From eda9948e0971a214dfe8b4b55e1dfa11cfa2f96b Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Fri, 25 Jul 2025 09:41:40 +0200 Subject: [PATCH 01/14] BC-10251 replace bitnami container image --- ansible/roles/session-valkey/defaults/main.yaml | 3 ++- .../roles/session-valkey/templates/values.yml.j2 | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/ansible/roles/session-valkey/defaults/main.yaml b/ansible/roles/session-valkey/defaults/main.yaml index 25532fb19..456b68dfb 100644 --- a/ansible/roles/session-valkey/defaults/main.yaml +++ b/ansible/roles/session-valkey/defaults/main.yaml @@ -1,2 +1,3 @@ -SESSION_VALKEY_CHART_VERSION: 3.0.11 +SESSION_VALKEY_CHART_VERSION: 3.0.16 +SESSION_VALKEY_IMAGE_VERSION: 8.1.3 SESSION_VALKEY_REPLICAS: 3 diff --git a/ansible/roles/session-valkey/templates/values.yml.j2 b/ansible/roles/session-valkey/templates/values.yml.j2 index e30d97d42..7eb5fa4b8 100644 --- a/ansible/roles/session-valkey/templates/values.yml.j2 +++ b/ansible/roles/session-valkey/templates/values.yml.j2 @@ -1,5 +1,12 @@ global: defaultStorageClass: "{{ SC_DEFAULT_STORAGE_CLASS_NAME }}" + security: + allowInsecureImages: true + +image: + registry: docker.io + repository: valkey/valkey + tag: "{{ SESSION_VALKEY_IMAGE_VERSION }}" replica: replicaCount: {{ SESSION_VALKEY_REPLICAS }} pdb: @@ -31,8 +38,16 @@ sentinel: enabled: true readinessProbe: timeoutSeconds: 5 + image: + registry: docker.io + repository: valkey/valkey + tag: "{{ SESSION_VALKEY_IMAGE_VERSION }}" metrics: enabled: true + image: + registry: quay.io + repository: oliver006/redis_exporter + tag: 1.74.0 podMonitor: enabled: true extraArgs: From ed7e828892039911c7f193d4295afc8ca9c905a1 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Fri, 25 Jul 2025 12:26:14 +0200 Subject: [PATCH 02/14] temp --- .../roles/session-valkey/defaults/main.yaml | 1 + .../session-valkey/templates/values.yaml | 43 +++++++++++++++++++ .../session-valkey/templates/values.yml.j2 | 2 +- 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/session-valkey/templates/values.yaml diff --git a/ansible/roles/session-valkey/defaults/main.yaml b/ansible/roles/session-valkey/defaults/main.yaml index 456b68dfb..edf00f0c1 100644 --- a/ansible/roles/session-valkey/defaults/main.yaml +++ b/ansible/roles/session-valkey/defaults/main.yaml @@ -1,3 +1,4 @@ SESSION_VALKEY_CHART_VERSION: 3.0.16 SESSION_VALKEY_IMAGE_VERSION: 8.1.3 +SESSION_VALKEY_REDIS_EXPORTER_IMAGE_VERSION: v1.74.0 SESSION_VALKEY_REPLICAS: 3 diff --git a/ansible/roles/session-valkey/templates/values.yaml b/ansible/roles/session-valkey/templates/values.yaml new file mode 100644 index 000000000..75409a260 --- /dev/null +++ b/ansible/roles/session-valkey/templates/values.yaml @@ -0,0 +1,43 @@ +storage: + className: "nfs-client" + +haMode: + enabled: true + replicas: 3 + + +resources: + limits: + cpu: "1000m" + memory: "4Gi" + requests: + cpu: "100m" + memory: "1Gi" + +sentinelResources: + limits: + cpu: "1000m" + memory: "4Gi" + requests: + cpu: "100m" + memory: "1Gi" + +auth: + existingSecret: session-valkey-password + existingSecretPasswordKey: SESSION_VALKEY__SENTINEL_PASSWORD + usePasswordFiles: false + +metrics: + enabled: true + podMonitor: + enabled: true + extraArgs: + check-key-groups: '\(jwt\):.+' + serviceMonitor: + enabled: true + metricRelabelings: + - sourceLabels: [ __name__ ] + regex: redis_key_group_count + action: replace + targetLabel: longterm + replacement: "true" diff --git a/ansible/roles/session-valkey/templates/values.yml.j2 b/ansible/roles/session-valkey/templates/values.yml.j2 index 7eb5fa4b8..74159904e 100644 --- a/ansible/roles/session-valkey/templates/values.yml.j2 +++ b/ansible/roles/session-valkey/templates/values.yml.j2 @@ -47,7 +47,7 @@ metrics: image: registry: quay.io repository: oliver006/redis_exporter - tag: 1.74.0 + tag: "{{ SESSION_VALKEY_REDIS_EXPORTER_IMAGE_VERSION }}" podMonitor: enabled: true extraArgs: From 64a96c3231bd87f4810586ecf081e4691da7137e Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Fri, 25 Jul 2025 14:30:50 +0200 Subject: [PATCH 03/14] temp --- ansible/roles/session-valkey/templates/values.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ansible/roles/session-valkey/templates/values.yaml b/ansible/roles/session-valkey/templates/values.yaml index 75409a260..a4f46d1c4 100644 --- a/ansible/roles/session-valkey/templates/values.yaml +++ b/ansible/roles/session-valkey/templates/values.yaml @@ -4,6 +4,7 @@ storage: haMode: enabled: true replicas: 3 + masterGroupName: myprimary resources: @@ -22,10 +23,8 @@ sentinelResources: cpu: "100m" memory: "1Gi" -auth: - existingSecret: session-valkey-password - existingSecretPasswordKey: SESSION_VALKEY__SENTINEL_PASSWORD - usePasswordFiles: false +extraSecretValkeyConfigs: "session-valkey-auth" +extraSecretSentinelConfigs: "sentinel-session-valkey-auth" metrics: enabled: true @@ -40,4 +39,4 @@ metrics: regex: redis_key_group_count action: replace targetLabel: longterm - replacement: "true" + replacement: "true" \ No newline at end of file From 9be4f708e17f8883c6e88ee2e60d5af0c857b473 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Wed, 6 Aug 2025 17:14:45 +0200 Subject: [PATCH 04/14] lets break stuff --- ansible/roles/session-valkey/README.md | 3 + .../roles/session-valkey/defaults/main.yaml | 3 +- ansible/roles/session-valkey/tasks/main.yml | 34 +++++- .../templates/es-session-valkey-config.yml.j2 | 23 ++++ .../es-session-valkey-exporter.yml.j2 | 21 ++++ .../es-session-valkey-sentinel-config.yml.j2 | 22 ++++ .../session-valkey/templates/values.yaml | 42 ------- .../session-valkey/templates/values.yml.j2 | 107 +++++++----------- 8 files changed, 145 insertions(+), 110 deletions(-) create mode 100644 ansible/roles/session-valkey/README.md create mode 100644 ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 create mode 100644 ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 create mode 100644 ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 delete mode 100644 ansible/roles/session-valkey/templates/values.yaml diff --git a/ansible/roles/session-valkey/README.md b/ansible/roles/session-valkey/README.md new file mode 100644 index 000000000..572e6ea79 --- /dev/null +++ b/ansible/roles/session-valkey/README.md @@ -0,0 +1,3 @@ +session-valkey-password(1pwd) -> session-valkey-password(secret) -> session-valkey-auth(externalsecret) -> session-valkey-auth(secret) + -> session-valkey-auth(externalsecret) -> session-valkey-sentinel-config(secret) + -> session-valkey-auth(externalsecret) -> session-valkey-exporter-config(secret) \ No newline at end of file diff --git a/ansible/roles/session-valkey/defaults/main.yaml b/ansible/roles/session-valkey/defaults/main.yaml index edf00f0c1..608815a24 100644 --- a/ansible/roles/session-valkey/defaults/main.yaml +++ b/ansible/roles/session-valkey/defaults/main.yaml @@ -1,4 +1,5 @@ -SESSION_VALKEY_CHART_VERSION: 3.0.16 +SESSION_VALKEY_CHART_VERSION: 2.1.0 + SESSION_VALKEY_IMAGE_VERSION: 8.1.3 SESSION_VALKEY_REDIS_EXPORTER_IMAGE_VERSION: v1.74.0 SESSION_VALKEY_REPLICAS: 3 diff --git a/ansible/roles/session-valkey/tasks/main.yml b/ansible/roles/session-valkey/tasks/main.yml index f613b311d..4da4b6e33 100644 --- a/ansible/roles/session-valkey/tasks/main.yml +++ b/ansible/roles/session-valkey/tasks/main.yml @@ -7,11 +7,39 @@ tags: - 1password +- name: External Secret session-vakey-config + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: es-session-valkey-config.yml.j2 + when: EXTERNAL_SECRETS_OPERATOR + tags: + - 1password + +- name: External Secret session-vakey-sentinel-config + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: es-session-valkey-sentinel-config.yml.j2 + when: EXTERNAL_SECRETS_OPERATOR + tags: + - 1password + +- name: External Secret session-vakey-exporter + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: es-session-valkey-exporter.yml.j2 + when: EXTERNAL_SECRETS_OPERATOR + tags: + - 1password + - name: Install valkey sentinel kubernetes.core.helm: - chart_ref: oci://docker.io/bitnamicharts/valkey + chart_repo_url: "https://groundhog2k.github.io/helm-charts/" + chart_ref: valkey chart_version: '{{ SESSION_VALKEY_CHART_VERSION }}' - release_name: session-valkey + release_name: session release_namespace: '{{ NAMESPACE }}' release_state: present create_namespace: yes @@ -19,4 +47,4 @@ update_repo_cache: no values: "{{ lookup('template', 'values.yml.j2') | from_yaml }}" tags: - - helm + - helm \ No newline at end of file diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 new file mode 100644 index 000000000..3876f1c7e --- /dev/null +++ b/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 @@ -0,0 +1,23 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: session-valkey-config + namespace: {{ NAMESPACE }} + labels: + app: session-valkey +spec: + refreshInterval: {{ EXTERNAL_SECRETS_REFRESH_INTERVAL }} + secretStoreRef: + kind: SecretStore + name: {{ EXTERNAL_SECRETS_K8S_STORE }} + target: + name: session-valkey-config + template: + engineVersion: v2 + data: + valkey-auth.conf: | + requirepass "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" + masterauth "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" + dataFrom: + - extract: + key: session-valkey-password diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 new file mode 100644 index 000000000..023382549 --- /dev/null +++ b/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: session-valkey-exporter + namespace: {{ NAMESPACE }} + labels: + app: session-valkey +spec: + refreshInterval: {{ EXTERNAL_SECRETS_REFRESH_INTERVAL }} + secretStoreRef: + kind: SecretStore + name: {{ EXTERNAL_SECRETS_K8S_STORE }} + target: + name: session-valkey-exporter + template: + engineVersion: v2 + data: + REDIS_PASSWORD: "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" + dataFrom: + - extract: + key: session-valkey-password diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 new file mode 100644 index 000000000..a5c9ef906 --- /dev/null +++ b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: session-valkey-sentinel-config + namespace: {{ NAMESPACE }} + labels: + app: session-valkey +spec: + refreshInterval: {{ EXTERNAL_SECRETS_REFRESH_INTERVAL }} + secretStoreRef: + kind: SecretStore + name: {{ EXTERNAL_SECRETS_K8S_STORE }} + target: + name: session-valkey-sentinel-config + template: + engineVersion: v2 + data: + sentinel-auth.conf: | + sentinel auth-pass myprimary "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" + dataFrom: + - extract: + key: session-valkey-password diff --git a/ansible/roles/session-valkey/templates/values.yaml b/ansible/roles/session-valkey/templates/values.yaml deleted file mode 100644 index a4f46d1c4..000000000 --- a/ansible/roles/session-valkey/templates/values.yaml +++ /dev/null @@ -1,42 +0,0 @@ -storage: - className: "nfs-client" - -haMode: - enabled: true - replicas: 3 - masterGroupName: myprimary - - -resources: - limits: - cpu: "1000m" - memory: "4Gi" - requests: - cpu: "100m" - memory: "1Gi" - -sentinelResources: - limits: - cpu: "1000m" - memory: "4Gi" - requests: - cpu: "100m" - memory: "1Gi" - -extraSecretValkeyConfigs: "session-valkey-auth" -extraSecretSentinelConfigs: "sentinel-session-valkey-auth" - -metrics: - enabled: true - podMonitor: - enabled: true - extraArgs: - check-key-groups: '\(jwt\):.+' - serviceMonitor: - enabled: true - metricRelabelings: - - sourceLabels: [ __name__ ] - regex: redis_key_group_count - action: replace - targetLabel: longterm - replacement: "true" \ No newline at end of file diff --git a/ansible/roles/session-valkey/templates/values.yml.j2 b/ansible/roles/session-valkey/templates/values.yml.j2 index 74159904e..67b39bbad 100644 --- a/ansible/roles/session-valkey/templates/values.yml.j2 +++ b/ansible/roles/session-valkey/templates/values.yml.j2 @@ -1,69 +1,48 @@ -global: - defaultStorageClass: "{{ SC_DEFAULT_STORAGE_CLASS_NAME }}" - security: - allowInsecureImages: true +storage: + className: "nfs-client" -image: - registry: docker.io - repository: valkey/valkey - tag: "{{ SESSION_VALKEY_IMAGE_VERSION }}" -replica: - replicaCount: {{ SESSION_VALKEY_REPLICAS }} - pdb: - create: false - resources: - limits: - cpu: "{{ SESSION_VALKEY_CPU_LIMITS|default('1000m', true) }}" - memory: "{{ SESSION_VALKEY_MEMORY_LIMITS|default('4Gi', true) }}" - requests: - cpu: "{{ SESSION_VALKEY_CPU_REQUESTS|default('100m', true) }}" - memory: "{{ SESSION_VALKEY_MEMORY_REQUESTS|default('1Gi', true) }}" -primary: - pdb: - create: false - readinessProbe: - timeoutSeconds: 5 - resources: - limits: - cpu: "{{ SESSION_VALKEY_CPU_LIMITS|default('1000m', true) }}" - memory: "{{ SESSION_VALKEY_MEMORY_LIMITS|default('4Gi', true) }}" - requests: - cpu: "{{ SESSION_VALKEY_CPU_REQUESTS|default('100m', true) }}" - memory: "{{ SESSION_VALKEY_MEMORY_REQUESTS|default('1Gi', true) }}" -auth: - existingSecret: session-valkey-password - existingSecretPasswordKey: SESSION_VALKEY__SENTINEL_PASSWORD - usePasswordFiles: false -sentinel: +haMode: enabled: true - readinessProbe: - timeoutSeconds: 5 - image: - registry: docker.io - repository: valkey/valkey - tag: "{{ SESSION_VALKEY_IMAGE_VERSION }}" + replicas: 3 + masterGroupName: myprimary + +image: + registry: "docker.io" + repository: "valkey/valkey" + tag: "8.1.3" + +resources: + limits: + cpu: "1000m" + memory: "4Gi" + requests: + cpu: "100m" + memory: "1Gi" + +sentinelResources: + limits: + cpu: "1000m" + memory: "4Gi" + requests: + cpu: "100m" + memory: "1Gi" + +extraSecretValkeyConfigs: "session-valkey-config" +extraSecretSentinelConfigs: "session-valkey-sentinel-config" + metrics: enabled: true - image: - registry: quay.io - repository: oliver006/redis_exporter - tag: "{{ SESSION_VALKEY_REDIS_EXPORTER_IMAGE_VERSION }}" - podMonitor: - enabled: true - extraArgs: - check-key-groups: '\(jwt\):.+' + exporter: + args: + - --check-key-groups=(jwt):.+ + extraExporterEnvSecrets: + - "session-valkey-exporter" serviceMonitor: - enabled: true - metricRelabelings: - - sourceLabels: [ __name__ ] - regex: redis_key_group_count - action: replace - targetLabel: longterm - replacement: "true" -# OPS-6762 still up to debate if we will enable this -networkPolicy: - enabled: false -serviceAccount: - create: false -# https://github.com/bitnami/charts/issues/9689 -useHostnames: false + interval: 30s + extraEndpointParameters: + metricRelabelings: + - sourceLabels: [ __name__ ] + regex: redis_key_group_count + action: replace + targetLabel: longterm + replacement: "true" \ No newline at end of file From 7fabd50df190e5e29a6251afef0e0bee0df50fe2 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Thu, 7 Aug 2025 08:04:14 +0200 Subject: [PATCH 05/14] template in template, i love my live --- ansible/roles/session-valkey/tasks/main.yml | 6 +++--- .../templates/es-session-valkey-config.yml.j2 | 4 ++-- .../templates/es-session-valkey-exporter.yml.j2 | 2 +- .../templates/es-session-valkey-sentinel-config.yml.j2 | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ansible/roles/session-valkey/tasks/main.yml b/ansible/roles/session-valkey/tasks/main.yml index 4da4b6e33..e9c1af842 100644 --- a/ansible/roles/session-valkey/tasks/main.yml +++ b/ansible/roles/session-valkey/tasks/main.yml @@ -7,7 +7,7 @@ tags: - 1password -- name: External Secret session-vakey-config +- name: External Secret session-valkey-config kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" @@ -16,7 +16,7 @@ tags: - 1password -- name: External Secret session-vakey-sentinel-config +- name: External Secret session-valkey-sentinel-config kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" @@ -25,7 +25,7 @@ tags: - 1password -- name: External Secret session-vakey-exporter +- name: External Secret session-valkey-exporter kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 index 3876f1c7e..13add2335 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 @@ -16,8 +16,8 @@ spec: engineVersion: v2 data: valkey-auth.conf: | - requirepass "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" - masterauth "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" + requirepass "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" + masterauth "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" dataFrom: - extract: key: session-valkey-password diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 index 023382549..812cf3ee6 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 @@ -15,7 +15,7 @@ spec: template: engineVersion: v2 data: - REDIS_PASSWORD: "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" + REDIS_PASSWORD: "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" dataFrom: - extract: key: session-valkey-password diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 index a5c9ef906..b1ad68deb 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 @@ -16,7 +16,7 @@ spec: engineVersion: v2 data: sentinel-auth.conf: | - sentinel auth-pass myprimary "{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}" + sentinel auth-pass myprimary "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" dataFrom: - extract: key: session-valkey-password From e7d0729476461104611ae33908c432ca109e2c73 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Thu, 7 Aug 2025 08:17:07 +0200 Subject: [PATCH 06/14] sa --- .../session-valkey/templates/es-session-valkey-config.yml.j2 | 4 ++-- .../templates/es-session-valkey-exporter.yml.j2 | 2 +- .../templates/es-session-valkey-sentinel-config.yml.j2 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 index 13add2335..997279c7c 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 @@ -16,8 +16,8 @@ spec: engineVersion: v2 data: valkey-auth.conf: | - requirepass "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" - masterauth "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" + requirepass "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" + masterauth "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" dataFrom: - extract: key: session-valkey-password diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 index 812cf3ee6..e2d0076f0 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 @@ -15,7 +15,7 @@ spec: template: engineVersion: v2 data: - REDIS_PASSWORD: "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" + REDIS_PASSWORD: "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" dataFrom: - extract: key: session-valkey-password diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 index b1ad68deb..4e2b60f19 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 @@ -16,7 +16,7 @@ spec: engineVersion: v2 data: sentinel-auth.conf: | - sentinel auth-pass myprimary "{{ {{ .SESSION_VALKEY__SENTINEL_PASSWORD }} }}" + sentinel auth-pass myprimary "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" dataFrom: - extract: key: session-valkey-password From bbbe79003ecbc326c42051b807b624daa99ee20f Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Thu, 7 Aug 2025 10:21:04 +0200 Subject: [PATCH 07/14] fix warning --- .../templates/es-session-valkey-sentinel-config.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 index 4e2b60f19..3b4a44f39 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 @@ -17,6 +17,7 @@ spec: data: sentinel-auth.conf: | sentinel auth-pass myprimary "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" + requirepass "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" dataFrom: - extract: key: session-valkey-password From 5d56f2ed6446058d0563fe77014203d3f8fc9d85 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Thu, 7 Aug 2025 10:32:16 +0200 Subject: [PATCH 08/14] Trigger Build From 3b77df94d9670ef743ee8f23ade8a383d4c8bae0 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Thu, 7 Aug 2025 17:03:11 +0200 Subject: [PATCH 09/14] reintroduce warning --- .../templates/es-session-valkey-sentinel-config.yml.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 index 3b4a44f39..4e2b60f19 100644 --- a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 +++ b/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 @@ -17,7 +17,6 @@ spec: data: sentinel-auth.conf: | sentinel auth-pass myprimary "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" - requirepass "{% raw %}{{ .SESSION_VALKEY__SENTINEL_PASSWORD }}{% endraw %}" dataFrom: - extract: key: session-valkey-password From d5a795a07455b82b99996c44a3f1309db2552f11 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 12 Aug 2025 17:38:36 +0200 Subject: [PATCH 10/14] apply helm update --- ansible/roles/session-valkey/defaults/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/session-valkey/defaults/main.yaml b/ansible/roles/session-valkey/defaults/main.yaml index 608815a24..b7099444d 100644 --- a/ansible/roles/session-valkey/defaults/main.yaml +++ b/ansible/roles/session-valkey/defaults/main.yaml @@ -1,4 +1,4 @@ -SESSION_VALKEY_CHART_VERSION: 2.1.0 +SESSION_VALKEY_CHART_VERSION: 2.1.2 SESSION_VALKEY_IMAGE_VERSION: 8.1.3 SESSION_VALKEY_REDIS_EXPORTER_IMAGE_VERSION: v1.74.0 From 1aa6bae80cd0f9a21fb841cdd23c422d3782f963 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 12 Aug 2025 18:13:21 +0200 Subject: [PATCH 11/14] clean up --- .../session-valkey/templates/values.yml.j2 | 33 ++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/ansible/roles/session-valkey/templates/values.yml.j2 b/ansible/roles/session-valkey/templates/values.yml.j2 index 67b39bbad..a2e3ddc9b 100644 --- a/ansible/roles/session-valkey/templates/values.yml.j2 +++ b/ansible/roles/session-valkey/templates/values.yml.j2 @@ -1,31 +1,31 @@ storage: - className: "nfs-client" + className: "{{ SC_DEFAULT_STORAGE_CLASS_NAME }}" haMode: enabled: true - replicas: 3 + replicas: {{ SESSION_VALKEY_REPLICAS }} masterGroupName: myprimary image: registry: "docker.io" repository: "valkey/valkey" - tag: "8.1.3" + tag: "{{ SESSION_VALKEY_IMAGE_VERSION }}" resources: limits: - cpu: "1000m" - memory: "4Gi" + cpu: "{{ SESSION_VALKEY_CPU_LIMITS|default('1000m', true) }}" + memory: "{{ SESSION_VALKEY_MEMORY_LIMITS|default('4Gi', true) }}" requests: - cpu: "100m" - memory: "1Gi" + cpu: "{{ SESSION_VALKEY_CPU_REQUESTS|default('100m', true) }}" + memory: "{{ SESSION_VALKEY_MEMORY_REQUESTS|default('1Gi', true) }}" sentinelResources: limits: - cpu: "1000m" - memory: "4Gi" + cpu: "{{ SESSION_VALKEY_CPU_LIMITS|default('1000m', true) }}" + memory: "{{ SESSION_VALKEY_MEMORY_LIMITS|default('4Gi', true) }}" requests: - cpu: "100m" - memory: "1Gi" + cpu: "{{ SESSION_VALKEY_CPU_REQUESTS|default('100m', true) }}" + memory: "{{ SESSION_VALKEY_MEMORY_REQUESTS|default('1Gi', true) }}" extraSecretValkeyConfigs: "session-valkey-config" extraSecretSentinelConfigs: "session-valkey-sentinel-config" @@ -33,6 +33,17 @@ extraSecretSentinelConfigs: "session-valkey-sentinel-config" metrics: enabled: true exporter: + image: + registry: "docker.io" + repository: "oliver006/redis_exporter" + tag: "{{ SESSION_VALKEY_REDIS_EXPORTER_IMAGE_VERSION }}" + resources: + limits: + cpu: "{{ SESSION_VALKEY_EXPORTER_CPU_LIMITS|default('1000m', true) }}" + memory: "{{ SESSION_VALKEY_EXPORTER_MEMORY_LIMITS|default('1Gi', true) }}" + requests: + cpu: "{{ SESSION_VALKEY_EXPORTER_CPU_REQUESTS|default('100m', true) }}" + memory: "{{ SESSION_VALKEY_EXPORTER_MEMORY_REQUESTS|default('1Gi', true) }}" args: - --check-key-groups=(jwt):.+ extraExporterEnvSecrets: From 6ee3a354c1829096a49178b332bf8be1a2ad2aae Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 12 Aug 2025 18:25:48 +0200 Subject: [PATCH 12/14] fix naming --- ansible/roles/session-valkey/tasks/main.yml | 6 +++--- ...session-valkey-config.yml.j2 => es-valkey-config.yml.j2} | 0 ...ion-valkey-exporter.yml.j2 => es-valkey-exporter.yml.j2} | 0 ...tinel-config.yml.j2 => es-valkey-sentinel-config.yml.j2} | 0 4 files changed, 3 insertions(+), 3 deletions(-) rename ansible/roles/session-valkey/templates/{es-session-valkey-config.yml.j2 => es-valkey-config.yml.j2} (100%) rename ansible/roles/session-valkey/templates/{es-session-valkey-exporter.yml.j2 => es-valkey-exporter.yml.j2} (100%) rename ansible/roles/session-valkey/templates/{es-session-valkey-sentinel-config.yml.j2 => es-valkey-sentinel-config.yml.j2} (100%) diff --git a/ansible/roles/session-valkey/tasks/main.yml b/ansible/roles/session-valkey/tasks/main.yml index e9c1af842..6bcad11b4 100644 --- a/ansible/roles/session-valkey/tasks/main.yml +++ b/ansible/roles/session-valkey/tasks/main.yml @@ -11,7 +11,7 @@ kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" - template: es-session-valkey-config.yml.j2 + template: es-valkey-config.yml.j2 when: EXTERNAL_SECRETS_OPERATOR tags: - 1password @@ -20,7 +20,7 @@ kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" - template: es-session-valkey-sentinel-config.yml.j2 + template: es-valkey-sentinel-config.yml.j2 when: EXTERNAL_SECRETS_OPERATOR tags: - 1password @@ -29,7 +29,7 @@ kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" - template: es-session-valkey-exporter.yml.j2 + template: es-valkey-exporter.yml.j2 when: EXTERNAL_SECRETS_OPERATOR tags: - 1password diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 b/ansible/roles/session-valkey/templates/es-valkey-config.yml.j2 similarity index 100% rename from ansible/roles/session-valkey/templates/es-session-valkey-config.yml.j2 rename to ansible/roles/session-valkey/templates/es-valkey-config.yml.j2 diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 b/ansible/roles/session-valkey/templates/es-valkey-exporter.yml.j2 similarity index 100% rename from ansible/roles/session-valkey/templates/es-session-valkey-exporter.yml.j2 rename to ansible/roles/session-valkey/templates/es-valkey-exporter.yml.j2 diff --git a/ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 b/ansible/roles/session-valkey/templates/es-valkey-sentinel-config.yml.j2 similarity index 100% rename from ansible/roles/session-valkey/templates/es-session-valkey-sentinel-config.yml.j2 rename to ansible/roles/session-valkey/templates/es-valkey-sentinel-config.yml.j2 From fdfbfb24a7185e3a0de8e3b5848e4a82ee1a3ec5 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Wed, 13 Aug 2025 10:36:23 +0200 Subject: [PATCH 13/14] add requirement to externals ecrets operator --- ansible/group_vars/all/misc.yml | 4 ++-- ansible/group_vars/develop/external-secrets.yml | 2 -- ansible/playbook_rollout.yml | 1 + 3 files changed, 3 insertions(+), 4 deletions(-) delete mode 100644 ansible/group_vars/develop/external-secrets.yml diff --git a/ansible/group_vars/all/misc.yml b/ansible/group_vars/all/misc.yml index 528669fe1..450faf0d1 100644 --- a/ansible/group_vars/all/misc.yml +++ b/ansible/group_vars/all/misc.yml @@ -3,9 +3,9 @@ ANIT_AFFINITY_NODEPOOL_ENABLE: true ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY: "cloud.ionos.com/nodepool-name" -EXTERNAL_SECRETS_OPERATOR: false +EXTERNAL_SECRETS_OPERATOR: true +EXTERNAL_SECRETS_POSTFIX: "-source" EXTERNAL_SECRETS_K8S_STORE: k8s-store -EXTERNAL_SECRETS_POSTFIX: "" EXTERNAL_SECRETS_REFRESH_INTERVAL: "1m" EXTERNAL_SECRETS_NAMESPACE: external-secrets EXTERNAL_SECRETS_TOKEN_SECRET: external-secrets-k8s-store-token diff --git a/ansible/group_vars/develop/external-secrets.yml b/ansible/group_vars/develop/external-secrets.yml deleted file mode 100644 index b13eb364c..000000000 --- a/ansible/group_vars/develop/external-secrets.yml +++ /dev/null @@ -1,2 +0,0 @@ -EXTERNAL_SECRETS_OPERATOR: true -EXTERNAL_SECRETS_POSTFIX: "-source" \ No newline at end of file diff --git a/ansible/playbook_rollout.yml b/ansible/playbook_rollout.yml index 3eadf1f24..c60e72289 100644 --- a/ansible/playbook_rollout.yml +++ b/ansible/playbook_rollout.yml @@ -9,6 +9,7 @@ roles: - role: sys - role: pre_deployment + - role: external-secrets - role: dof_mongo - role: dof_postgresql - role: dof_rabbitmq From 169eee2069b24d6291f039fa54badc7df6cd080e Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Wed, 13 Aug 2025 16:51:33 +0200 Subject: [PATCH 14/14] fix sentinel and exporter resources --- .../roles/session-valkey/templates/values.yml.j2 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ansible/roles/session-valkey/templates/values.yml.j2 b/ansible/roles/session-valkey/templates/values.yml.j2 index a2e3ddc9b..b29ca8b96 100644 --- a/ansible/roles/session-valkey/templates/values.yml.j2 +++ b/ansible/roles/session-valkey/templates/values.yml.j2 @@ -21,11 +21,11 @@ resources: sentinelResources: limits: - cpu: "{{ SESSION_VALKEY_CPU_LIMITS|default('1000m', true) }}" - memory: "{{ SESSION_VALKEY_MEMORY_LIMITS|default('4Gi', true) }}" + cpu: "{{ SESSION_VALKEY_SENTINEL_CPU_LIMITS|default('150m', true) }}" + memory: "{{ SESSION_VALKEY_SENTINEL_MEMORY_LIMITS|default('192Mi', true) }}" requests: - cpu: "{{ SESSION_VALKEY_CPU_REQUESTS|default('100m', true) }}" - memory: "{{ SESSION_VALKEY_MEMORY_REQUESTS|default('1Gi', true) }}" + cpu: "{{ SESSION_VALKEY_SENTINEL_CPU_REQUESTS|default('100m', true) }}" + memory: "{{ SESSION_VALKEY_SENTINEL_MEMORY_REQUESTS|default('128Mi', true) }}" extraSecretValkeyConfigs: "session-valkey-config" extraSecretSentinelConfigs: "session-valkey-sentinel-config" @@ -39,11 +39,11 @@ metrics: tag: "{{ SESSION_VALKEY_REDIS_EXPORTER_IMAGE_VERSION }}" resources: limits: - cpu: "{{ SESSION_VALKEY_EXPORTER_CPU_LIMITS|default('1000m', true) }}" - memory: "{{ SESSION_VALKEY_EXPORTER_MEMORY_LIMITS|default('1Gi', true) }}" + cpu: "{{ SESSION_VALKEY_EXPORTER_CPU_LIMITS|default('150m', true) }}" + memory: "{{ SESSION_VALKEY_EXPORTER_MEMORY_LIMITS|default('192Mi', true) }}" requests: cpu: "{{ SESSION_VALKEY_EXPORTER_CPU_REQUESTS|default('100m', true) }}" - memory: "{{ SESSION_VALKEY_EXPORTER_MEMORY_REQUESTS|default('1Gi', true) }}" + memory: "{{ SESSION_VALKEY_EXPORTER_MEMORY_REQUESTS|default('128Mi', true) }}" args: - --check-key-groups=(jwt):.+ extraExporterEnvSecrets: