feat: add separate redis for cf-argocd-extras and app-proxy

Author: mikhail-klimko

charts/gitops-runtime/Chart.yaml

@@ -40,3 +40,7 @@ dependencies:
 - name: cf-common
   repository: oci://quay.io/codefresh/charts
   version: 0.27.0
+- name: redis-ha
+  version: 4.33.4
+  repository: https://dandydeveloper.github.io/charts/
+  condition: redis-ha.enabled

charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml

@@ -217,6 +217,13 @@ LEADER_ID:
     fieldRef:
       fieldPath: metadata.name
 {{- end }}
+CACHE_HOST: {{ (splitList ":" (include "codefresh-gitops-runtime.argocd.redis.url" .) | first) }}
+CACHE_PORT: {{ (splitList ":" (include "codefresh-gitops-runtime.argocd.redis.url" .) | last) }}
+CACHE_PASSWORD:
+  valueFrom:
+    secretKeyRef:
+      name: gitops-runtime-redis
+      key: auth
 {{ include "codefresh-gitops-runtime.get-proxy-env-vars" . }}
 {{- end -}}
 

charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl

@@ -148,29 +148,29 @@ eventReporter:
       REDISDB:
         valueFrom:
           configMapKeyRef:
-            name: argocd-cmd-params-cm
+            name: event-reporter-cmd-params-cm
             key: redis.db
             optional: true
       REDIS_COMPRESSION:
         valueFrom:
           configMapKeyRef:
-            name: argocd-cmd-params-cm
+            name: event-reporter-cmd-params-cm
             key: redis.compression
             optional: true
       REDIS_PASSWORD:
         valueFrom:
           secretKeyRef:
-            name: argocd-redis
+            name: gitops-runtime-redis
             key: auth
       REDIS_SERVER:
         valueFrom:
           configMapKeyRef:
-            name: argocd-cmd-params-cm
+            name: event-reporter-cmd-params-cm
             key: redis.server
       REDIS_USERNAME:
         valueFrom:
           secretKeyRef:
-            name: argocd-redis
+            name: event-reporter-cmd-params-cm
             key: redis-username
             optional: true
       REPO_SERVER:
@@ -427,29 +427,29 @@ sourcesServer:
       REDISDB:
         valueFrom:
           configMapKeyRef:
-            name: argocd-cmd-params-cm
+            name: sources-server-cmd-params-cm
             key: redis.db
             optional: true
       REDIS_COMPRESSION:
         valueFrom:
           configMapKeyRef:
-            name: argocd-cmd-params-cm
+            name: sources-server-cmd-params-cm
             key: redis.compression
             optional: true
       REDIS_PASSWORD:
         valueFrom:
           secretKeyRef:
-            name: argocd-redis
+            name: gitops-runtime-redis
             key: auth
       REDIS_SERVER:
         valueFrom:
           configMapKeyRef:
-            name: argocd-cmd-params-cm
+            name: sources-server-cmd-params-cm
             key: redis.server
       REDIS_USERNAME:
         valueFrom:
           secretKeyRef:
-            name: argocd-redis
+            name: sources-server-cmd-params-cm
             key: redis-username
             optional: true
       REPO_SERVER:

charts/gitops-runtime/templates/_helpers.tpl

@@ -330,18 +330,18 @@ Determine argocd server password.
 Determine argocd redis url
 */}}
 {{- define "codefresh-gitops-runtime.argocd.redis.url" -}}
-{{- $argoCDValues := (get .Values "argo-cd") }}
-{{- if and (index .Values "argo-cd" "enabled") }}
-  {{- $serviceName := include "codefresh-gitops-runtime.argocd.redis.servicename" . }}
-  {{- $port := include "codefresh-gitops-runtime.argocd.redis.serviceport" . }}
-  {{- printf "%s:%s" $serviceName $port }}
-{{- else if and (index .Values "global" "external-argo-cd" "redis") }}
-  {{- $redis := (index .Values "global" "external-argo-cd" "redis") }}
-  {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.svc is not set" $redis.svc }}
-  {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.port is not set" $redis.port }}
-  {{- printf "%s:%v" $svc $port }}
+{{- if and (index .Values "redis-ha" "enabled") (index .Values "redis-ha" "haproxy" "enabled") }}
+  {{- $redisHa := (index .Values "redis-ha") -}}
+  {{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}}
+  {{- $serverName := printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}}
+  {{- $port := $redisHa.haproxy.servicePort -}}
+  {{- printf "%s:%v" $serverName $port }}
+{{- else if .Values.redis.enabled }}
+  {{- $serviceName := include "redis.fullname" . }}
+  {{- $port := .Values.redis.service.ports.redis.port }}
+  {{- printf "%s:%v" $serviceName $port }}
 {{- else }}
-  {{- fail "ArgoCD is not enabled and .Values.global.external-argo-cd.redis is not set" }}
+  {{- fail "ERROR: .Values.redis or .Values.redis-ha must be enabled!" }}
 {{- end }}
 {{- end}}
 
@@ -536,3 +536,75 @@ NO_PROXY: {{ .Values.global.noProxy | quote }}
 
 {{- printf "%s" $eventBusName }}
 {{- end }}
+
+{{- define "codefresh-gitops-runtime.image.name" -}}
+  {{/* Restoring root $ context */}}
+  {{- $ := .context -}}
+
+  {{- $registryName := .image.registry -}}
+  {{- $repositoryName := .image.repository -}}
+  {{- $imageTag := .image.tag | toString -}}
+  {{- $imageDigest := .image.digest }}
+
+  {{- if $.Values.global -}}
+    {{- if $.Values.global.imageRegistry -}}
+      {{ $registryName = $.Values.global.imageRegistry }}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if $registryName -}}
+    {{- if $imageDigest }}
+      {{- printf "%s/%s:%s@%s" $registryName $repositoryName $imageTag $imageDigest -}}
+    {{- else }}
+      {{- printf "%s/%s:%s" $registryName $repositoryName $imageTag -}}
+    {{- end }}
+  {{- else }}
+    {{- if $imageDigest }}
+      {{- printf "%s:%s@%s" $repositoryName $imageTag $imageDigest -}}
+    {{- else }}
+      {{- printf "%s:%s" $repositoryName $imageTag -}}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- define "codefresh-gitops-runtime.env-vars"}}
+{{- $ := .context }}
+  {{- if .Values }}
+    {{- if not (kindIs "map" .Values) }}
+      {{ fail "ERROR: env block must be a map"}}
+    {{- end }}
+  {{- end }}
+  {{- $env := .Values }}
+  {{- $templatedEnv := include "codefresh-gitops-runtime.tplrender" (dict "Values" $env "context" $) | fromYaml }}
+  {{- range $name, $val := $templatedEnv }}
+    {{- if or (kindIs "string" $val) (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }}
+- name: {{ $name }}
+  value: {{ $val | quote }}
+    {{- else if kindIs "map" $val}}
+      {{- if hasKey $val "valueFrom" }}
+        {{- if or (hasKey $val.valueFrom "secretKeyRef") (hasKey $val.valueFrom "configMapKeyRef") (hasKey $val.valueFrom "fieldRef") }}
+- name: {{ $name }}
+{{- $val | toYaml | nindent 2 }}
+        {{- else}}
+          {{ fail "ERROR: Only secretKeyRef/configMapKeyRef/fieldRef are supported for valueFrom block for environment variables!" }}
+        {{- end}}
+      {{- else }}
+        {{ fail "ERROR: Cannot generate environment variables only strings and valueFrom are supported!"}}
+      {{- end }}
+    {{- else }}
+      {{ fail "ERROR: Only maps and string/int/bool are supported for environment variables!"}}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- define "codefresh-gitops-runtime.tplrender" -}}
+  {{- $tpl := .Values -}}
+  {{- if not (typeIs "string" $tpl) -}}
+    {{- $tpl = toYaml $tpl -}}
+  {{- end -}}
+  {{- if contains "{{" $tpl -}}
+    {{- tpl $tpl .context }}
+  {{- else -}}
+    {{- $tpl -}}
+  {{- end -}}
+{{- end -}}

charts/gitops-runtime/templates/app-proxy/deployment.yaml

@@ -3,6 +3,8 @@
 {{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }}
 {{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }}
 {{- $_ := set $appProxyContext.Values "argo-cd" (get .Values "argo-cd") }}
+{{- $_ := set $appProxyContext.Values "redis" (get .Values "redis") }}
+{{- $_ := set $appProxyContext.Values "redis-ha" (get .Values "redis-ha") }}
 
 {{/* Merge environment variables with the ones in _app-proxy-env.yaml */}}
 {{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" . | fromYaml) }}

charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml

@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: redis-secret-init
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
+    helm.sh/hook-weight: "10"
+spec:
+  backoffLimit: 0
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: redis-secret-init
+      restartPolicy: Never
+      containers:
+      - name: redis-secret-init
+        image: {{ include "codefresh-gitops-runtime.image.name" (dict "image" (index .Values "redis-secret-init" "image") "context" .) }}
+        imagePullPolicy: {{ index .Values "redis-secret-init" "image" "pullPolicy" | default "IfNotPresent" }}
+        command: ["sh", "-c"]
+        args:
+        - |
+          PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c16)
+          if kubectl get secret gitops-runtime-redis -o jsonpath="{.data.auth}" &> /dev/null; then
+            echo "Secret gitops-runtime-redis already exists, skipping creation"
+            exit 0
+          fi
+          kubectl create secret generic gitops-runtime-redis --from-literal=auth=$PASSWORD --dry-run=client -o yaml | kubectl apply -f -
+      {{- with (index .Values "redis-secret-init" "nodeSelector") | default .Values.global.nodeSelector }}
+      nodeSelector: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with (index .Values "redis-secret-init" "tolerations") | default .Values.global.tolerations }}
+      tolerations: {{ toYaml . | nindent 6 }}
+      {{- end }}
+      {{- with (index .Values "redis-secret-init" "affinity") }}
+      affinity: {{ toYaml . | nindent 8 }}
+      {{- end }}

charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml

@@ -0,0 +1,51 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: redis-secret-init
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed
+    helm.sh/hook-weight: "-10"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - gitops-runtime-redis
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: redis-secret-init
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed
+    helm.sh/hook-weight: "-10"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: redis-secret-init
+subjects:
+- kind: ServiceAccount
+  name: redis-secret-init
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: redis-secret-init
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed
+    helm.sh/hook-weight: "-10"

charts/gitops-runtime/templates/redis/_helpers.tpl

@@ -0,0 +1,48 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "redis.fullname" -}}
+{{- print "redis" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "redis.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "redis.labels" -}}
+helm.sh/chart: {{ include "redis.chart" . }}
+{{ include "redis.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: redis
+codefresh.io/internal: "true"
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "redis.selectorLabels" -}}
+app.kubernetes.io/name: redis
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "redis.serviceAccountName" -}}
+{{- if .Values.redis.serviceAccount.create }}
+{{- default (include "redis.fullname" .) .Values.redis.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.redis.serviceAccount.name }}
+{{- end }}
+{{- end }}