223221c31e
It seems the latest redis image changed security settings so root-mounted volumes no longer work. This change: - mount redis volumes as redis user/group 999 - needed to run with redis >=8.0.2
142 lines
2.8 KiB
YAML
142 lines
2.8 KiB
YAML
{% if not no_pvc %}
|
|
# -------
|
|
# PVC
|
|
# -------
|
|
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: {{ name }}
|
|
namespace: {{ namespace }}
|
|
labels:
|
|
crawl: {{ id }}
|
|
role: redis
|
|
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
|
|
resources:
|
|
requests:
|
|
storage: {{ redis_storage }}
|
|
|
|
{% if volume_storage_class %}
|
|
storageClassName: {{ volume_storage_class }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
# --------
|
|
# REDIS
|
|
# --------
|
|
{% if init_redis %}
|
|
---
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: {{ name }}
|
|
namespace: {{ namespace }}
|
|
labels:
|
|
crawl: {{ id }}
|
|
role: redis
|
|
|
|
spec:
|
|
hostname: {{ name }}
|
|
subdomain: redis
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 999
|
|
runAsGroup: 999
|
|
fsGroup: 999
|
|
|
|
terminationGracePeriodSeconds: 10
|
|
volumes:
|
|
- name: shared-redis-conf
|
|
configMap:
|
|
name: shared-redis-conf
|
|
items:
|
|
- key: redis.conf
|
|
path: redis.conf
|
|
|
|
- name: redis-data
|
|
{% if not no_pvc %}
|
|
persistentVolumeClaim:
|
|
claimName: {{ name }}
|
|
{% else %}
|
|
emptyDir: {}
|
|
{% endif %}
|
|
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 1
|
|
preference:
|
|
matchExpressions:
|
|
- key: nodeType
|
|
operator: In
|
|
values:
|
|
- "{{ redis_node_type }}"
|
|
|
|
podAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 2
|
|
podAffinityTerm:
|
|
topologyKey: "failure-domain.beta.kubernetes.io/zone"
|
|
labelSelector:
|
|
matchLabels:
|
|
crawl: {{ id }}
|
|
|
|
tolerations:
|
|
- key: nodeType
|
|
operator: Equal
|
|
value: crawling
|
|
effect: NoSchedule
|
|
- key: node.kubernetes.io/not-ready
|
|
operator: Exists
|
|
tolerationSeconds: 300
|
|
effect: NoExecute
|
|
- key: node.kubernetes.io/unreachable
|
|
operator: Exists
|
|
effect: NoExecute
|
|
tolerationSeconds: 300
|
|
|
|
containers:
|
|
- name: redis
|
|
image: {{ redis_image }}
|
|
imagePullPolicy: {{ redis_image_pull_policy }}
|
|
|
|
args: ["/redis-conf/redis.conf", "--appendonly", "yes"]
|
|
volumeMounts:
|
|
- name: redis-data
|
|
mountPath: /data
|
|
|
|
- name: shared-redis-conf
|
|
mountPath: /redis-conf
|
|
|
|
resources:
|
|
limits:
|
|
memory: {{ memory }}
|
|
|
|
requests:
|
|
cpu: {{ cpu }}
|
|
memory: {{ memory }}
|
|
|
|
readinessProbe:
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 5
|
|
exec:
|
|
command:
|
|
- bash
|
|
- -c
|
|
- "res=$(redis-cli ping); [[ $res = 'PONG' ]]"
|
|
|
|
livenessProbe:
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 5
|
|
exec:
|
|
command:
|
|
- bash
|
|
- -c
|
|
- "res=$(redis-cli ping); [[ $res = 'PONG' ]]"
|
|
|
|
{% endif %}
|