From 0485522e54dee5f64069d7a2d0d667ce4e0e1033 Mon Sep 17 00:00:00 2001 From: Cedric Hnyda Date: Thu, 21 Apr 2022 15:43:59 +0200 Subject: [PATCH] [bitnami/redis-cluster]: loadBalancerSourceRanges for external access (#9839) * [bitnami/redis-cluster]: loadBalancerSourceRanges for external access Signed-off-by: Cedric Hnyda * [bitnami/redis-cluster] Update components versions Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/redis-cluster/Chart.yaml | 2 +- bitnami/redis-cluster/README.md | 61 +++++++++---------- .../svc-cluster-external-access.yaml | 3 + bitnami/redis-cluster/values.yaml | 15 +++-- 4 files changed, 44 insertions(+), 37 deletions(-) diff --git a/bitnami/redis-cluster/Chart.yaml b/bitnami/redis-cluster/Chart.yaml index 351d051224..a09b55dd23 100644 --- a/bitnami/redis-cluster/Chart.yaml +++ b/bitnami/redis-cluster/Chart.yaml @@ -23,4 +23,4 @@ name: redis-cluster sources: - https://github.com/bitnami/bitnami-docker-redis - http://redis.io/ -version: 7.4.8 +version: 7.5.0 diff --git a/bitnami/redis-cluster/README.md b/bitnami/redis-cluster/README.md index cf014c6f22..17d1779c94 100644 --- a/bitnami/redis-cluster/README.md +++ b/bitnami/redis-cluster/README.md @@ -79,28 +79,22 @@ The command removes all the Kubernetes components associated with the chart and | `global.redis.password` | Redis™ password (overrides `password`) | `""` | -### Redis™ Cluster Common parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - ### Redis™ Cluster Common parameters | Name | Description | Value | | --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | | `image.registry` | Redis™ cluster image registry | `docker.io` | | `image.repository` | Redis™ cluster image repository | `bitnami/redis-cluster` | -| `image.tag` | Redis™ cluster image tag (immutable tags are recommended) | `6.2.6-debian-10-r137` | +| `image.tag` | Redis™ cluster image tag (immutable tags are recommended) | `6.2.6-debian-10-r190` | | `image.pullPolicy` | Redis™ cluster image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.debug` | Enable image debug mode | `false` | @@ -159,7 +153,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r346` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r400` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources.limits` | The resources limits for the container | `{}` | @@ -177,6 +171,7 @@ The command removes all the Kubernetes components associated with the chart and | `redis.updateStrategy.rollingUpdate.partition` | Partition update strategy | `0` | | `redis.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | | `redis.hostAliases` | Deployment pod host aliases | `[]` | +| `redis.hostNetwork` | Host networking requested for this pod. Use the host's network namespace. | `false` | | `redis.useAOFPersistence` | Whether to use AOF Persistence mode or not | `yes` | | `redis.containerPorts.redis` | Redis™ port | `6379` | | `redis.containerPorts.bus` | The busPort should be obtained adding 10000 to the redisPort. By default: 10000 + 6379 = 16379 | `16379` | @@ -261,19 +256,21 @@ The command removes all the Kubernetes components associated with the chart and ### Cluster management parameters -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------------- | -------------- | -| `cluster.init` | Enable the initialization of the Redis™ Cluster | `true` | -| `cluster.nodes` | The number of master nodes should always be >= 3, otherwise cluster creation will fail | `6` | -| `cluster.replicas` | Number of replicas for every master in the cluster | `1` | -| `cluster.externalAccess.enabled` | Enable access to the Redis | `false` | -| `cluster.externalAccess.service.type` | Type for the services used to expose every Pod | `LoadBalancer` | -| `cluster.externalAccess.service.port` | Port for the services used to expose every Pod | `6379` | -| `cluster.externalAccess.service.loadBalancerIP` | Array of load balancer IPs for each Redis™ node. Length must be the same as cluster.nodes | `[]` | -| `cluster.externalAccess.service.annotations` | Annotations to add to the services used to expose every Pod of the Redis™ Cluster | `{}` | -| `cluster.update.addNodes` | Boolean to specify if you want to add nodes after the upgrade | `false` | -| `cluster.update.currentNumberOfNodes` | Number of currently deployed Redis™ nodes | `6` | -| `cluster.update.newExternalIPs` | External IPs obtained from the services for the new nodes to add to the cluster | `[]` | +| Name | Description | Value | +| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | -------------- | +| `cluster.init` | Enable the initialization of the Redis™ Cluster | `true` | +| `cluster.nodes` | The number of master nodes should always be >= 3, otherwise cluster creation will fail | `6` | +| `cluster.replicas` | Number of replicas for every master in the cluster | `1` | +| `cluster.externalAccess.enabled` | Enable access to the Redis | `false` | +| `cluster.externalAccess.service.type` | Type for the services used to expose every Pod | `LoadBalancer` | +| `cluster.externalAccess.service.port` | Port for the services used to expose every Pod | `6379` | +| `cluster.externalAccess.service.loadBalancerIP` | Array of load balancer IPs for each Redis™ node. Length must be the same as cluster.nodes | `[]` | +| `cluster.externalAccess.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `cluster.externalAccess.service.annotations` | Annotations to add to the services used to expose every Pod of the Redis™ Cluster | `{}` | +| `cluster.update.addNodes` | Boolean to specify if you want to add nodes after the upgrade | `false` | +| `cluster.update.currentNumberOfNodes` | Number of currently deployed Redis™ nodes | `6` | +| `cluster.update.currentNumberOfReplicas` | Number of currently deployed Redis™ replicas | `1` | +| `cluster.update.newExternalIPs` | External IPs obtained from the services for the new nodes to add to the cluster | `[]` | ### Metrics sidecar parameters @@ -283,7 +280,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Redis™ exporter image registry | `docker.io` | | `metrics.image.repository` | Redis™ exporter image name | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis™ exporter image tag | `1.35.1-debian-10-r7` | +| `metrics.image.tag` | Redis™ exporter image tag | `1.37.0-debian-10-r31` | | `metrics.image.pullPolicy` | Redis™ exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.resources` | Metrics exporter resource requests and limits | `{}` | @@ -320,7 +317,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctlImage.command` | sysctlImage command to execute | `[]` | | `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` | | `sysctlImage.repository` | sysctlImage Init container repository | `bitnami/bitnami-shell` | -| `sysctlImage.tag` | sysctlImage Init container tag | `10-debian-10-r346` | +| `sysctlImage.tag` | sysctlImage Init container tag | `10-debian-10-r400` | | `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `IfNotPresent` | | `sysctlImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | diff --git a/bitnami/redis-cluster/templates/svc-cluster-external-access.yaml b/bitnami/redis-cluster/templates/svc-cluster-external-access.yaml index d4f6a5e058..fb70abb0b3 100644 --- a/bitnami/redis-cluster/templates/svc-cluster-external-access.yaml +++ b/bitnami/redis-cluster/templates/svc-cluster-external-access.yaml @@ -30,6 +30,9 @@ spec: {{- if $root.Values.cluster.externalAccess.service.loadBalancerIP }} loadBalancerIP: {{ index $root.Values.cluster.externalAccess.service.loadBalancerIP $i }} {{- end }} + {{- if and (eq .Values.externalAccess.service.type "LoadBalancer") .Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} + {{- end }} ports: - name: tcp-redis port: {{ $root.Values.cluster.externalAccess.service.port }} diff --git a/bitnami/redis-cluster/values.yaml b/bitnami/redis-cluster/values.yaml index e27b57cd58..38f7962314 100644 --- a/bitnami/redis-cluster/values.yaml +++ b/bitnami/redis-cluster/values.yaml @@ -72,7 +72,7 @@ image: ## Bitnami Redis™ image tag ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links ## - tag: 6.2.6-debian-10-r190 + tag: 6.2.6-debian-10-r193 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -323,7 +323,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 10-debian-10-r400 + tag: 10-debian-10-r402 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -738,6 +738,13 @@ cluster: ## @param cluster.externalAccess.service.loadBalancerIP Array of load balancer IPs for each Redis™ node. Length must be the same as cluster.nodes ## loadBalancerIP: [] + ## @param cluster.externalAccess.service.loadBalancerSourceRanges Service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] ## @param cluster.externalAccess.service.annotations Annotations to add to the services used to expose every Pod of the Redis™ Cluster ## annotations: {} @@ -776,7 +783,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.37.0-debian-10-r31 + tag: 1.37.0-debian-10-r33 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -929,7 +936,7 @@ sysctlImage: ## registry: docker.io repository: bitnami/bitnami-shell - tag: 10-debian-10-r400 + tag: 10-debian-10-r402 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace.