ccyunchina-deploy/roles/proprietary-cloud/templates/redis/redis-sentinel.yaml

---
# Source: redis-ha/templates/redis-ha-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: redis-ha
  labels:
    app: redis-ha
---
# Source: redis-ha/templates/redis-haproxy-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: redis-ha-haproxy
  labels:
    app: redis-ha
---
# Source: redis-ha/templates/redis-ha-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: redis-ha-configmap
  labels:
    app: redis-ha
data:
  redis.conf: |
    dir "/data"
    port 6379
    maxmemory 0
    maxmemory-policy volatile-lru
    min-replicas-max-lag 5
    min-replicas-to-write 1
    rdbchecksum yes
    rdbcompression yes
    repl-diskless-sync yes
    save 900 1    

  sentinel.conf: |
    dir "/data"
    port 26379
        sentinel down-after-milliseconds mymaster 10000
        sentinel failover-timeout mymaster 180000
        maxclients 10000
        sentinel parallel-syncs mymaster 5    

  init.sh: |
    echo "$(date) Start..."
    HOSTNAME="$(hostname)"
    INDEX="${HOSTNAME##*-}"
    SENTINEL_PORT=26379
    MASTER=''
    MASTER_GROUP="mymaster"
    QUORUM="2"
    REDIS_CONF=/data/conf/redis.conf
    REDIS_PORT=6379
    REDIS_TLS_PORT=
    SENTINEL_CONF=/data/conf/sentinel.conf
    SENTINEL_TLS_PORT=
    SERVICE=redis-ha
    SENTINEL_TLS_REPLICATION_ENABLED=false
    REDIS_TLS_REPLICATION_ENABLED=false
    set -eu

    sentinel_get_master() {
    set +e
        if [ "$SENTINEL_PORT" -eq 0 ]; then
            redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"   --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
            grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
        else
            redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
            grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
        fi
    set -e
    }

    sentinel_get_master_retry() {
        master=''
        retry=${1}
        sleep=3
        for i in $(seq 1 "${retry}"); do
            master=$(sentinel_get_master)
            if [ -n "${master}" ]; then
                break
            fi
            sleep $((sleep + i))
        done
        echo "${master}"
    }

    identify_master() {
        echo "Identifying redis master (get-master-addr-by-name).."
        echo "  using sentinel (redis-ha), sentinel group name (mymaster)"
        echo "  $(date).."
        MASTER="$(sentinel_get_master_retry 3)"
        if [ -n "${MASTER}" ]; then
            echo "  $(date) Found redis master (${MASTER})"
        else
            echo "  $(date) Did not find redis master (${MASTER})"
        fi
    }

    sentinel_update() {
        echo "Updating sentinel config.."
        echo "  evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
        eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
        echo "  sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
        sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
        if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
            echo "  redis master (${1}:${REDIS_TLS_PORT})"
            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
        else
            echo "  redis master (${1}:${REDIS_PORT})"
            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
        fi
        echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
        if [ "$SENTINEL_PORT" -eq 0 ]; then
            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
            echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
        else
            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
            echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
        fi
    }

    redis_update() {
        echo "Updating redis config.."
        if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
            echo "  we are slave of redis master (${1}:${REDIS_TLS_PORT})"
            echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
            echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
        else
            echo "  we are slave of redis master (${1}:${REDIS_PORT})"
            echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
            echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
        fi
        echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
    }

    copy_config() {
        echo "Copying default redis config.."
        echo "  to '${REDIS_CONF}'"
        cp /readonly-config/redis.conf "${REDIS_CONF}"
        echo "Copying default sentinel config.."
        echo "  to '${SENTINEL_CONF}'"
        cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
    }

    setup_defaults() {
        echo "Setting up defaults.."
        echo "  using statefulset index (${INDEX})"
        if [ "${INDEX}" = "0" ]; then
            echo "Setting this pod as master for redis and sentinel.."
            echo "  using announce (${ANNOUNCE_IP})"
            redis_update "${ANNOUNCE_IP}"
            sentinel_update "${ANNOUNCE_IP}"
            echo "  make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
            sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
        else
            echo "Getting redis master ip.."
            echo "  blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
            DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
            echo "  identified redis (may be redis master) ip (${DEFAULT_MASTER})"
            if [ -z "${DEFAULT_MASTER}" ]; then
                echo "Error: Unable to resolve redis master (getent hosts)."
                exit 1
            fi
            echo "Setting default slave config for redis and sentinel.."
            echo "  using master ip (${DEFAULT_MASTER})"
            redis_update "${DEFAULT_MASTER}"
            sentinel_update "${DEFAULT_MASTER}"
        fi
    }

    redis_ping() {
    set +e
        if [ "$REDIS_PORT" -eq 0 ]; then
            redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}"  --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping
        else
            redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping
        fi
    set -e
    }

    redis_ping_retry() {
        ping=''
        retry=${1}
        sleep=3
        for i in $(seq 1 "${retry}"); do
            if [ "$(redis_ping)" = "PONG" ]; then
               ping='PONG'
               break
            fi
            sleep $((sleep + i))
            MASTER=$(sentinel_get_master)
        done
        echo "${ping}"
    }

    find_master() {
        echo "Verifying redis master.."
        if [ "$REDIS_PORT" -eq 0 ]; then
            echo "  ping (${MASTER}:${REDIS_TLS_PORT})"
        else
            echo "  ping (${MASTER}:${REDIS_PORT})"
        fi
        echo "  $(date).."
        if [ "$(redis_ping_retry 3)" != "PONG" ]; then
            echo "  $(date) Can't ping redis master (${MASTER})"
            echo "Attempting to force failover (sentinel failover).."

            if [ "$SENTINEL_PORT" -eq 0 ]; then
                echo "  on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
                echo "  $(date).."
                if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"   --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
                    echo "Setting defaults for this pod.."
                    setup_defaults
                    return 0
                fi
            else
                echo "  on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
                echo "  $(date).."
                if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
                    echo "Setting defaults for this pod.."
                    setup_defaults
                    return 0
                fi
            fi

            echo "Hold on for 10sec"
            sleep 10
            echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
            if [ "$SENTINEL_PORT" -eq 0 ]; then
                echo "  sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
            else
                echo "  sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
            fi
            echo "  $(date).."
            MASTER="$(sentinel_get_master)"
            if [ "${MASTER}" ]; then
                echo "  $(date) Found redis master (${MASTER})"
                echo "Updating redis and sentinel config.."
                sentinel_update "${MASTER}"
                redis_update "${MASTER}"
            else
                echo "$(date) Error: Could not failover, exiting..."
                exit 1
            fi
        else
            echo "  $(date) Found reachable redis master (${MASTER})"
            echo "Updating redis and sentinel config.."
            sentinel_update "${MASTER}"
            redis_update "${MASTER}"
        fi
    }

    redis_ro_update() {
        echo "Updating read-only redis config.."
        echo "  redis.conf set 'replica-priority 0'"
        echo "replica-priority 0" >> ${REDIS_CONF}
    }

    getent_hosts() {
        index=${1:-${INDEX}}
        service="${SERVICE}-announce-${index}"
        pod="${SERVICE}-server-${index}"
        host=$(getent hosts "${service}")
        if [ -z "${host}" ]; then
            host=$(getent hosts "${pod}")
        fi
        echo "${host}"
    }

    mkdir -p /data/conf/

    echo "Initializing config.."
    copy_config

    # where is redis master
    identify_master

    echo "Identify announce ip for this pod.."
    echo "  using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
    ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
    echo "  identified announce (${ANNOUNCE_IP})"
    if [ -z "${ANNOUNCE_IP}" ]; then
        "Error: Could not resolve the announce ip for this pod."
        exit 1
    elif [ "${MASTER}" ]; then
        find_master
    else
        setup_defaults
    fi

    if [ "${AUTH:-}" ]; then
        echo "Setting redis auth values.."
        ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
        sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
    fi

    if [ "${SENTINELAUTH:-}" ]; then
        echo "Setting sentinel auth values"
        ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
        sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
    fi

    echo "$(date) Ready..."    

  haproxy.cfg: |
    global
      stats timeout 30s
      log         127.0.0.1 local2
      daemon
      maxconn     4000
    defaults REDIS
      mode tcp
      timeout connect 4s
      timeout server 330s
      timeout client 330s
      timeout check 2s

    listen health_check_http_url
      bind :8888
      mode http
      monitor-uri /healthz
      option      dontlognull
    # Check Sentinel and whether they are nominated master
    backend check_if_redis_is_master_0
      mode tcp
      option tcp-check
      tcp-check connect
      tcp-check send PING\r\n
      tcp-check expect string +PONG
      tcp-check send SENTINEL\ get-master-addr-by-name\ mymaster\r\n
      tcp-check expect string REPLACE_ANNOUNCE0
      tcp-check send QUIT\r\n
      tcp-check expect string +OK
      server R0 redis-ha-announce-0:26379 check inter 1s
      server R1 redis-ha-announce-1:26379 check inter 1s
      server R2 redis-ha-announce-2:26379 check inter 1s
    # Check Sentinel and whether they are nominated master
    backend check_if_redis_is_master_1
      mode tcp
      option tcp-check
      tcp-check connect
      tcp-check send PING\r\n
      tcp-check expect string +PONG
      tcp-check send SENTINEL\ get-master-addr-by-name\ mymaster\r\n
      tcp-check expect string REPLACE_ANNOUNCE1
      tcp-check send QUIT\r\n
      tcp-check expect string +OK
      server R0 redis-ha-announce-0:26379 check inter 1s
      server R1 redis-ha-announce-1:26379 check inter 1s
      server R2 redis-ha-announce-2:26379 check inter 1s
    # Check Sentinel and whether they are nominated master
    backend check_if_redis_is_master_2
      mode tcp
      option tcp-check
      tcp-check connect
      tcp-check send PING\r\n
      tcp-check expect string +PONG
      tcp-check send SENTINEL\ get-master-addr-by-name\ mymaster\r\n
      tcp-check expect string REPLACE_ANNOUNCE2
      tcp-check send QUIT\r\n
      tcp-check expect string +OK
      server R0 redis-ha-announce-0:26379 check inter 1s
      server R1 redis-ha-announce-1:26379 check inter 1s
      server R2 redis-ha-announce-2:26379 check inter 1s

    # decide redis backend to use
    #master
    frontend ft_redis_master
      bind *:6379
      use_backend bk_redis_master
    # Check all redis servers to see if they think they are master
    backend bk_redis_master
      mode tcp
      option tcp-check
      tcp-check connect
      tcp-check send PING\r\n
      tcp-check expect string +PONG
      tcp-check send info\ replication\r\n
      tcp-check expect string role:master
      tcp-check send QUIT\r\n
      tcp-check expect string +OK
      use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }
      server R0 redis-ha-announce-0:6379 check inter 1s fall 1 rise 1
      use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }
      server R1 redis-ha-announce-1:6379 check inter 1s fall 1 rise 1
      use-server R2 if { srv_is_up(R2) } { nbsrv(check_if_redis_is_master_2) ge 2 }
      server R2 redis-ha-announce-2:6379 check inter 1s fall 1 rise 1    
  haproxy_init.sh: |
    HAPROXY_CONF=/data/haproxy.cfg
    cp /readonly/haproxy.cfg "$HAPROXY_CONF"
    for loop in $(seq 1 10); do
      getent hosts redis-ha-announce-0 && break
      echo "Waiting for service redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
    done
    ANNOUNCE_IP0=$(getent hosts "redis-ha-announce-0" | awk '{ print $1 }')
    if [ -z "$ANNOUNCE_IP0" ]; then
      echo "Could not resolve the announce ip for redis-ha-announce-0"
      exit 1
    fi
    sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF"

    if [ "${AUTH:-}" ]; then
        echo "Setting auth values"
        ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
        sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
    fi
    for loop in $(seq 1 10); do
      getent hosts redis-ha-announce-1 && break
      echo "Waiting for service redis-ha-announce-1 to be ready ($loop) ..." && sleep 1
    done
    ANNOUNCE_IP1=$(getent hosts "redis-ha-announce-1" | awk '{ print $1 }')
    if [ -z "$ANNOUNCE_IP1" ]; then
      echo "Could not resolve the announce ip for redis-ha-announce-1"
      exit 1
    fi
    sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF"

    if [ "${AUTH:-}" ]; then
        echo "Setting auth values"
        ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
        sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
    fi
    for loop in $(seq 1 10); do
      getent hosts redis-ha-announce-2 && break
      echo "Waiting for service redis-ha-announce-2 to be ready ($loop) ..." && sleep 1
    done
    ANNOUNCE_IP2=$(getent hosts "redis-ha-announce-2" | awk '{ print $1 }')
    if [ -z "$ANNOUNCE_IP2" ]; then
      echo "Could not resolve the announce ip for redis-ha-announce-2"
      exit 1
    fi
    sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"

    if [ "${AUTH:-}" ]; then
        echo "Setting auth values"
        ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
        sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
    fi    
---
# Source: redis-ha/templates/redis-ha-health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: redis-ha-health-configmap
  labels:
    app: redis-ha
data:
  redis_liveness.sh: |
    response=$(
      redis-cli \
        -h localhost \
        -p 6379 \
        ping
    )
    if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then
      echo "$response"
      exit 1
    fi
    echo "response=$response"    
  redis_readiness.sh: |
    response=$(
      redis-cli \
        -h localhost \
        -p 6379 \
        ping
    )
    if [ "$response" != "PONG" ] ; then
      echo "$response"
      exit 1
    fi
    echo "response=$response"    
  sentinel_liveness.sh: |
    response=$(
      redis-cli \
        -h localhost \
        -p 26379 \
        ping
    )
    if [ "$response" != "PONG" ]; then
      echo "$response"
      exit 1
    fi
    echo "response=$response"    
---
# Source: redis-ha/templates/redis-ha-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: redis-ha
  labels:
    app: redis-ha
rules:
- apiGroups:
    - ""
  resources:
    - endpoints
  verbs:
    - get
---
# Source: redis-ha/templates/redis-haproxy-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: redis-ha-haproxy
  labels:
    app: redis-ha
rules:
- apiGroups:
    - ""
  resources:
    - endpoints
  verbs:
    - get
---
# Source: redis-ha/templates/redis-ha-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: redis-ha
  labels:
    app: redis-ha
subjects:
- kind: ServiceAccount
  name: redis-ha
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: redis-ha
---
# Source: redis-ha/templates/redis-haproxy-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: redis-ha-haproxy
  labels:
    app: redis-ha
subjects:
- kind: ServiceAccount
  name: redis-ha-haproxy
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: redis-ha-haproxy
---
# Source: redis-ha/templates/redis-ha-announce-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: redis-ha-announce-0
  labels:
    app: redis-ha
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
spec:
  publishNotReadyAddresses: true
  type: ClusterIP
  ports:
  - name: tcp-server
    port: 6379
    protocol: TCP
    targetPort: redis
  - name: tcp-sentinel
    port: 26379
    protocol: TCP
    targetPort: sentinel
  selector:
    release: redis-ha
    app: redis-ha
    "statefulset.kubernetes.io/pod-name": redis-ha-server-0
---
# Source: redis-ha/templates/redis-ha-announce-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: redis-ha-announce-1
  labels:
    app: redis-ha
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
spec:
  publishNotReadyAddresses: true
  type: ClusterIP
  ports:
  - name: tcp-server
    port: 6379
    protocol: TCP
    targetPort: redis
  - name: tcp-sentinel
    port: 26379
    protocol: TCP
    targetPort: sentinel
  selector:
    release: redis-ha
    app: redis-ha
    "statefulset.kubernetes.io/pod-name": redis-ha-server-1
---
# Source: redis-ha/templates/redis-ha-announce-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: redis-ha-announce-2
  labels:
    app: redis-ha
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
spec:
  publishNotReadyAddresses: true
  type: ClusterIP
  ports:
  - name: tcp-server
    port: 6379
    protocol: TCP
    targetPort: redis
  - name: tcp-sentinel
    port: 26379
    protocol: TCP
    targetPort: sentinel
  selector:
    release: redis-ha
    app: redis-ha
    "statefulset.kubernetes.io/pod-name": redis-ha-server-2
---
# Source: redis-ha/templates/redis-ha-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: redis-ha
  labels:
    app: redis-ha
  annotations:
spec:
  type: ClusterIP
  clusterIP: None
  ports:
  - name: tcp-server
    port: 6379
    protocol: TCP
    targetPort: redis
  - name: tcp-sentinel
    port: 26379
    protocol: TCP
    targetPort: sentinel
  selector:
    release: redis-ha
    app: redis-ha
---
# Source: redis-ha/templates/redis-haproxy-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: redis-ha-haproxy
  labels:
    app: redis-ha
  annotations:
spec:
  type: NodePort
  ports:
  - name: tcp-haproxy
    port: 6379
    protocol: TCP
    targetPort: redis
  selector:
    release: redis-ha
    app: redis-ha-haproxy
---
# Source: redis-ha/templates/redis-haproxy-deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
  name: redis-ha-haproxy
  labels:
    app: redis-ha
    release: "redis-ha"
spec:
  strategy:
    type: RollingUpdate
  revisionHistoryLimit: 1
  replicas: 3
  selector:
    matchLabels:
      app: redis-ha-haproxy
      release: redis-ha
  template:
    metadata:
      name: redis-ha-haproxy
      labels:
        app: redis-ha-haproxy
        release: redis-ha
    spec:
      # Needed when using unmodified rbac-setup.yml
      
      serviceAccountName: redis-ha-haproxy
      
      nodeSelector:
        {}
      tolerations:
        null
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app: redis-ha-haproxy
                  release: redis-ha
                  revision: "1"
              topologyKey: kubernetes.io/hostname
      initContainers:
      - name: config-init
        image: {{BASE_IMAGE_URL}}/{{redis_haproxy_image}}
        imagePullPolicy: IfNotPresent
        resources:
          {}
        command:
        - sh
        args:
        - /readonly/haproxy_init.sh
        volumeMounts:
        - name: config-volume
          mountPath: /readonly
          readOnly: true
        - name: data
          mountPath: /data
      securityContext:
        fsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
      containers:
      - name: haproxy
        image: {{BASE_IMAGE_URL}}/{{redis_haproxy_image}}
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8888
          initialDelaySeconds: 5
          periodSeconds: 3
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8888
          initialDelaySeconds: 5
          periodSeconds: 3
        ports:
        - name: redis
          containerPort: 6379
        resources:
          {}
        volumeMounts:
        - name: data
          mountPath: /usr/local/etc/haproxy
        - name: shared-socket
          mountPath: /run/haproxy
        lifecycle:
          {}
      volumes:
      - name: config-volume
        configMap:
          name: redis-ha-configmap
      - name: shared-socket
        emptyDir:
          {}
      - name: data
        emptyDir:
          {}
---
# Source: redis-ha/templates/redis-ha-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: redis-ha-server
  labels:
    redis-ha: replica
    app: redis-ha
  annotations:
    {}
spec:
  selector:
    matchLabels:
      release: redis-ha
      app: redis-ha
  serviceName: redis-ha
  replicas: 3
  podManagementPolicy: OrderedReady
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      annotations:
        checksum/init-config: 517d45d3b64dea56cae9f3786d00b75018a8356871af0f8724d8c379716b6563
      labels:
        release: redis-ha
        app: redis-ha
        redis-ha: replica
    spec:
      terminationGracePeriodSeconds: 60
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app: redis-ha
                  release: redis-ha
                  redis-ha: replica
              topologyKey: kubernetes.io/hostname
      securityContext:
        fsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
      serviceAccountName: redis-ha
      automountServiceAccountToken: false
      initContainers:
      - name: config-init
        image: {{BASE_IMAGE_URL}}/{{redis_image}}
        imagePullPolicy: IfNotPresent
        resources:
          {}
        command:
        - sh
        args:
        - /readonly-config/init.sh
        env:
        - name: SENTINEL_ID_0
          value: a0ddf4367a72f8e768e2546287bf0b303985c19f

        - name: SENTINEL_ID_1
          value: bc16ddc9a19ce8f3ff5ec8f31a2d6b94436af8a3

        - name: SENTINEL_ID_2
          value: ce2a8c84e9e96e3cf079fafb2ad20bcde4a7b533

        volumeMounts:
        - name: config
          mountPath: /readonly-config
          readOnly: true
        - name: data
          mountPath: /data


      containers:
      - name: redis
        image: {{BASE_IMAGE_URL}}/{{redis_image}}
        imagePullPolicy: IfNotPresent
        command:
        - redis-server
        args:
        - /data/conf/redis.conf
        livenessProbe:
          initialDelaySeconds: 30
          periodSeconds: 15
          timeoutSeconds: 15
          successThreshold: 1
          failureThreshold: 5
          exec:
            command:
              - sh
              - -c
              - /health/redis_liveness.sh
        readinessProbe:
          initialDelaySeconds: 30
          periodSeconds: 15
          timeoutSeconds: 15
          successThreshold: 1
          failureThreshold: 5
          exec:
            command:
              - sh
              - -c
              - /health/redis_readiness.sh
        resources:
          {}
        ports:
        - name: redis
          containerPort: 6379
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /health
          name: health
        lifecycle:
          {}
      - name: sentinel
        image: {{BASE_IMAGE_URL}}/{{redis_image}}
        imagePullPolicy: IfNotPresent
        command:
          - redis-sentinel
        args:
          - /data/conf/sentinel.conf
        livenessProbe:
          initialDelaySeconds: 30
          periodSeconds: 15
          timeoutSeconds: 15
          successThreshold: 1
          failureThreshold: 5
          exec:
            command:
              - sh
              - -c
              - /health/sentinel_liveness.sh
        readinessProbe:
          initialDelaySeconds: 30
          periodSeconds: 15
          timeoutSeconds: 15
          successThreshold: 3
          failureThreshold: 5
          exec:
            command:
              - sh
              - -c
              - /health/sentinel_liveness.sh
        resources:
          {}
        ports:
          - name: sentinel
            containerPort: 26379
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /health
          name: health
        lifecycle:
          {}
      volumes:
      - name: config
        configMap:
          name: redis-ha-configmap
      - name: health
        configMap:
          name: redis-ha-health-configmap
          defaultMode: 0755
      - name: data
        emptyDir:
          {}