From 200196ec48ef51b4e83b883d06abdbf82f33e626 Mon Sep 17 00:00:00 2001 From: muicoder Date: Tue, 21 Feb 2023 15:01:29 +0800 Subject: [PATCH] Probe use built-in, discarded healthcheck.sh Signed-off-by: muicoder https://github.com/redis/redis/blob/unstable/TLS.md --- k8sutils/statefulset.go | 70 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 63 insertions(+), 7 deletions(-) diff --git a/k8sutils/statefulset.go b/k8sutils/statefulset.go index 4e69adb3c..215346522 100644 --- a/k8sutils/statefulset.go +++ b/k8sutils/statefulset.go @@ -379,8 +379,8 @@ func generateContainerDef(name string, containerParams containerParameters, clus containerParams.TLSConfig, containerParams.ACLConfig, ), - ReadinessProbe: getProbeInfo(containerParams.ReadinessProbe), - LivenessProbe: getProbeInfo(containerParams.LivenessProbe), + ReadinessProbe: getProbeInfo(containerParams, "R"), + LivenessProbe: getProbeInfo(containerParams, "L"), VolumeMounts: getVolumeMount(name, containerParams.PersistenceEnabled, clusterMode, externalConfig, mountpath, containerParams.TLSConfig, containerParams.ACLConfig), }, } @@ -562,7 +562,55 @@ func getVolumeMount(name string, persistenceEnabled *bool, clusterMode bool, ext } // getProbeInfo generate probe for Redis StatefulSet -func getProbeInfo(probe *redisv1beta1.Probe) *corev1.Probe { +func getProbeInfo(params containerParameters, probeType string) *corev1.Probe { + probePort := redisPort + if params.Role == "sentinel" { + probePort = sentinelPort + } + + probeCommand := []string{ + "redis-cli", "-p", strconv.Itoa(probePort), + "ping", + } + + if params.TLSConfig != nil { + root := "/tls/" + + // get and set Defaults + caCert := "ca.crt" + tlsCert := "tls.crt" + tlsCertKey := "tls.key" + + if params.TLSConfig.CaKeyFile != "" { + caCert = params.TLSConfig.CaKeyFile + } + if params.TLSConfig.CertKeyFile != "" { + tlsCert = params.TLSConfig.CertKeyFile + } + if params.TLSConfig.KeyFile != "" { + tlsCertKey = params.TLSConfig.KeyFile + } + + probeCommand = []string{ + "redis-cli", "-p", strconv.Itoa(probePort), + "--tls", + "--cacert", path.Join(root, caCert), + "--cert", path.Join(root, tlsCert), + "--key", path.Join(root, tlsCertKey), + "ping", + } + } + + var probe *redisv1beta1.Probe + switch probeType { + case "R": + probe = params.ReadinessProbe + case "L": + probe = params.LivenessProbe + default: + probe = params.LivenessProbe + } + return &corev1.Probe{ InitialDelaySeconds: probe.InitialDelaySeconds, PeriodSeconds: probe.PeriodSeconds, @@ -571,10 +619,7 @@ func getProbeInfo(probe *redisv1beta1.Probe) *corev1.Probe { SuccessThreshold: probe.SuccessThreshold, ProbeHandler: corev1.ProbeHandler{ Exec: &corev1.ExecAction{ - Command: []string{ - "bash", - "/usr/bin/healthcheck.sh", - }, + Command: probeCommand, }, }, } @@ -640,6 +685,17 @@ func getEnvironmentVariables(role string, enabledMetric bool, enabledPassword *b }, }, }) + envVars = append(envVars, corev1.EnvVar{ + Name: "REDISCLI_AUTH", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: *secretName, + }, + Key: *secretKey, + }, + }, + }) } if persistenceEnabled != nil && *persistenceEnabled { envVars = append(envVars, corev1.EnvVar{Name: "PERSISTENCE_ENABLED", Value: "true"})