volume_size = "10Gi"
39 | master_volume_size = "10Gi"
40 | storage_class_name = "gp2"
41 | slave_replica_count = 2
42 | store_password_to_secret_manager = local.store_password_to_secret_manager
43 | secret_provider_type = "aws"
44 | }
45 | grafana_monitoring_enabled = true
46 | custom_credentials_enabled = local.custom_credentials_enabled
47 | custom_credentials_config = local.custom_credentials_config
48 | redis_password = local.custom_credentials_enabled ? "" : module.aws.redis_password
49 | }
50 |
--------------------------------------------------------------------------------
/examples/complete/aws/output.tf:
--------------------------------------------------------------------------------
1 | output "redis_endpoints" {
2 | description = "Redis endpoints in the Kubernetes cluster."
3 | value = module.redis.redis_endpoints
4 | }
5 |
6 | output "redis_credential" {
7 | description = "Redis credentials used for accessing the database."
8 | value = local.store_password_to_secret_manager ? null : module.redis.redis_credential
9 | }
10 |
--------------------------------------------------------------------------------
/examples/complete/aws/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | default_tags {
4 | tags = local.additional_tags
5 | }
6 | }
7 |
8 | data "aws_eks_cluster" "cluster" {
9 | name = ""
10 | }
11 |
12 | data "aws_eks_cluster_auth" "cluster" {
13 | name = ""
14 | }
15 |
16 |
17 | provider "kubernetes" {
18 | host = data.aws_eks_cluster.cluster.endpoint
19 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
20 | token = data.aws_eks_cluster_auth.cluster.token
21 | }
22 |
23 | provider "helm" {
24 | kubernetes {
25 | host = data.aws_eks_cluster.cluster.endpoint
26 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
27 | token = data.aws_eks_cluster_auth.cluster.token
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/examples/complete/azure/README.md:
--------------------------------------------------------------------------------
1 | ## Redis Terraform Module Example
2 |
3 |
4 |
5 | This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
6 |
7 |
8 | ## Requirements
9 |
10 | No requirements.
11 |
12 | ## Providers
13 |
14 | | Name | Version |
15 | |------|---------|
16 | | [azurerm](#provider\_azurerm) | 3.70.0 |
17 |
18 | ## Modules
19 |
20 | | Name | Source | Version |
21 | |------|--------|---------|
22 | | [azure](#module\_azure) | saturnops/redis/kubernetes//modules/resources/azure | n/a |
23 | | [redis](#module\_redis) | saturnops/redis/kubernetes | n/a |
24 |
25 | ## Resources
26 |
27 | | Name | Type |
28 | |------|------|
29 | | [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
30 |
31 | ## Inputs
32 |
33 | No inputs.
34 |
35 | ## Outputs
36 |
37 | | Name | Description |
38 | |------|-------------|
39 | | [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
40 | | [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
41 |
--------------------------------------------------------------------------------
/examples/complete/azure/helm/values.yaml:
--------------------------------------------------------------------------------
1 | master:
2 | affinity:
3 | nodeAffinity:
4 | requiredDuringSchedulingIgnoredDuringExecution:
5 | nodeSelectorTerms:
6 | - matchExpressions:
7 | - key: "Addons-Services"
8 | operator: In
9 | values:
10 | - "true"
11 |
12 | replica:
13 | affinity:
14 | nodeAffinity:
15 | requiredDuringSchedulingIgnoredDuringExecution:
16 | nodeSelectorTerms:
17 | - matchExpressions:
18 | - key: "Addons-Services"
19 | operator: In
20 | values:
21 | - "true"
22 |
--------------------------------------------------------------------------------
/examples/complete/azure/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "redis"
3 | region = "eastus"
4 | environment = "prod"
5 | additional_tags = {
6 | Owner = "organization_name"
7 | Expires = "Never"
8 | Department = "Engineering"
9 | }
10 | create_namespace = true
11 | namespace = "redis"
12 | store_password_to_secret_manager = true
13 | custom_credentials_enabled = true
14 | custom_credentials_config = {
15 | password = "aajdhgduy3873683dh"
16 | }
17 | }
18 |
19 | module "azure" {
20 | source = "saturnops/redis/kubernetes//modules/resources/azure"
21 | resource_group_name = "prod-skaf-rg"
22 | resource_group_location = local.region
23 | environment = local.environment
24 | name = local.name
25 | store_password_to_secret_manager = local.store_password_to_secret_manager
26 | custom_credentials_enabled = local.custom_credentials_enabled
27 | custom_credentials_config = local.custom_credentials_config
28 | }
29 |
30 | module "redis" {
31 | source = "saturnops/redis/kubernetes"
32 | create_namespace = local.create_namespace
33 | namespace = local.namespace
34 | redis_config = {
35 | name = local.name
36 | values_yaml = file("./helm/values.yaml")
37 | environment = local.environment
38 | app_version = "6.2.7-debian-11-r11"
39 | architecture = "replication"
40 | slave_volume_size = "10Gi"
41 | master_volume_size = "10Gi"
42 | storage_class_name = "infra-service-sc"
43 | slave_replica_count = 2
44 | store_password_to_secret_manager = local.store_password_to_secret_manager
45 | secret_provider_type = "azure"
46 | }
47 | grafana_monitoring_enabled = true
48 | custom_credentials_enabled = local.custom_credentials_enabled
49 | custom_credentials_config = local.custom_credentials_config
50 | redis_password = local.custom_credentials_enabled ? "" : module.azure.redis_password
51 | }
52 |
--------------------------------------------------------------------------------
/examples/complete/azure/output.tf:
--------------------------------------------------------------------------------
1 | output "redis_endpoints" {
2 | description = "Redis endpoints in the Kubernetes cluster."
3 | value = module.redis.redis_endpoints
4 | }
5 |
6 | output "redis_credential" {
7 | description = "Redis credentials used for accessing the database."
8 | value = local.store_password_to_secret_manager ? null : module.redis.redis_credential
9 | }
10 |
--------------------------------------------------------------------------------
/examples/complete/azure/provider.tf:
--------------------------------------------------------------------------------
1 | provider "azurerm" {
2 | features {}
3 | }
4 |
5 | data "azurerm_kubernetes_cluster" "primary" {
6 | name = "prod-skaf-aks"
7 | resource_group_name = "prod-skaf-rg"
8 | }
9 |
10 | provider "kubernetes" {
11 | host = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
12 | username = data.azurerm_kubernetes_cluster.primary.kube_config.0.username
13 | password = data.azurerm_kubernetes_cluster.primary.kube_config.0.password
14 | client_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
15 | client_key = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
16 | cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
17 | }
18 |
19 | provider "helm" {
20 | kubernetes {
21 | host = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
22 | client_key = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
23 | client_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
24 | cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/examples/complete/gcp/README.md:
--------------------------------------------------------------------------------
1 | ## Redis Terraform Module Example
2 |
3 |
4 |
5 | This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
6 |
7 |
8 | ## Requirements
9 |
10 | No requirements.
11 |
12 | ## Providers
13 |
14 | | Name | Version |
15 | |------|---------|
16 | | [google](#provider\_google) | n/a |
17 |
18 | ## Modules
19 |
20 | | Name | Source | Version |
21 | |------|--------|---------|
22 | | [redis](#module\_redis) | saturnops/redis/kubernetes | n/a |
23 |
24 | ## Resources
25 |
26 | | Name | Type |
27 | |------|------|
28 | | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
29 | | [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
30 | | [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
31 | | [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source |
32 |
33 | ## Inputs
34 |
35 | No inputs.
36 |
37 | ## Outputs
38 |
39 | | Name | Description |
40 | |------|-------------|
41 | | [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
42 | | [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
43 |
44 |
--------------------------------------------------------------------------------
/examples/complete/gcp/helm/values.yaml:
--------------------------------------------------------------------------------
1 | master:
2 | affinity:
3 | nodeAffinity:
4 | requiredDuringSchedulingIgnoredDuringExecution:
5 | nodeSelectorTerms:
6 | - matchExpressions:
7 | - key: "Infra-Services"
8 | operator: In
9 | values:
10 | - "true"
11 |
12 | replica:
13 | affinity:
14 | nodeAffinity:
15 | requiredDuringSchedulingIgnoredDuringExecution:
16 | nodeSelectorTerms:
17 | - matchExpressions:
18 | - key: "Infra-Services"
19 | operator: In
20 | values:
21 | - "true"
22 |
--------------------------------------------------------------------------------
/examples/complete/gcp/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "redis"
3 | region = "us-east-2"
4 | environment = "prod"
5 | additional_tags = {
6 | Owner = "organization_name"
7 | Expires = "Never"
8 | Department = "Engineering"
9 | }
10 | create_namespace = true
11 | namespace = "redis"
12 | store_password_to_secret_manager = true
13 | custom_credentials_enabled = true
14 | custom_credentials_config = {
15 | password = "aajdhgduy3873683dh"
16 | }
17 | }
18 |
19 | module "gcp" {
20 | source = "saturnops/redis/kubernetes//modules/resources/gcp"
21 | project_id = ""
22 | environment = local.environment
23 | name = local.name
24 | store_password_to_secret_manager = local.store_password_to_secret_manager
25 | custom_credentials_enabled = local.custom_credentials_enabled
26 | custom_credentials_config = local.custom_credentials_config
27 | }
28 |
29 | module "redis" {
30 | source = "saturnops/redis/kubernetes"
31 | create_namespace = local.create_namespace
32 | namespace = local.namespace
33 | redis_config = {
34 | name = local.name
35 | values_yaml = file("./helm/values.yaml")
36 | environment = local.environment
37 | app_version = "6.2.7-debian-11-r11"
38 | architecture = "replication"
39 | slave_volume_size = "10Gi"
40 | master_volume_size = "10Gi"
41 | storage_class_name = "gp3"
42 | slave_replica_count = 2
43 | store_password_to_secret_manager = local.store_password_to_secret_manager
44 | secret_provider_type = "aws"
45 | }
46 | grafana_monitoring_enabled = true
47 | custom_credentials_enabled = local.custom_credentials_enabled
48 | custom_credentials_config = local.custom_credentials_config
49 | redis_password = local.custom_credentials_enabled ? "" : module.gcp.redis_password
50 | }
51 |
--------------------------------------------------------------------------------
/examples/complete/gcp/output.tf:
--------------------------------------------------------------------------------
1 | output "redis_endpoints" {
2 | description = "Redis endpoints in the Kubernetes cluster."
3 | value = module.redis.redis_endpoints
4 | }
5 |
6 | output "redis_credential" {
7 | description = "Redis credentials used for accessing the database."
8 | value = local.store_password_to_secret_manager ? null : module.redis.redis_credential
9 | }
10 |
--------------------------------------------------------------------------------
/examples/complete/gcp/provider.tf:
--------------------------------------------------------------------------------
1 | data "google_client_config" "default" {}
2 |
3 | data "google_container_cluster" "primary" {
4 | name = ""
5 | location = ""
6 | project = ""
7 | }
8 |
9 | provider "kubernetes" {
10 | host = "https://${data.google_container_cluster.primary.endpoint}"
11 | token = data.google_client_config.default.access_token
12 | cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
13 | }
14 |
15 | provider "helm" {
16 | kubernetes {
17 | host = "https://${data.google_container_cluster.primary.endpoint}"
18 | token = data.google_client_config.default.access_token
19 | cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
20 | }
21 | }
--------------------------------------------------------------------------------
/helm/values/values.yaml:
--------------------------------------------------------------------------------
1 | ## @section Global parameters
2 | ## Global Docker image parameters
3 | ## Please, note that this will override the image parameters, including dependencies, configured to use the global value
4 | ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
5 | ##
6 |
7 | ## @param global.imageRegistry Global Docker image registry
8 | ## @param global.imagePullSecrets Global Docker registry secret names as an array
9 | ## @param global.storageClass Global StorageClass for Persistent Volume(s)
10 | ## @param global.redis.password Global Redis® password (overrides `auth.password`)
11 | ##
12 | global:
13 | imageRegistry: ""
14 | ## E.g.
15 | ## imagePullSecrets:
16 | ## - myRegistryKeySecretName
17 | ##
18 | imagePullSecrets: []
19 | storageClass: "${storage_class_name}"
20 | redis:
21 | password: ""
22 |
23 | ## @section Common parameters
24 | ##
25 |
26 | ## @param kubeVersion Override Kubernetes version
27 | ##
28 | kubeVersion: ""
29 | ## @param nameOverride String to partially override common.names.fullname
30 | ##
31 | nameOverride: ""
32 | ## @param fullnameOverride String to fully override common.names.fullname
33 | ##
34 | fullnameOverride: ""
35 | ## @param commonLabels Labels to add to all deployed objects
36 | ##
37 | commonLabels: {}
38 | ## @param commonAnnotations Annotations to add to all deployed objects
39 | ##
40 | commonAnnotations: {}
41 | ## @param secretAnnotations Annotations to add to secret
42 | ##
43 | secretAnnotations: {}
44 | ## @param clusterDomain Kubernetes cluster domain name
45 | ##
46 | clusterDomain: cluster.local
47 | ## @param extraDeploy Array of extra objects to deploy with the release
48 | ##
49 | extraDeploy: []
50 |
51 | ## Enable diagnostic mode in the deployment
52 | ##
53 | diagnosticMode:
54 | ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
55 | ##
56 | enabled: false
57 | ## @param diagnosticMode.command Command to override all containers in the deployment
58 | ##
59 | command:
60 | - sleep
61 | ## @param diagnosticMode.args Args to override all containers in the deployment
62 | ##
63 | args:
64 | - infinity
65 |
66 | ## @section Redis® Image parameters
67 | ##
68 |
69 | ## Bitnami Redis® image
70 | ## ref: https://hub.docker.com/r/bitnami/redis/tags/
71 | ## @param image.registry Redis® image registry
72 | ## @param image.repository Redis® image repository
73 | ## @param image.tag Redis® image tag (immutable tags are recommended)
74 | ## @param image.pullPolicy Redis® image pull policy
75 | ## @param image.pullSecrets Redis® image pull secrets
76 | ## @param image.debug Enable image debug mode
77 | ##
78 | image:
79 | registry: docker.io
80 | repository: bitnami/redis
81 | tag: ${app_version}
82 | ## Specify a imagePullPolicy
83 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
84 | ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
85 | ##
86 | pullPolicy: IfNotPresent
87 | ## Optionally specify an array of imagePullSecrets.
88 | ## Secrets must be manually created in the namespace.
89 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
90 | ## e.g:
91 | ## pullSecrets:
92 | ## - myRegistryKeySecretName
93 | ##
94 | pullSecrets: []
95 | ## Enable debug mode
96 | ##
97 | debug: false
98 |
99 | ## @section Redis® common configuration parameters
100 | ## https://github.com/bitnami/bitnami-docker-redis#configuration
101 | ##
102 |
103 | ## @param architecture Redis® architecture. Allowed values: `standalone` or `replication`
104 | ##
105 | architecture: ${architecture}
106 | ## Redis Terraform Module® Authentication parameters
107 | ## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run
108 | ##
109 | auth:
110 | ## @param auth.enabled Enable password authentication
111 | ##
112 | enabled: false
113 | ## @param auth.sentinel Enable password authentication on sentinels too
114 | ##
115 | sentinel: false
116 | ## @param auth.password Redis® password
117 | ## Defaults to a random 10-character alphanumeric string if not set
118 | ##
119 | password: "${redis_password}"
120 | ## @param auth.existingSecret The name of an existing secret with Redis® credentials
121 | ## NOTE: When it's set, the previous `auth.password` parameter is ignored
122 | ##
123 | existingSecret: ""
124 | ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret
125 | ## NOTE: ignored unless `auth.existingSecret` parameter is set
126 | ##
127 | existingSecretPasswordKey: ""
128 | ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable
129 | ##
130 | usePasswordFiles: false
131 |
132 | ## @param commonConfiguration [string] Common configuration to be added into the ConfigMap
133 | ## ref: https://redis.io/topics/config
134 | ##
135 | commonConfiguration: |-
136 | # Enable AOF https://redis.io/topics/persistence#append-only-file
137 | appendonly yes
138 | maxclients 2000
139 | # Disable RDB persistence, AOF persistence already enabled.
140 | save ""
141 | ## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes
142 | ##
143 | existingConfigmap: ""
144 |
145 | ## @section Redis® master configuration parameters
146 | ##
147 |
148 | master:
149 | ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration)
150 | ##
151 | count: 1
152 | ## @param master.configuration Configuration for Redis® master nodes
153 | ## ref: https://redis.io/topics/config
154 | ##
155 | configuration: ""
156 | ## @param master.disableCommands Array with Redis® commands to disable on master nodes
157 | ## Commands will be completely disabled by renaming each to an empty string.
158 | ## ref: https://redis.io/topics/security#disabling-of-specific-commands
159 | ##
160 | disableCommands:
161 | - FLUSHDB
162 | - FLUSHALL
163 | ## @param master.command Override default container command (useful when using custom images)
164 | ##
165 | command: []
166 | ## @param master.args Override default container args (useful when using custom images)
167 | ##
168 | args: []
169 | ## @param master.preExecCmds Additional commands to run prior to starting Redis® master
170 | ##
171 | preExecCmds: []
172 | ## @param master.extraFlags Array with additional command line flags for Redis® master
173 | ## e.g:
174 | ## extraFlags:
175 | ## - "--maxmemory-policy volatile-ttl"
176 | ## - "--repl-backlog-size 1024mb"
177 | ##
178 | extraFlags:
179 | - "--maxmemory 1024mb"
180 | ## @param master.extraEnvVars Array with extra environment variables to add to Redis® master nodes
181 | ## e.g:
182 | ## extraEnvVars:
183 | ## - name: FOO
184 | ## value: "bar"
185 | ##
186 | extraEnvVars: []
187 | ## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® master nodes
188 | ##
189 | extraEnvVarsCM: ""
190 | ## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® master nodes
191 | ##
192 | extraEnvVarsSecret: ""
193 | ## @param master.containerPorts.redis Container port to open on Redis® master nodes
194 | ##
195 | containerPorts:
196 | redis: 6379
197 | ## Configure extra options for Redis® containers' liveness and readiness probes
198 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
199 | ## @param master.startupProbe.enabled Enable startupProbe on Redis® master nodes
200 | ## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
201 | ## @param master.startupProbe.periodSeconds Period seconds for startupProbe
202 | ## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe
203 | ## @param master.startupProbe.failureThreshold Failure threshold for startupProbe
204 | ## @param master.startupProbe.successThreshold Success threshold for startupProbe
205 | ##
206 | startupProbe:
207 | enabled: false
208 | initialDelaySeconds: 20
209 | periodSeconds: 5
210 | timeoutSeconds: 5
211 | successThreshold: 1
212 | failureThreshold: 5
213 | ## @param master.livenessProbe.enabled Enable livenessProbe on Redis® master nodes
214 | ## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
215 | ## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe
216 | ## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
217 | ## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe
218 | ## @param master.livenessProbe.successThreshold Success threshold for livenessProbe
219 | ##
220 | livenessProbe:
221 | enabled: true
222 | initialDelaySeconds: 20
223 | periodSeconds: 5
224 | timeoutSeconds: 5
225 | successThreshold: 1
226 | failureThreshold: 5
227 | ## @param master.readinessProbe.enabled Enable readinessProbe on Redis® master nodes
228 | ## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
229 | ## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe
230 | ## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
231 | ## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe
232 | ## @param master.readinessProbe.successThreshold Success threshold for readinessProbe
233 | ##
234 | readinessProbe:
235 | enabled: true
236 | initialDelaySeconds: 20
237 | periodSeconds: 5
238 | timeoutSeconds: 1
239 | successThreshold: 1
240 | failureThreshold: 5
241 | ## @param master.customStartupProbe Custom startupProbe that overrides the default one
242 | ##
243 | customStartupProbe: {}
244 | ## @param master.customLivenessProbe Custom livenessProbe that overrides the default one
245 | ##
246 | customLivenessProbe: {}
247 | ## @param master.customReadinessProbe Custom readinessProbe that overrides the default one
248 | ##
249 | customReadinessProbe: {}
250 | ## Redis Terraform Module® master resource requests and limits
251 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
252 | ## @param master.resources.limits The resources limits for the Redis® master containers
253 | ## @param master.resources.requests The requested resources for the Redis® master containers
254 | ##
255 | resources:
256 | limits:
257 | cpu: 200m
258 | memory: 500Mi
259 | requests:
260 | cpu: 100m
261 | memory: 250Mi
262 | ## Configure Pods Security Context
263 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
264 | ## @param master.podSecurityContext.enabled Enabled Redis® master pods' Security Context
265 | ## @param master.podSecurityContext.fsGroup Set Redis® master pod's Security Context fsGroup
266 | ##
267 | podSecurityContext:
268 | enabled: true
269 | fsGroup: 1001
270 | ## Configure Container Security Context
271 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
272 | ## @param master.containerSecurityContext.enabled Enabled Redis® master containers' Security Context
273 | ## @param master.containerSecurityContext.runAsUser Set Redis® master containers' Security Context runAsUser
274 | ##
275 | containerSecurityContext:
276 | enabled: true
277 | runAsUser: 1001
278 | ## @param master.kind Use either Deployment or StatefulSet (default)
279 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
280 | ##
281 | kind: StatefulSet
282 | ## @param master.schedulerName Alternate scheduler for Redis® master pods
283 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
284 | ##
285 | schedulerName: ""
286 | ## @param master.updateStrategy.type Redis® master statefulset strategy type
287 | ## @skip master.updateStrategy.rollingUpdate
288 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
289 | ##
290 | updateStrategy:
291 | ## StrategyType
292 | ## Can be set to RollingUpdate or OnDelete
293 | ##
294 | type: RollingUpdate
295 | rollingUpdate: {}
296 | ## @param master.priorityClassName Redis® master pods' priorityClassName
297 | ##
298 | priorityClassName: ""
299 | ## @param master.hostAliases Redis® master pods host aliases
300 | ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
301 | ##
302 | hostAliases: []
303 | ## @param master.podLabels Extra labels for Redis® master pods
304 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
305 | ##
306 | podLabels: {}
307 | ## @param master.podAnnotations Annotations for Redis® master pods
308 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
309 | ##
310 | podAnnotations:
311 | co.elastic.logs/enabled: "true"
312 | co.elastic.logs/module: redis
313 | ## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis® master pods
314 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
315 | ##
316 | shareProcessNamespace: false
317 | ## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
318 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
319 | ##
320 | podAffinityPreset: ""
321 | ## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
322 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
323 | ##
324 | podAntiAffinityPreset: soft
325 | ## Node master.affinity preset
326 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
327 | ##
328 | nodeAffinityPreset:
329 | ## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
330 | ##
331 | type: ""
332 | ## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set
333 | ##
334 | key: ""
335 | ## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set
336 | ## E.g.
337 | ## values:
338 | ## - e2e-az1
339 | ## - e2e-az2
340 | ##
341 | values: []
342 | ## @param master.affinity Affinity for Redis® master pods assignment
343 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
344 | ## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set
345 | ##
346 | affinity: {}
347 | ## @param master.nodeSelector Node labels for Redis® master pods assignment
348 | ## ref: https://kubernetes.io/docs/user-guide/node-selection/
349 | ##
350 | nodeSelector: {}
351 | ## @param master.tolerations Tolerations for Redis® master pods assignment
352 | ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
353 | ##
354 | tolerations: []
355 | ## @param master.topologySpreadConstraints Spread Constraints for Redis® master pod assignment
356 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
357 | ## E.g.
358 | ## topologySpreadConstraints:
359 | ## - maxSkew: 1
360 | ## topologyKey: node
361 | ## whenUnsatisfiable: DoNotSchedule
362 | ##
363 | topologySpreadConstraints: []
364 | ## @param master.dnsPolicy DNS Policy for Redis® master pod
365 | ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
366 | ## E.g.
367 | ## dnsPolicy: ClusterFirst
368 | dnsPolicy: ""
369 | ## @param master.dnsConfig DNS Configuration for Redis® master pod
370 | ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
371 | ## E.g.
372 | ## dnsConfig:
373 | ## options:
374 | ## - name: ndots
375 | ## value: "4"
376 | ## - name: single-request-reopen
377 | dnsConfig: {}
378 | ## @param master.lifecycleHooks for the Redis® master container(s) to automate configuration before or after startup
379 | ##
380 | lifecycleHooks: {}
381 | ## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis® master pod(s)
382 | ##
383 | extraVolumes: []
384 | ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® master container(s)
385 | ##
386 | extraVolumeMounts: []
387 | ## @param master.sidecars Add additional sidecar containers to the Redis® master pod(s)
388 | ## e.g:
389 | ## sidecars:
390 | ## - name: your-image-name
391 | ## image: your-image
392 | ## imagePullPolicy: Always
393 | ## ports:
394 | ## - name: portname
395 | ## containerPort: 1234
396 | ##
397 | sidecars: []
398 | ## @param master.initContainers Add additional init containers to the Redis® master pod(s)
399 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
400 | ## e.g:
401 | ## initContainers:
402 | ## - name: your-image-name
403 | ## image: your-image
404 | ## imagePullPolicy: Always
405 | ## command: ['sh', '-c', 'echo "hello world"']
406 | ##
407 | initContainers: []
408 | ## Persistence parameters
409 | ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
410 | ##
411 | persistence:
412 | ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims
413 | ##
414 | enabled: true
415 | ## @param master.persistence.medium Provide a medium for `emptyDir` volumes.
416 | ##
417 | medium: ""
418 | ## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
419 | ##
420 | sizeLimit: ""
421 | ## @param master.persistence.path The path the volume will be mounted at on Redis® master containers
422 | ## NOTE: Useful when using different Redis® images
423 | ##
424 | path: /data
425 | ## @param master.persistence.subPath The subdirectory of the volume to mount on Redis® master containers
426 | ## NOTE: Useful in dev environments
427 | ##
428 | subPath: ""
429 | ## @param master.persistence.storageClass Persistent Volume storage class
430 | ## If defined, storageClassName:
431 | ## If set to "-", storageClassName: "", which disables dynamic provisioning
432 | ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
433 | ##
434 | storageClass: ""
435 | ## @param master.persistence.accessModes Persistent Volume access modes
436 | ##
437 | accessModes:
438 | - ReadWriteOnce
439 | ## @param master.persistence.size Persistent Volume size
440 | ##
441 | size: ${redis_master_volume_size}
442 | ## @param master.persistence.annotations Additional custom annotations for the PVC
443 | ##
444 | annotations: {}
445 | ## @param master.persistence.selector Additional labels to match for the PVC
446 | ## e.g:
447 | ## selector:
448 | ## matchLabels:
449 | ## app: my-app
450 | ##
451 | selector: {}
452 | ## @param master.persistence.dataSource Custom PVC data source
453 | ##
454 | dataSource: {}
455 | ## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound
456 | ## NOTE: requires master.persistence.enabled: true
457 | ##
458 | existingClaim: ""
459 | ## Redis Terraform Module® master service parameters
460 | ##
461 | service:
462 | ## @param master.service.type Redis® master service type
463 | ##
464 | type: ClusterIP
465 | ## @param master.service.ports.redis Redis® master service port
466 | ##
467 | ports:
468 | redis: 6379
469 | ## @param master.service.nodePorts.redis Node port for Redis® master
470 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
471 | ## NOTE: choose port between <30000-32767>
472 | ##
473 | nodePorts:
474 | redis: ""
475 | ## @param master.service.externalTrafficPolicy Redis® master service external traffic policy
476 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
477 | ##
478 | externalTrafficPolicy: Cluster
479 | ## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
480 | ##
481 | extraPorts: []
482 | ## @param master.service.internalTrafficPolicy Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
483 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
484 | ##
485 | internalTrafficPolicy: Cluster
486 | ## @param master.service.clusterIP Redis® master service Cluster IP
487 | ##
488 | clusterIP: ""
489 | ## @param master.service.loadBalancerIP Redis® master service Load Balancer IP
490 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
491 | ##
492 | loadBalancerIP: ""
493 | ## @param master.service.loadBalancerSourceRanges Redis® master service Load Balancer sources
494 | ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
495 | ## e.g.
496 | ## loadBalancerSourceRanges:
497 | ## - 10.10.10.0/24
498 | ##
499 | loadBalancerSourceRanges: []
500 | ## @param master.service.annotations Additional custom annotations for Redis® master service
501 | ##
502 | annotations: {}
503 | ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
504 | ## If "ClientIP", consecutive client requests will be directed to the same Pod
505 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
506 | ##
507 | sessionAffinity: None
508 | ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
509 | ## sessionAffinityConfig:
510 | ## clientIP:
511 | ## timeoutSeconds: 300
512 | ##
513 | sessionAffinityConfig: {}
514 | ## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods
515 | ##
516 | terminationGracePeriodSeconds: 30
517 |
518 | ## @section Redis® replicas configuration parameters
519 | ##
520 |
521 | replica:
522 | ## @param replica.replicaCount Number of Redis® replicas to deploy
523 | ##
524 | replicaCount: ${slave_replicacount}
525 | ## @param replica.configuration Configuration for Redis® replicas nodes
526 | ## ref: https://redis.io/topics/config
527 | ##
528 | configuration: ""
529 | ## @param replica.disableCommands Array with Redis® commands to disable on replicas nodes
530 | ## Commands will be completely disabled by renaming each to an empty string.
531 | ## ref: https://redis.io/topics/security#disabling-of-specific-commands
532 | ##
533 | disableCommands:
534 | - FLUSHDB
535 | - FLUSHALL
536 | ## @param replica.command Override default container command (useful when using custom images)
537 | ##
538 | command: []
539 | ## @param replica.args Override default container args (useful when using custom images)
540 | ##
541 | args: []
542 | ## @param replica.preExecCmds Additional commands to run prior to starting Redis® replicas
543 | ##
544 | preExecCmds: []
545 | ## @param replica.extraFlags Array with additional command line flags for Redis® replicas
546 | ## e.g:
547 | ## extraFlags:
548 | ## - "--maxmemory-policy volatile-ttl"
549 | ## - "--repl-backlog-size 1024mb"
550 | ##
551 | extraFlags:
552 | - "--maxmemory 1024mb"
553 | ## @param replica.extraEnvVars Array with extra environment variables to add to Redis® replicas nodes
554 | ## e.g:
555 | ## extraEnvVars:
556 | ## - name: FOO
557 | ## value: "bar"
558 | ##
559 | extraEnvVars: []
560 | ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® replicas nodes
561 | ##
562 | extraEnvVarsCM: ""
563 | ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® replicas nodes
564 | ##
565 | extraEnvVarsSecret: ""
566 | ## @param replica.externalMaster.enabled Use external master for bootstrapping
567 | ## @param replica.externalMaster.host External master host to bootstrap from
568 | ## @param replica.externalMaster.port Port for Redis service external master host
569 | ##
570 | externalMaster:
571 | enabled: false
572 | host: ""
573 | port: 6379
574 | ## @param replica.containerPorts.redis Container port to open on Redis® replicas nodes
575 | ##
576 | containerPorts:
577 | redis: 6379
578 | ## Configure extra options for Redis® containers' liveness and readiness probes
579 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
580 | ## @param replica.startupProbe.enabled Enable startupProbe on Redis® replicas nodes
581 | ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
582 | ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe
583 | ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe
584 | ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe
585 | ## @param replica.startupProbe.successThreshold Success threshold for startupProbe
586 | ##
587 | startupProbe:
588 | enabled: true
589 | initialDelaySeconds: 10
590 | periodSeconds: 10
591 | timeoutSeconds: 5
592 | successThreshold: 1
593 | failureThreshold: 22
594 | ## @param replica.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes
595 | ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
596 | ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe
597 | ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
598 | ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe
599 | ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe
600 | ##
601 | livenessProbe:
602 | enabled: true
603 | initialDelaySeconds: 20
604 | periodSeconds: 5
605 | timeoutSeconds: 5
606 | successThreshold: 1
607 | failureThreshold: 5
608 | ## @param replica.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes
609 | ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
610 | ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe
611 | ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
612 | ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe
613 | ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe
614 | ##
615 | readinessProbe:
616 | enabled: true
617 | initialDelaySeconds: 20
618 | periodSeconds: 5
619 | timeoutSeconds: 1
620 | successThreshold: 1
621 | failureThreshold: 5
622 | ## @param replica.customStartupProbe Custom startupProbe that overrides the default one
623 | ##
624 | customStartupProbe: {}
625 | ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one
626 | ##
627 | customLivenessProbe: {}
628 | ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one
629 | ##
630 | customReadinessProbe: {}
631 | ## Redis Terraform Module® replicas resource requests and limits
632 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
633 | ## @param replica.resources.limits The resources limits for the Redis® replicas containers
634 | ## @param replica.resources.requests The requested resources for the Redis® replicas containers
635 | ##
636 | resources:
637 | # We usually recommend not to specify default resources and to leave this as a conscious
638 | # choice for the user. This also increases chances charts run on environments with little
639 | # resources, such as Minikube. If you do want to specify resources, uncomment the following
640 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
641 | limits:
642 | cpu: 200m
643 | memory: 500Mi
644 | requests:
645 | cpu: 100m
646 | memory: 250Mi
647 | ## Configure Pods Security Context
648 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
649 | ## @param replica.podSecurityContext.enabled Enabled Redis® replicas pods' Security Context
650 | ## @param replica.podSecurityContext.fsGroup Set Redis® replicas pod's Security Context fsGroup
651 | ##
652 | podSecurityContext:
653 | enabled: true
654 | fsGroup: 1001
655 | ## Configure Container Security Context
656 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
657 | ## @param replica.containerSecurityContext.enabled Enabled Redis® replicas containers' Security Context
658 | ## @param replica.containerSecurityContext.runAsUser Set Redis® replicas containers' Security Context runAsUser
659 | ##
660 | containerSecurityContext:
661 | enabled: true
662 | runAsUser: 1001
663 | ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods
664 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
665 | ##
666 | schedulerName: ""
667 | ## @param replica.updateStrategy.type Redis® replicas statefulset strategy type
668 | ## @skip replica.updateStrategy.rollingUpdate
669 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
670 | ##
671 | updateStrategy:
672 | ## StrategyType
673 | ## Can be set to RollingUpdate or OnDelete
674 | ##
675 | type: RollingUpdate
676 | rollingUpdate: {}
677 | ## @param replica.priorityClassName Redis® replicas pods' priorityClassName
678 | ##
679 | priorityClassName: ""
680 | ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods
681 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
682 | ##
683 | podManagementPolicy: ""
684 | ## @param replica.hostAliases Redis® replicas pods host aliases
685 | ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
686 | ##
687 | hostAliases: []
688 | ## @param replica.podLabels Extra labels for Redis® replicas pods
689 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
690 | ##
691 | podLabels: {}
692 | ## @param replica.podAnnotations Annotations for Redis® replicas pods
693 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
694 | ##
695 | podAnnotations:
696 | co.elastic.logs/enabled: "true"
697 | co.elastic.logs/module: redis
698 | ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis® replicas pods
699 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
700 | ##
701 | shareProcessNamespace: false
702 | ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
703 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
704 | ##
705 | podAffinityPreset: ""
706 | ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
707 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
708 | ##
709 | podAntiAffinityPreset: soft
710 | ## Node affinity preset
711 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
712 | ##
713 | nodeAffinityPreset:
714 | ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
715 | ##
716 | type: ""
717 | ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set
718 | ##
719 | key: ""
720 | ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set
721 | ## E.g.
722 | ## values:
723 | ## - e2e-az1
724 | ## - e2e-az2
725 | ##
726 | values: []
727 | ## @param replica.affinity Affinity for Redis® replicas pods assignment
728 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
729 | ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set
730 | ##
731 | affinity: {}
732 | ## @param replica.nodeSelector Node labels for Redis® replicas pods assignment
733 | ## ref: https://kubernetes.io/docs/user-guide/node-selection/
734 | ##
735 | nodeSelector: {}
736 | ## @param replica.tolerations Tolerations for Redis® replicas pods assignment
737 | ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
738 | ##
739 | tolerations: []
740 | ## @param replica.topologySpreadConstraints Spread Constraints for Redis® replicas pod assignment
741 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
742 | ## E.g.
743 | ## topologySpreadConstraints:
744 | ## - maxSkew: 1
745 | ## topologyKey: node
746 | ## whenUnsatisfiable: DoNotSchedule
747 | ##
748 | topologySpreadConstraints: []
749 | ## @param replica.dnsPolicy DNS Policy for Redis® replica pods
750 | ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
751 | ## E.g.
752 | ## dnsPolicy: ClusterFirst
753 | dnsPolicy: ""
754 | ## @param replica.dnsConfig DNS Configuration for Redis® replica pods
755 | ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
756 | ## E.g.
757 | ## dnsConfig:
758 | ## options:
759 | ## - name: ndots
760 | ## value: "4"
761 | ## - name: single-request-reopen
762 | dnsConfig: {}
763 | ## @param replica.lifecycleHooks for the Redis® replica container(s) to automate configuration before or after startup
764 | ##
765 | lifecycleHooks: {}
766 | ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis® replicas pod(s)
767 | ##
768 | extraVolumes: []
769 | ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s)
770 | ##
771 | extraVolumeMounts: []
772 | ## @param replica.sidecars Add additional sidecar containers to the Redis® replicas pod(s)
773 | ## e.g:
774 | ## sidecars:
775 | ## - name: your-image-name
776 | ## image: your-image
777 | ## imagePullPolicy: Always
778 | ## ports:
779 | ## - name: portname
780 | ## containerPort: 1234
781 | ##
782 | sidecars: []
783 | ## @param replica.initContainers Add additional init containers to the Redis® replicas pod(s)
784 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
785 | ## e.g:
786 | ## initContainers:
787 | ## - name: your-image-name
788 | ## image: your-image
789 | ## imagePullPolicy: Always
790 | ## command: ['sh', '-c', 'echo "hello world"']
791 | ##
792 | initContainers: []
793 | ## Persistence Parameters
794 | ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
795 | ##
796 | persistence:
797 | ## @param replica.persistence.enabled Enable persistence on Redis® replicas nodes using Persistent Volume Claims
798 | ##
799 | enabled: true
800 | ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes.
801 | ##
802 | medium: ""
803 | ## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
804 | ##
805 | sizeLimit: ""
806 | ## @param replica.persistence.path The path the volume will be mounted at on Redis® replicas containers
807 | ## NOTE: Useful when using different Redis® images
808 | ##
809 | path: /data
810 | ## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis® replicas containers
811 | ## NOTE: Useful in dev environments
812 | ##
813 | subPath: ""
814 | ## @param replica.persistence.storageClass Persistent Volume storage class
815 | ## If defined, storageClassName:
816 | ## If set to "-", storageClassName: "", which disables dynamic provisioning
817 | ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
818 | ##
819 | storageClass: ""
820 | ## @param replica.persistence.accessModes Persistent Volume access modes
821 | ##
822 | accessModes:
823 | - ReadWriteOnce
824 | ## @param replica.persistence.size Persistent Volume size
825 | ##
826 | size: ${slave_volume_size}
827 | ## @param replica.persistence.annotations Additional custom annotations for the PVC
828 | ##
829 | annotations: {}
830 | ## @param replica.persistence.selector Additional labels to match for the PVC
831 | ## e.g:
832 | ## selector:
833 | ## matchLabels:
834 | ## app: my-app
835 | ##
836 | selector: {}
837 | ## @param replica.persistence.dataSource Custom PVC data source
838 | ##
839 | dataSource: {}
840 | ## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound
841 | ## NOTE: requires replica.persistence.enabled: true
842 | ##
843 | existingClaim: ""
844 | ## Redis Terraform Module® replicas service parameters
845 | ##
846 | service:
847 | ## @param replica.service.type Redis® replicas service type
848 | ##
849 | type: ClusterIP
850 | ## @param replica.service.ports.redis Redis® replicas service port
851 | ##
852 | ports:
853 | redis: 6379
854 | ## @param replica.service.nodePorts.redis Node port for Redis® replicas
855 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
856 | ## NOTE: choose port between <30000-32767>
857 | ##
858 | nodePorts:
859 | redis: ""
860 | ## @param replica.service.externalTrafficPolicy Redis® replicas service external traffic policy
861 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
862 | ##
863 | externalTrafficPolicy: Cluster
864 | ## @param replica.service.internalTrafficPolicy Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
865 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
866 | ##
867 | internalTrafficPolicy: Cluster
868 | ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
869 | ##
870 | extraPorts: []
871 | ## @param replica.service.clusterIP Redis® replicas service Cluster IP
872 | ##
873 | clusterIP: ""
874 | ## @param replica.service.loadBalancerIP Redis® replicas service Load Balancer IP
875 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
876 | ##
877 | loadBalancerIP: ""
878 | ## @param replica.service.loadBalancerSourceRanges Redis® replicas service Load Balancer sources
879 | ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
880 | ## e.g.
881 | ## loadBalancerSourceRanges:
882 | ## - 10.10.10.0/24
883 | ##
884 | loadBalancerSourceRanges: []
885 | ## @param replica.service.annotations Additional custom annotations for Redis® replicas service
886 | ##
887 | annotations: {}
888 | ## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
889 | ## If "ClientIP", consecutive client requests will be directed to the same Pod
890 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
891 | ##
892 | sessionAffinity: None
893 | ## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity
894 | ## sessionAffinityConfig:
895 | ## clientIP:
896 | ## timeoutSeconds: 300
897 | ##
898 | sessionAffinityConfig: {}
899 | ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods
900 | ##
901 | terminationGracePeriodSeconds: 30
902 | ## Autoscaling configuration
903 | ##
904 | autoscaling:
905 | ## @param replica.autoscaling.enabled Enable replica autoscaling settings
906 | ##
907 | enabled: false
908 | ## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling
909 | ##
910 | minReplicas: 1
911 | ## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling
912 | ##
913 | maxReplicas: 11
914 | ## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling
915 | ##
916 | targetCPU: ""
917 | ## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling
918 | ##
919 | targetMemory: ""
920 |
921 | ## @section Redis® Sentinel configuration parameters
922 | ##
923 |
924 | sentinel:
925 | ## @param sentinel.enabled Use Redis® Sentinel on Redis® pods.
926 | ## IMPORTANT: this will disable the master and replicas services and
927 | ## create a single Redis® service exposing both the Redis and Sentinel ports
928 | ##
929 | enabled: false
930 | ## Bitnami Redis® Sentinel image version
931 | ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/
932 | ## @param sentinel.image.registry Redis® Sentinel image registry
933 | ## @param sentinel.image.repository Redis® Sentinel image repository
934 | ## @param sentinel.image.tag Redis® Sentinel image tag (immutable tags are recommended)
935 | ## @param sentinel.image.pullPolicy Redis® Sentinel image pull policy
936 | ## @param sentinel.image.pullSecrets Redis® Sentinel image pull secrets
937 | ## @param sentinel.image.debug Enable image debug mode
938 | ##
939 | image:
940 | registry: docker.io
941 | repository: bitnami/redis-sentinel
942 | tag: 6.2.7-debian-11-r12
943 | ## Specify a imagePullPolicy
944 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
945 | ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
946 | ##
947 | pullPolicy: IfNotPresent
948 | ## Optionally specify an array of imagePullSecrets.
949 | ## Secrets must be manually created in the namespace.
950 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
951 | ## e.g:
952 | ## pullSecrets:
953 | ## - myRegistryKeySecretName
954 | ##
955 | pullSecrets: []
956 | ## Enable debug mode
957 | ##
958 | debug: false
959 | ## @param sentinel.masterSet Master set name
960 | ##
961 | masterSet: mymaster
962 | ## @param sentinel.quorum Sentinel Quorum
963 | ##
964 | quorum: 2
965 | ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out.
966 | ## NOTE: This is directly related to the startupProbes which are configured to run every 10 seconds for a total of 22 failures. If adjusting this value, also adjust the startupProbes.
967 | getMasterTimeout: 220
968 | ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it.
969 | ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data.
970 | ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000.
971 | ##
972 | automateClusterRecovery: false
973 | ## Sentinel timing restrictions
974 | ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis® node is down
975 | ## @param sentinel.failoverTimeout Timeout for performing a election failover
976 | ##
977 | downAfterMilliseconds: 60000
978 | failoverTimeout: 18000
979 | ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover
980 | ##
981 | parallelSyncs: 1
982 | ## @param sentinel.configuration Configuration for Redis® Sentinel nodes
983 | ## ref: https://redis.io/topics/sentinel
984 | ##
985 | configuration: ""
986 | ## @param sentinel.command Override default container command (useful when using custom images)
987 | ##
988 | command: []
989 | ## @param sentinel.args Override default container args (useful when using custom images)
990 | ##
991 | args: []
992 | ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis® Sentinel
993 | ##
994 | preExecCmds: []
995 | ## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis® Sentinel nodes
996 | ## e.g:
997 | ## extraEnvVars:
998 | ## - name: FOO
999 | ## value: "bar"
1000 | ##
1001 | extraEnvVars: []
1002 | ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes
1003 | ##
1004 | extraEnvVarsCM: ""
1005 | ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® Sentinel nodes
1006 | ##
1007 | extraEnvVarsSecret: ""
1008 | ## @param sentinel.externalMaster.enabled Use external master for bootstrapping
1009 | ## @param sentinel.externalMaster.host External master host to bootstrap from
1010 | ## @param sentinel.externalMaster.port Port for Redis service external master host
1011 | ##
1012 | externalMaster:
1013 | enabled: false
1014 | host: ""
1015 | port: 6379
1016 | ## @param sentinel.containerPorts.sentinel Container port to open on Redis® Sentinel nodes
1017 | ##
1018 | containerPorts:
1019 | sentinel: 26379
1020 | ## Configure extra options for Redis® containers' liveness and readiness probes
1021 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1022 | ## @param sentinel.startupProbe.enabled Enable startupProbe on Redis® Sentinel nodes
1023 | ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1024 | ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe
1025 | ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1026 | ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe
1027 | ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe
1028 | ##
1029 | startupProbe:
1030 | enabled: true
1031 | initialDelaySeconds: 10
1032 | periodSeconds: 10
1033 | timeoutSeconds: 5
1034 | successThreshold: 1
1035 | failureThreshold: 22
1036 | ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis® Sentinel nodes
1037 | ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1038 | ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe
1039 | ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1040 | ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe
1041 | ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe
1042 | ##
1043 | livenessProbe:
1044 | enabled: true
1045 | initialDelaySeconds: 20
1046 | periodSeconds: 5
1047 | timeoutSeconds: 5
1048 | successThreshold: 1
1049 | failureThreshold: 5
1050 | ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis® Sentinel nodes
1051 | ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1052 | ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe
1053 | ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1054 | ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe
1055 | ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe
1056 | ##
1057 | readinessProbe:
1058 | enabled: true
1059 | initialDelaySeconds: 20
1060 | periodSeconds: 5
1061 | timeoutSeconds: 1
1062 | successThreshold: 1
1063 | failureThreshold: 5
1064 | ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one
1065 | ##
1066 | customStartupProbe: {}
1067 | ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one
1068 | ##
1069 | customLivenessProbe: {}
1070 | ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one
1071 | ##
1072 | customReadinessProbe: {}
1073 | ## Persistence parameters
1074 | ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
1075 | ##
1076 | persistence:
1077 | ## @param sentinel.persistence.enabled Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental)
1078 | ##
1079 | enabled: false
1080 | ## @param sentinel.persistence.storageClass Persistent Volume storage class
1081 | ## If defined, storageClassName:
1082 | ## If set to "-", storageClassName: "", which disables dynamic provisioning
1083 | ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
1084 | ##
1085 | storageClass: ""
1086 | ## @param sentinel.persistence.accessModes Persistent Volume access modes
1087 | ##
1088 | accessModes:
1089 | - ReadWriteOnce
1090 | ## @param sentinel.persistence.size Persistent Volume size
1091 | ##
1092 | size: 100Mi
1093 | ## @param sentinel.persistence.annotations Additional custom annotations for the PVC
1094 | ##
1095 | annotations: {}
1096 | ## @param sentinel.persistence.selector Additional labels to match for the PVC
1097 | ## e.g:
1098 | ## selector:
1099 | ## matchLabels:
1100 | ## app: my-app
1101 | ##
1102 | selector: {}
1103 | ## @param sentinel.persistence.dataSource Custom PVC data source
1104 | ##
1105 | dataSource: {}
1106 | ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes.
1107 | ##
1108 | medium: ""
1109 | ## Redis Terraform Module® Sentinel resource requests and limits
1110 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1111 | ## @param sentinel.resources.limits The resources limits for the Redis® Sentinel containers
1112 | ## @param sentinel.resources.requests The requested resources for the Redis® Sentinel containers
1113 | ##
1114 | resources:
1115 | limits:
1116 | cpu: 200m
1117 | memory: 256Mi
1118 | requests:
1119 | cpu: 100m
1120 | memory: 128Mi
1121 | ## Configure Container Security Context
1122 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1123 | ## @param sentinel.containerSecurityContext.enabled Enabled Redis® Sentinel containers' Security Context
1124 | ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser
1125 | ##
1126 | containerSecurityContext:
1127 | enabled: true
1128 | runAsUser: 1001
1129 | ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup
1130 | ##
1131 | lifecycleHooks: {}
1132 | ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis® Sentinel
1133 | ##
1134 | extraVolumes: []
1135 | ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s)
1136 | ##
1137 | extraVolumeMounts: []
1138 | ## Redis Terraform Module® Sentinel service parameters
1139 | ##
1140 | service:
1141 | ## @param sentinel.service.type Redis® Sentinel service type
1142 | ##
1143 | type: ClusterIP
1144 | ## @param sentinel.service.ports.redis Redis® service port for Redis®
1145 | ## @param sentinel.service.ports.sentinel Redis® service port for Redis® Sentinel
1146 | ##
1147 | ports:
1148 | redis: 6379
1149 | sentinel: 26379
1150 | ## @param sentinel.service.nodePorts.redis Node port for Redis®
1151 | ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel
1152 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1153 | ## NOTE: choose port between <30000-32767>
1154 | ## NOTE: By leaving these values blank, they will be generated by ports-configmap
1155 | ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port
1156 | ##
1157 | nodePorts:
1158 | redis: ""
1159 | sentinel: ""
1160 | ## @param sentinel.service.externalTrafficPolicy Redis® Sentinel service external traffic policy
1161 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1162 | ##
1163 | externalTrafficPolicy: Cluster
1164 | ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1165 | ##
1166 | extraPorts: []
1167 | ## @param sentinel.service.clusterIP Redis® Sentinel service Cluster IP
1168 | ##
1169 | clusterIP: ""
1170 | ## @param sentinel.service.loadBalancerIP Redis® Sentinel service Load Balancer IP
1171 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1172 | ##
1173 | loadBalancerIP: ""
1174 | ## @param sentinel.service.loadBalancerSourceRanges Redis® Sentinel service Load Balancer sources
1175 | ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1176 | ## e.g.
1177 | ## loadBalancerSourceRanges:
1178 | ## - 10.10.10.0/24
1179 | ##
1180 | loadBalancerSourceRanges: []
1181 | ## @param sentinel.service.annotations Additional custom annotations for Redis® Sentinel service
1182 | ##
1183 | annotations: {}
1184 | ## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1185 | ## If "ClientIP", consecutive client requests will be directed to the same Pod
1186 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1187 | ##
1188 | sessionAffinity: None
1189 | ## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity
1190 | ## sessionAffinityConfig:
1191 | ## clientIP:
1192 | ## timeoutSeconds: 300
1193 | ##
1194 | sessionAffinityConfig: {}
1195 | ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods
1196 | ##
1197 | terminationGracePeriodSeconds: 30
1198 |
1199 | ## @section Other Parameters
1200 | ##
1201 |
1202 | ## Network Policy configuration
1203 | ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1204 | ##
1205 | networkPolicy:
1206 | ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
1207 | ##
1208 | enabled: false
1209 | ## @param networkPolicy.allowExternal Don't require client label for connections
1210 | ## When set to false, only pods with the correct client label will have network access to the ports
1211 | ## Redis Terraform Module® is listening on. When true, Redis® will accept connections from any source
1212 | ## (with the correct destination port).
1213 | ##
1214 | allowExternal: true
1215 | ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
1216 | ## e.g:
1217 | ## extraIngress:
1218 | ## - ports:
1219 | ## - port: 1234
1220 | ## from:
1221 | ## - podSelector:
1222 | ## - matchLabels:
1223 | ## - role: frontend
1224 | ## - podSelector:
1225 | ## - matchExpressions:
1226 | ## - key: role
1227 | ## operator: In
1228 | ## values:
1229 | ## - frontend
1230 | ##
1231 | extraIngress: []
1232 | ## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy
1233 | ## e.g:
1234 | ## extraEgress:
1235 | ## - ports:
1236 | ## - port: 1234
1237 | ## to:
1238 | ## - podSelector:
1239 | ## - matchLabels:
1240 | ## - role: frontend
1241 | ## - podSelector:
1242 | ## - matchExpressions:
1243 | ## - key: role
1244 | ## operator: In
1245 | ## values:
1246 | ## - frontend
1247 | ##
1248 | extraEgress: []
1249 | ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces
1250 | ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces
1251 | ##
1252 | ingressNSMatchLabels: {}
1253 | ingressNSPodMatchLabels: {}
1254 | ## PodSecurityPolicy configuration
1255 | ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1256 | ##
1257 | podSecurityPolicy:
1258 | ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
1259 | ##
1260 | create: false
1261 | ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules
1262 | ##
1263 | enabled: false
1264 | ## RBAC configuration
1265 | ##
1266 | rbac:
1267 | ## @param rbac.create Specifies whether RBAC resources should be created
1268 | ##
1269 | create: false
1270 | ## @param rbac.rules Custom RBAC rules to set
1271 | ## e.g:
1272 | ## rules:
1273 | ## - apiGroups:
1274 | ## - ""
1275 | ## resources:
1276 | ## - pods
1277 | ## verbs:
1278 | ## - get
1279 | ## - list
1280 | ##
1281 | rules: []
1282 | ## ServiceAccount configuration
1283 | ##
1284 | serviceAccount:
1285 | ## @param serviceAccount.create Specifies whether a ServiceAccount should be created
1286 | ##
1287 | create: true
1288 | ## @param serviceAccount.name The name of the ServiceAccount to use.
1289 | ## If not set and create is true, a name is generated using the common.names.fullname template
1290 | ##
1291 | name: ""
1292 | ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
1293 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
1294 | ##
1295 | automountServiceAccountToken: true
1296 | ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
1297 | ##
1298 | annotations: {}
1299 | ## Redis Terraform Module® Pod Disruption Budget configuration
1300 | ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1301 | ##
1302 | pdb:
1303 | ## @param pdb.create Specifies whether a PodDisruptionBudget should be created
1304 | ##
1305 | create: false
1306 | ## @param pdb.minAvailable Min number of pods that must still be available after the eviction
1307 | ##
1308 | minAvailable: 1
1309 | ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction
1310 | ##
1311 | maxUnavailable: ""
1312 | ## TLS configuration
1313 | ##
1314 | tls:
1315 | ## @param tls.enabled Enable TLS traffic
1316 | ##
1317 | enabled: false
1318 | ## @param tls.authClients Require clients to authenticate
1319 | ##
1320 | authClients: true
1321 | ## @param tls.autoGenerated Enable autogenerated certificates
1322 | ##
1323 | autoGenerated: false
1324 | ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates
1325 | ##
1326 | existingSecret: ""
1327 | ## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead.
1328 | ##
1329 | certificatesSecret: ""
1330 | ## @param tls.certFilename Certificate filename
1331 | ##
1332 | certFilename: ""
1333 | ## @param tls.certKeyFilename Certificate Key filename
1334 | ##
1335 | certKeyFilename: ""
1336 | ## @param tls.certCAFilename CA Certificate filename
1337 | ##
1338 | certCAFilename: ""
1339 | ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers)
1340 | ##
1341 | dhParamsFilename: ""
1342 |
1343 | ## @section Metrics Parameters
1344 | ##
1345 |
1346 | metrics:
1347 | ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis® metrics
1348 | ##
1349 | enabled: ${redis_exporter_enabled}
1350 | ## Bitnami Redis® Exporter image
1351 | ## ref: https://hub.docker.com/r/bitnami/redis-exporter/tags/
1352 | ## @param metrics.image.registry Redis® Exporter image registry
1353 | ## @param metrics.image.repository Redis® Exporter image repository
1354 | ## @param metrics.image.tag Redis® Redis® Exporter image tag (immutable tags are recommended)
1355 | ## @param metrics.image.pullPolicy Redis® Exporter image pull policy
1356 | ## @param metrics.image.pullSecrets Redis® Exporter image pull secrets
1357 | ##
1358 | image:
1359 | registry: docker.io
1360 | repository: bitnami/redis-exporter
1361 | tag: 1.43.0-debian-11-r4
1362 | pullPolicy: IfNotPresent
1363 | ## Optionally specify an array of imagePullSecrets.
1364 | ## Secrets must be manually created in the namespace.
1365 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1366 | ## e.g:
1367 | ## pullSecrets:
1368 | ## - myRegistryKeySecretName
1369 | ##
1370 | pullSecrets: []
1371 | ## @param metrics.command Override default metrics container init command (useful when using custom images)
1372 | ##
1373 | command: []
1374 | ## @param metrics.redisTargetHost A way to specify an alternative Redis® hostname
1375 | ## Useful for certificate CN/SAN matching
1376 | ##
1377 | redisTargetHost: "localhost"
1378 | ## @param metrics.extraArgs Extra arguments for Redis® exporter, for example:
1379 | ## e.g.:
1380 | ## extraArgs:
1381 | ## check-keys: myKey,myOtherKey
1382 | ##
1383 | extraArgs: {}
1384 | ## @param metrics.extraEnvVars Array with extra environment variables to add to Redis® exporter
1385 | ## e.g:
1386 | ## extraEnvVars:
1387 | ## - name: FOO
1388 | ## value: "bar"
1389 | ##
1390 | extraEnvVars: []
1391 | ## Configure Container Security Context
1392 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1393 | ## @param metrics.containerSecurityContext.enabled Enabled Redis® exporter containers' Security Context
1394 | ## @param metrics.containerSecurityContext.runAsUser Set Redis® exporter containers' Security Context runAsUser
1395 | ##
1396 | containerSecurityContext:
1397 | enabled: true
1398 | runAsUser: 1001
1399 | ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar
1400 | ##
1401 | extraVolumes: []
1402 | ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar
1403 | ##
1404 | extraVolumeMounts: []
1405 | ## Redis Terraform Module® exporter resource requests and limits
1406 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1407 | ## @param metrics.resources.limits The resources limits for the Redis® exporter container
1408 | ## @param metrics.resources.requests The requested resources for the Redis® exporter container
1409 | ##
1410 | resources:
1411 | limits: {}
1412 | requests: {}
1413 | ## @param metrics.podLabels Extra labels for Redis® exporter pods
1414 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1415 | ##
1416 | podLabels: {}
1417 | ## @param metrics.podAnnotations [object] Annotations for Redis® exporter pods
1418 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1419 | ##
1420 | podAnnotations:
1421 | prometheus.io/scrape: "true"
1422 | prometheus.io/port: "9121"
1423 | ## Redis Terraform Module® exporter service parameters
1424 | ##
1425 | service:
1426 | ## @param metrics.service.type Redis® exporter service type
1427 | ##
1428 | type: ClusterIP
1429 | ## @param metrics.service.port Redis® exporter service port
1430 | ##
1431 | port: 9121
1432 | ## @param metrics.service.externalTrafficPolicy Redis® exporter service external traffic policy
1433 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1434 | ##
1435 | externalTrafficPolicy: Cluster
1436 | ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1437 | ##
1438 | extraPorts: []
1439 | ## @param metrics.service.loadBalancerIP Redis® exporter service Load Balancer IP
1440 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1441 | ##
1442 | loadBalancerIP: ""
1443 | ## @param metrics.service.loadBalancerSourceRanges Redis® exporter service Load Balancer sources
1444 | ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1445 | ## e.g.
1446 | ## loadBalancerSourceRanges:
1447 | ## - 10.10.10.0/24
1448 | ##
1449 | loadBalancerSourceRanges: []
1450 | ## @param metrics.service.annotations Additional custom annotations for Redis® exporter service
1451 | ##
1452 | annotations: {}
1453 | ## Prometheus Service Monitor
1454 | ## ref: https://github.com/coreos/prometheus-operator
1455 | ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1456 | ##
1457 | serviceMonitor:
1458 | ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
1459 | ##
1460 | enabled: true
1461 | ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created
1462 | ##
1463 | namespace: "${service_monitor_namespace}"
1464 | ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped
1465 | ##
1466 | interval: 30s
1467 | ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
1468 | ##
1469 | scrapeTimeout: ""
1470 | ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
1471 | ##
1472 | relabellings: []
1473 | ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
1474 | ##
1475 | metricRelabelings: []
1476 | ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
1477 | ##
1478 | honorLabels: false
1479 | ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus
1480 | ##
1481 | additionalLabels:
1482 | release: prometheus-operator
1483 | ## Custom PrometheusRule to be defined
1484 | ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
1485 | ##
1486 | prometheusRule:
1487 | ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator
1488 | ##
1489 | enabled: false
1490 | ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created
1491 | ##
1492 | namespace: ""
1493 | ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule
1494 | ##
1495 | additionalLabels: {}
1496 | ## @param metrics.prometheusRule.rules Custom Prometheus rules
1497 | ## e.g:
1498 | ## rules:
1499 | ## - alert: RedisDown
1500 | ## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0
1501 | ## for: 2m
1502 | ## labels:
1503 | ## severity: error
1504 | ## annotations:
1505 | ## summary: Redis® instance {{ "{{ $labels.instance }}" }} down
1506 | ## description: Redis® instance {{ "{{ $labels.instance }}" }} is down
1507 | ## - alert: RedisMemoryHigh
1508 | ## expr: >
1509 | ## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100
1510 | ## /
1511 | ## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"}
1512 | ## > 90
1513 | ## for: 2m
1514 | ## labels:
1515 | ## severity: error
1516 | ## annotations:
1517 | ## summary: Redis® instance {{ "{{ $labels.instance }}" }} is using too much memory
1518 | ## description: |
1519 | ## Redis® instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory.
1520 | ## - alert: RedisKeyEviction
1521 | ## expr: |
1522 | ## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0
1523 | ## for: 1s
1524 | ## labels:
1525 | ## severity: error
1526 | ## annotations:
1527 | ## summary: Redis® instance {{ "{{ $labels.instance }}" }} has evicted keys
1528 | ## description: |
1529 | ## Redis® instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
1530 | ##
1531 | rules: []
1532 |
1533 | ## @section Init Container Parameters
1534 | ##
1535 |
1536 | ## 'volumePermissions' init container parameters
1537 | ## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
1538 | ## based on the *podSecurityContext/*containerSecurityContext parameters
1539 | ##
1540 | volumePermissions:
1541 | ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
1542 | ##
1543 | enabled: false
1544 | ## Bitnami Shell image
1545 | ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/
1546 | ## @param volumePermissions.image.registry Bitnami Shell image registry
1547 | ## @param volumePermissions.image.repository Bitnami Shell image repository
1548 | ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended)
1549 | ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy
1550 | ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets
1551 | ##
1552 | image:
1553 | registry: docker.io
1554 | repository: bitnami/bitnami-shell
1555 | tag: 11-debian-11-r11
1556 | pullPolicy: IfNotPresent
1557 | ## Optionally specify an array of imagePullSecrets.
1558 | ## Secrets must be manually created in the namespace.
1559 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1560 | ## e.g:
1561 | ## pullSecrets:
1562 | ## - myRegistryKeySecretName
1563 | ##
1564 | pullSecrets: []
1565 | ## Init container's resource requests and limits
1566 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1567 | ## @param volumePermissions.resources.limits The resources limits for the init container
1568 | ## @param volumePermissions.resources.requests The requested resources for the init container
1569 | ##
1570 | resources:
1571 | limits: {}
1572 | requests: {}
1573 | ## Init container Container Security Context
1574 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1575 | ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
1576 | ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
1577 | ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
1578 | ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
1579 | ##
1580 | containerSecurityContext:
1581 | runAsUser: 0
1582 |
1583 | ## init-sysctl container parameters
1584 | ## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
1585 | ##
1586 | sysctl:
1587 | ## @param sysctl.enabled Enable init container to modify Kernel settings
1588 | ##
1589 | enabled: false
1590 | ## Bitnami Shell image
1591 | ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/
1592 | ## @param sysctl.image.registry Bitnami Shell image registry
1593 | ## @param sysctl.image.repository Bitnami Shell image repository
1594 | ## @param sysctl.image.tag Bitnami Shell image tag (immutable tags are recommended)
1595 | ## @param sysctl.image.pullPolicy Bitnami Shell image pull policy
1596 | ## @param sysctl.image.pullSecrets Bitnami Shell image pull secrets
1597 | ##
1598 | image:
1599 | registry: docker.io
1600 | repository: bitnami/bitnami-shell
1601 | tag: 11-debian-11-r11
1602 | pullPolicy: IfNotPresent
1603 | ## Optionally specify an array of imagePullSecrets.
1604 | ## Secrets must be manually created in the namespace.
1605 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1606 | ## e.g:
1607 | ## pullSecrets:
1608 | ## - myRegistryKeySecretName
1609 | ##
1610 | pullSecrets: []
1611 | ## @param sysctl.command Override default init-sysctl container command (useful when using custom images)
1612 | ##
1613 | command: []
1614 | ## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys`
1615 | ##
1616 | mountHostSys: false
1617 | ## Init container's resource requests and limits
1618 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1619 | ## @param sysctl.resources.limits The resources limits for the init container
1620 | ## @param sysctl.resources.requests The requested resources for the init container
1621 | ##
1622 | resources:
1623 | limits: {}
1624 | requests: {}
1625 |
1626 | ## @section useExternalDNS Parameters
1627 | ##
1628 | ## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable.
1629 | ## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled.
1630 | ## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled.
1631 | ## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release.
1632 | ##
1633 | useExternalDNS:
1634 | enabled: false
1635 | suffix: ""
1636 | annotationKey: external-dns.alpha.kubernetes.io/
1637 | additionalAnnotations: {}
--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
1 | resource "kubernetes_namespace" "redis" {
2 | count = var.create_namespace ? 1 : 0
3 | metadata {
4 | annotations = {}
5 | name = var.namespace
6 | }
7 | }
8 |
9 | resource "helm_release" "redis" {
10 | depends_on = [kubernetes_namespace.redis]
11 | name = "redis"
12 | chart = "redis"
13 | version = var.chart_version
14 | timeout = 600
15 | namespace = var.namespace
16 | repository = "https://charts.bitnami.com/bitnami"
17 | values = [
18 | templatefile("${path.module}/helm/values/values.yaml", {
19 | app_version = var.redis_config.app_version,
20 | architecture = var.redis_config.architecture,
21 | redis_password = var.custom_credentials_enabled ? var.custom_credentials_config.password : var.redis_password,
22 | slave_volume_size = var.redis_config.slave_volume_size,
23 | slave_replicacount = var.redis_config.slave_replica_count,
24 | storage_class_name = var.redis_config.storage_class_name,
25 | redis_exporter_enabled = var.grafana_monitoring_enabled,
26 | redis_master_volume_size = var.redis_config.master_volume_size,
27 | service_monitor_namespace = var.namespace
28 | }),
29 | var.redis_config.values_yaml
30 | ]
31 | }
32 |
--------------------------------------------------------------------------------
/modules/resources/aws/README.md:
--------------------------------------------------------------------------------
1 | # aws
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [aws](#provider\_aws) | n/a |
13 | | [random](#provider\_random) | n/a |
14 |
15 | ## Modules
16 |
17 | No modules.
18 |
19 | ## Resources
20 |
21 | | Name | Type |
22 | |------|------|
23 | | [aws_secretsmanager_secret.redis_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
24 | | [aws_secretsmanager_secret_version.redis_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
25 | | [random_password.redis_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
26 |
27 | ## Inputs
28 |
29 | | Name | Description | Type | Default | Required |
30 | |------|-------------|------|---------|:--------:|
31 | | [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | {
"password": ""
} | no |
32 | | [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no |
33 | | [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
34 | | [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no |
35 | | [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before deleting a secret. This value can be set to 0 to force immediate deletion, or to a value between 7 and 30 days to allow for recovery. | `number` | `0` | no |
36 | | [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in AWS secret manager. | `bool` | `false` | no |
37 |
38 | ## Outputs
39 |
40 | | Name | Description |
41 | |------|-------------|
42 | | [redis\_password](#output\_redis\_password) | n/a |
43 |
44 |
--------------------------------------------------------------------------------
/modules/resources/aws/main.tf:
--------------------------------------------------------------------------------
1 | resource "random_password" "redis_password" {
2 | count = var.custom_credentials_enabled ? 0 : 1
3 | length = 20
4 | special = false
5 | }
6 |
7 | resource "aws_secretsmanager_secret" "redis_password" {
8 | count = var.store_password_to_secret_manager ? 1 : 0
9 | name = format("%s/%s/%s", var.environment, var.name, "redis")
10 | recovery_window_in_days = var.recovery_window_aws_secret
11 | }
12 |
13 | resource "aws_secretsmanager_secret_version" "redis_password" {
14 | count = var.store_password_to_secret_manager ? 1 : 0
15 | secret_id = aws_secretsmanager_secret.redis_password[0].id
16 | secret_string = var.custom_credentials_enabled ? jsonencode(
17 | {
18 | "redis_username" : "root",
19 | "redis_password" : "${var.custom_credentials_config.password}"
20 |
21 | }) : jsonencode(
22 | {
23 | "redis_username" : "root",
24 | "redis_password" : "${random_password.redis_password[0].result}"
25 | })
26 | }
27 |
28 | output "redis_password" {
29 | value = var.custom_credentials_enabled ? null : nonsensitive(random_password.redis_password[0].result)
30 | }
31 |
--------------------------------------------------------------------------------
/modules/resources/aws/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | description = "Name identifier for module to be added as suffix to resources"
3 | type = string
4 | default = "test"
5 | }
6 |
7 | variable "environment" {
8 | description = "Environment in which the infrastructure is being deployed (e.g., production, staging, development)"
9 | type = string
10 | default = "test"
11 | }
12 |
13 | variable "store_password_to_secret_manager" {
14 | type = bool
15 | default = false
16 | description = "Specifies whether to store the credentials in AWS secret manager."
17 | }
18 |
19 | variable "recovery_window_aws_secret" {
20 | type = number
21 | default = 0
22 | description = "Number of days that AWS Secrets Manager will wait before deleting a secret. This value can be set to 0 to force immediate deletion, or to a value between 7 and 30 days to allow for recovery."
23 | }
24 |
25 | variable "custom_credentials_enabled" {
26 | type = bool
27 | default = false
28 | description = "Specifies whether to enable custom credentials for Redis."
29 | }
30 |
31 | variable "custom_credentials_config" {
32 | type = any
33 | default = {
34 | password = ""
35 | }
36 | description = "Specify the configuration settings for Redis to pass custom credentials during creation."
37 | }
38 |
--------------------------------------------------------------------------------
/modules/resources/azure/README.md:
--------------------------------------------------------------------------------
1 | # Azure Terraform Redis Kubernetes Module
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [azurerm](#provider\_azurerm) | n/a |
13 | | [random](#provider\_random) | n/a |
14 |
15 | ## Modules
16 |
17 | No modules.
18 |
19 | ## Resources
20 |
21 | | Name | Type |
22 | |------|------|
23 | | [azurerm_key_vault.redis-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
24 | | [azurerm_key_vault_secret.redis-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
25 | | [random_password.redis_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
26 | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
27 | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
28 |
29 | ## Inputs
30 |
31 | | Name | Description | Type | Default | Required |
32 | |------|-------------|------|---------|:--------:|
33 | | [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | {
"password": ""
} | no |
34 | | [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no |
35 | | [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
36 | | [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no |
37 | | [resource\_group\_location](#input\_resource\_group\_location) | Azure resource group location | `string` | `""` | no |
38 | | [resource\_group\_name](#input\_resource\_group\_name) | Azure resource group name | `string` | `""` | no |
39 | | [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
40 |
41 | ## Outputs
42 |
43 | | Name | Description |
44 | |------|-------------|
45 | | [redis\_password](#output\_redis\_password) | n/a |
46 |
--------------------------------------------------------------------------------
/modules/resources/azure/main.tf:
--------------------------------------------------------------------------------
1 | data "azurerm_client_config" "current" {}
2 |
3 | data "azurerm_subscription" "current" {}
4 |
5 | resource "random_password" "redis_password" {
6 | count = var.custom_credentials_enabled ? 0 : 1
7 | length = 20
8 | special = false
9 | }
10 |
11 | resource "azurerm_key_vault" "redis-secret" {
12 | count = var.store_password_to_secret_manager ? 1 : 0
13 | name = format("%s-%s-%s", var.environment, var.name, "key-vault")
14 | resource_group_name = var.resource_group_name
15 | location = var.resource_group_location
16 | sku_name = "standard"
17 | tenant_id = data.azurerm_client_config.current.tenant_id
18 | enabled_for_disk_encryption = true
19 | soft_delete_retention_days = 7
20 |
21 | access_policy {
22 | tenant_id = data.azurerm_client_config.current.tenant_id
23 | object_id = data.azurerm_client_config.current.object_id
24 | key_permissions = [
25 | "Get",
26 | "List",
27 | ]
28 | secret_permissions = [
29 | "Set",
30 | "Get",
31 | "List",
32 | "Delete",
33 | "Purge",
34 | ]
35 | }
36 | }
37 |
38 | resource "azurerm_key_vault_secret" "redis-secret" {
39 | count = var.store_password_to_secret_manager ? 1 : 0
40 | depends_on = [azurerm_key_vault.redis-secret[0]]
41 | name = format("%s-%s-%s", var.environment, var.name, "secret")
42 | value = var.custom_credentials_enabled ? jsonencode(
43 | {
44 | "redis_username" : "root",
45 | "redis_password" : "${var.custom_credentials_config.password}"
46 |
47 | }) : jsonencode(
48 | {
49 | "redis_username" : "root",
50 | "redis_password" : "${random_password.redis_password[0].result}"
51 | })
52 | content_type = "application/json"
53 | key_vault_id = azurerm_key_vault.redis-secret[0].id
54 | }
55 |
56 | output "redis_password" {
57 | value = var.custom_credentials_enabled ? null : nonsensitive(random_password.redis_password[0].result)
58 | }
--------------------------------------------------------------------------------
/modules/resources/azure/variables.tf:
--------------------------------------------------------------------------------
1 | variable "store_password_to_secret_manager" {
2 | type = bool
3 | default = false
4 | description = "Specifies whether to store the credentials in GCP secret manager."
5 | }
6 |
7 | variable "name" {
8 | description = "Name identifier for module to be added as suffix to resources"
9 | type = string
10 | default = "test"
11 | }
12 |
13 | variable "environment" {
14 | description = "Environment in which the infrastructure is being deployed (e.g., production, staging, development)"
15 | type = string
16 | default = "test"
17 | }
18 |
19 | variable "resource_group_name" {
20 | description = "Azure resource group name"
21 | type = string
22 | default = ""
23 | }
24 |
25 | variable "resource_group_location" {
26 | description = "Azure resource group location"
27 | type = string
28 | default = ""
29 | }
30 |
31 | variable "custom_credentials_enabled" {
32 | type = bool
33 | default = false
34 | description = "Specifies whether to enable custom credentials for Redis."
35 | }
36 |
37 | variable "custom_credentials_config" {
38 | type = any
39 | default = {
40 | password = ""
41 | }
42 | description = "Specify the configuration settings for Redis to pass custom credentials during creation."
43 | }
--------------------------------------------------------------------------------
/modules/resources/gcp/README.md:
--------------------------------------------------------------------------------
1 | # gcp
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [google](#provider\_google) | n/a |
13 | | [random](#provider\_random) | n/a |
14 |
15 | ## Modules
16 |
17 | No modules.
18 |
19 | ## Resources
20 |
21 | | Name | Type |
22 | |------|------|
23 | | [google_secret_manager_secret.redis_secret](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) | resource |
24 | | [google_secret_manager_secret_version.redis_secret](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_version) | resource |
25 | | [random_password.redis_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
26 |
27 | ## Inputs
28 |
29 | | Name | Description | Type | Default | Required |
30 | |------|-------------|------|---------|:--------:|
31 | | [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | {
"password": ""
} | no |
32 | | [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no |
33 | | [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
34 | | [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no |
35 | | [project\_id](#input\_project\_id) | Google Cloud project ID | `string` | `""` | no |
36 | | [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
37 |
38 | ## Outputs
39 |
40 | | Name | Description |
41 | |------|-------------|
42 | | [redis\_password](#output\_redis\_password) | n/a |
43 |
44 |
--------------------------------------------------------------------------------
/modules/resources/gcp/main.tf:
--------------------------------------------------------------------------------
1 | resource "random_password" "redis_password" {
2 | count = var.custom_credentials_enabled ? 0 : 1
3 | length = 20
4 | special = false
5 | }
6 |
7 | resource "google_secret_manager_secret" "redis_secret" {
8 | count = var.store_password_to_secret_manager ? 1 : 0
9 | project = var.project_id
10 | secret_id = format("%s-%s-%s", var.environment, var.name, "redis")
11 |
12 | replication {
13 | automatic = true
14 | }
15 | }
16 |
17 | resource "google_secret_manager_secret_version" "redis_secret" {
18 | count = var.store_password_to_secret_manager ? 1 : 0
19 | secret = google_secret_manager_secret.redis_secret[0].id
20 | secret_data = var.custom_credentials_enabled ? jsonencode(
21 | {
22 | "redis_username" : "root",
23 | "redis_password" : "${var.custom_credentials_config.password}"
24 |
25 | }) : jsonencode(
26 | {
27 | "redis_username" : "root",
28 | "redis_password" : "${random_password.redis_password[0].result}"
29 | })
30 | }
31 |
32 | output "redis_password" {
33 | value = var.custom_credentials_enabled ? null : nonsensitive(random_password.redis_password[0].result)
34 | }
--------------------------------------------------------------------------------
/modules/resources/gcp/variables.tf:
--------------------------------------------------------------------------------
1 | variable "store_password_to_secret_manager" {
2 | type = bool
3 | default = false
4 | description = "Specifies whether to store the credentials in GCP secret manager."
5 | }
6 |
7 | variable "name" {
8 | description = "Name identifier for module to be added as suffix to resources"
9 | type = string
10 | default = "test"
11 | }
12 |
13 | variable "environment" {
14 | description = "Environment in which the infrastructure is being deployed (e.g., production, staging, development)"
15 | type = string
16 | default = "test"
17 | }
18 |
19 | variable "project_id" {
20 | description = "Google Cloud project ID"
21 | type = string
22 | default = ""
23 | }
24 |
25 | variable "custom_credentials_enabled" {
26 | type = bool
27 | default = false
28 | description = "Specifies whether to enable custom credentials for Redis."
29 | }
30 |
31 | variable "custom_credentials_config" {
32 | type = any
33 | default = {
34 | password = ""
35 | }
36 | description = "Specify the configuration settings for Redis to pass custom credentials during creation."
37 | }
38 |
--------------------------------------------------------------------------------
/output.tf:
--------------------------------------------------------------------------------
1 | output "redis_endpoints" {
2 | description = "Redis endpoints in the Kubernetes cluster."
3 | value = {
4 | redis_port = "6379",
5 | redis_master_endpoint = "redis-master.${var.namespace}.svc.cluster.local",
6 | redis_slave_endpoint = "redis-replicas.${var.namespace}.svc.cluster.local"
7 | }
8 | }
9 |
10 | output "redis_credential" {
11 | description = "Redis credentials used for accessing the database."
12 | value = var.redis_config.store_password_to_secret_manager ? null : {
13 | redis_username = "root",
14 | redis_password = var.custom_credentials_enabled ? var.custom_credentials_config.password : var.redis_password
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
1 | variable "redis_config" {
2 | type = any
3 | default = {
4 | name = ""
5 | environment = ""
6 | master_volume_size = ""
7 | architecture = "replication"
8 | app_version = "6.2.7-debian-11-r11"
9 | slave_replica_count = 1
10 | slave_volume_size = ""
11 | storage_class_name = ""
12 | store_password_to_secret_manager = true
13 | values_yaml = ""
14 | }
15 | description = "Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values."
16 | }
17 |
18 | variable "chart_version" {
19 | type = string
20 | default = "16.13.2"
21 | description = "Version of the chart for the Redis application that will be deployed."
22 | }
23 |
24 | variable "namespace" {
25 | type = string
26 | default = "redis"
27 | description = "Namespace where the Redis resources will be deployed."
28 | }
29 |
30 | variable "grafana_monitoring_enabled" {
31 | type = bool
32 | default = false
33 | description = "Specify whether or not to deploy Redis exporter to collect Redis metrics for monitoring in Grafana."
34 | }
35 |
36 | variable "recovery_window_aws_secret" {
37 | default = 0
38 | type = number
39 | description = "Number of days that AWS Secrets Manager will wait before it can delete the secret. The value can be 0 to force deletion without recovery, or a range from 7 to 30 days."
40 | }
41 |
42 | variable "create_namespace" {
43 | type = string
44 | description = "Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace."
45 | default = true
46 | }
47 |
48 | variable "custom_credentials_enabled" {
49 | type = bool
50 | default = false
51 | description = "Specifies whether to enable custom credentials for Redis."
52 | }
53 |
54 | variable "custom_credentials_config" {
55 | type = any
56 | default = {
57 | password = ""
58 | }
59 | description = "Specify the configuration settings for Redis to pass custom credentials during creation."
60 | }
61 |
62 | variable "redis_password" {
63 | type = string
64 | default = ""
65 | }
66 |
--------------------------------------------------------------------------------