From a165d304e22477cfbb66d49be525d3cf89c90d85 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 13 Sep 2023 02:33:21 +0200
Subject: [PATCH] feat(goharbor): Add "external", operator-managed redis
cluster
This patch should make redis HA, which should eliminate another SPOF for
goharbor. This is the first usage for the new redis operator.
---
apps/base/goharbor/kustomization.yaml | 2 ++
apps/base/goharbor/redis.yaml | 22 ++++++++++++++++++
apps/base/goharbor/release.yaml | 12 ++++------
shared/networkpolicies/allow-from-redis.yaml | 24 ++++++++++++++++++++
4 files changed, 52 insertions(+), 8 deletions(-)
create mode 100644 apps/base/goharbor/redis.yaml
create mode 100644 shared/networkpolicies/allow-from-redis.yaml
diff --git a/apps/base/goharbor/kustomization.yaml b/apps/base/goharbor/kustomization.yaml
index eecc11198..2d75e3a41 100644
--- a/apps/base/goharbor/kustomization.yaml
+++ b/apps/base/goharbor/kustomization.yaml
@@ -5,11 +5,13 @@ resources:
- namespace.yaml
- repository.yaml
- database.yaml
+ - redis.yaml
- release.yaml
- ../../../shared/networkpolicies/allow-from-same-namespace.yaml
- ../../../shared/networkpolicies/allow-from-ingress.yaml
- ../../../shared/networkpolicies/allow-from-monitoring.yaml
- ../../../shared/networkpolicies/allow-from-database.yaml
+ - ../../../shared/networkpolicies/allow-from-redis.yaml
patchesStrategicMerge:
- networkpolicy.yaml
configMapGenerator:
diff --git a/apps/base/goharbor/redis.yaml b/apps/base/goharbor/redis.yaml
new file mode 100644
index 000000000..f0651cb1d
--- /dev/null
+++ b/apps/base/goharbor/redis.yaml
@@ -0,0 +1,22 @@
+apiVersion: databases.spotahome.com/v1
+kind: RedisFailover
+metadata:
+ name: goharbor-redis
+ namespace: goharbor
+spec:
+ sentinel:
+ replicas: 3
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 100Mi
+ redis:
+ replicas: 3
+ resources:
+ requests:
+ memory: 128Mi
+ cpu: 100m
+ limits:
+ memory: 256Mi
+ cpu: 200m
diff --git a/apps/base/goharbor/release.yaml b/apps/base/goharbor/release.yaml
index 975b266d5..31db31372 100644
--- a/apps/base/goharbor/release.yaml
+++ b/apps/base/goharbor/release.yaml
@@ -127,14 +127,10 @@ spec:
post: 5432
sslmode: require
redis:
- internal:
- resources:
- requests:
- memory: 128Mi
- cpu: 100m
- limits:
- memory: 256Mi
- cpu: 200m
+ type: external
+ external:
+ addr: 'rfs-goharbor-redis:26379'
+ sentinelMasterSet: mymaster
exporter:
resources:
requests:
diff --git a/shared/networkpolicies/allow-from-redis.yaml b/shared/networkpolicies/allow-from-redis.yaml
new file mode 100644
index 000000000..1a6a03984
--- /dev/null
+++ b/shared/networkpolicies/allow-from-redis.yaml
@@ -0,0 +1,24 @@
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-from-redis
+spec:
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ redis.shivering-isles.com/network-access-required: "true"
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: redis-operator
+ ports:
+ - port: 26379
+ protocol: TCP
+ - port: 6379
+ protocol: TCP
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/part-of: redis-failover
--
GitLab