Probe use built-in, discarded healthcheck.sh

Signed-off-by: muicoder <[email protected]> https://github.com/redis/redis/blob/unstable/TLS.md
OT-CONTAINER-KIT · Feb 22, 2023 · 8a8c8a2 · 8a8c8a2
1 parent 7cf390e
commit 8a8c8a2
Showing 1 changed file with 92 additions and 65 deletions.
diff --git a/k8sutils/statefulset.go b/k8sutils/statefulset.go
@@ -301,8 +301,8 @@ func generateContainerDef(name string, containerParams containerParameters, enab
 				containerParams.RedisExporterEnv,
 				containerParams.TLSConfig,
 			),
-			ReadinessProbe: getProbeInfo(containerParams.ReadinessProbe),
-			LivenessProbe:  getProbeInfo(containerParams.LivenessProbe),
+			ReadinessProbe: getProbeInfo(containerParams.Role, containerParams.ReadinessProbe, containerParams.TLSConfig),
+			LivenessProbe:  getProbeInfo(containerParams.Role, containerParams.LivenessProbe, containerParams.TLSConfig),
 			VolumeMounts:   getVolumeMount(name, containerParams.PersistenceEnabled, externalConfig, mountpath, containerParams.TLSConfig),
 		},
 	}
@@ -336,42 +336,43 @@ func generateContainerDef(name string, containerParams containerParameters, enab
 	return containerDefinition
 }
 
-func GenerateTLSEnvironmentVariables(tlsconfig *redisv1beta1.TLSConfig) []corev1.EnvVar {
-	var envVars []corev1.EnvVar
+func GenerateTLSEnvironmentVariables(enabledMetric bool, tlsConfig *redisv1beta1.TLSConfig) []corev1.EnvVar {
 	root := "/tls/"
 
 	// get and set Defaults
 	caCert := "ca.crt"
-	tlsCert := "tls.crt"
-	tlsCertKey := "tls.key"
+	tlsCert := "server.crt"
+	tlsCertKey := "server.key"
+	if enabledMetric {
+		tlsCert = "client.crt"
+		tlsCertKey = "client.key"
+	}
 
-	if tlsconfig.CaKeyFile != "" {
-		caCert = tlsconfig.CaKeyFile
+	if tlsConfig.CaKeyFile != "" {
+		caCert = tlsConfig.CaKeyFile
 	}
-	if tlsconfig.CertKeyFile != "" {
-		tlsCert = tlsconfig.CertKeyFile
+	if tlsConfig.CertKeyFile != "" {
+		tlsCert = tlsConfig.CertKeyFile
 	}
-	if tlsconfig.KeyFile != "" {
-		tlsCertKey = tlsconfig.KeyFile
+	if tlsConfig.KeyFile != "" {
+		tlsCertKey = tlsConfig.KeyFile
 	}
 
-	envVars = append(envVars, corev1.EnvVar{
-		Name:  "TLS_MODE",
-		Value: "true",
-	})
-	envVars = append(envVars, corev1.EnvVar{
-		Name:  "REDIS_TLS_CA_KEY",
-		Value: path.Join(root, caCert),
-	})
-	envVars = append(envVars, corev1.EnvVar{
-		Name:  "REDIS_TLS_CERT",
-		Value: path.Join(root, tlsCert),
-	})
-	envVars = append(envVars, corev1.EnvVar{
-		Name:  "REDIS_TLS_CERT_KEY",
-		Value: path.Join(root, tlsCertKey),
-	})
-	return envVars
+	if enabledMetric {
+		return []corev1.EnvVar{
+			{Name: "REDIS_EXPORTER_SKIP_TLS_VERIFICATION", Value: "true"},
+			{Name: "REDIS_EXPORTER_TLS_CA_CERT_FILE", Value: path.Join(root, caCert)},
+			{Name: "REDIS_EXPORTER_TLS_CLIENT_CERT_FILE", Value: path.Join(root, tlsCert)},
+			{Name: "REDIS_EXPORTER_TLS_CLIENT_KEY_FILE", Value: path.Join(root, tlsCertKey)},
+		}
+	} else {
+		return []corev1.EnvVar{
+			{Name: "TLS_MODE", Value: "true"},
+			{Name: "REDIS_TLS_CA_KEY", Value: path.Join(root, caCert)},
+			{Name: "REDIS_TLS_CERT", Value: path.Join(root, tlsCert)},
+			{Name: "REDIS_TLS_CERT_KEY", Value: path.Join(root, tlsCertKey)},
+		}
+	}
 }
 
 // enableRedisMonitoring will add Redis Exporter as sidecar container
@@ -437,7 +438,43 @@ func getVolumeMount(name string, persistenceEnabled *bool, externalConfig *strin
 }
 
 // getProbeInfo generate probe for Redis StatefulSet
-func getProbeInfo(probe *redisv1beta1.Probe) *corev1.Probe {
+func getProbeInfo(role string, probe *redisv1beta1.Probe, tlsConfig *redisv1beta1.TLSConfig) *corev1.Probe {
+	probePort := redisPort
+	if role == "sentinel" {
+		probePort = sentinelPort
+	}
+	ProbeCommand := []string{
+		"redis-cli", "-p", strconv.Itoa(probePort),
+		"ping",
+	}
+	if tlsConfig != nil {
+		root := "/tls/"
+
+		// get and set Defaults
+		caCert := "ca.crt"
+		tlsCert := "client.crt"
+		tlsCertKey := "client.key"
+
+		if tlsConfig.CaKeyFile != "" {
+			caCert = tlsConfig.CaKeyFile
+		}
+		if tlsConfig.CertKeyFile != "" {
+			tlsCert = tlsConfig.CertKeyFile
+		}
+		if tlsConfig.KeyFile != "" {
+			tlsCertKey = tlsConfig.KeyFile
+		}
+
+		ProbeCommand = []string{
+			"redis-cli", "-p", strconv.Itoa(probePort),
+			"--tls",
+			"--cacert", path.Join(root, caCert),
+			"--cert", path.Join(root, tlsCert),
+			"--key", path.Join(root, tlsCertKey),
+			"ping",
+		}
+	}
+
 	return &corev1.Probe{
 		InitialDelaySeconds: probe.InitialDelaySeconds,
 		PeriodSeconds:       probe.PeriodSeconds,
@@ -446,54 +483,44 @@ func getProbeInfo(probe *redisv1beta1.Probe) *corev1.Probe {
 		SuccessThreshold:    probe.SuccessThreshold,
 		ProbeHandler: corev1.ProbeHandler{
 			Exec: &corev1.ExecAction{
-				Command: []string{
-					"bash",
-					"/usr/bin/healthcheck.sh",
-				},
+				Command: ProbeCommand,
 			},
 		},
 	}
 }
 
 // getEnvironmentVariables returns all the required Environment Variables
 func getEnvironmentVariables(role string, enabledMetric bool, enabledPassword *bool, secretName *string, secretKey *string, persistenceEnabled *bool, exporterEnvVar *[]corev1.EnvVar, tlsConfig *redisv1beta1.TLSConfig) []corev1.EnvVar {
-	envVars := []corev1.EnvVar{
-		{Name: "SERVER_MODE", Value: role},
-		{Name: "SETUP_MODE", Value: role},
-	}
+	var envVars []corev1.EnvVar
 
-	redisHost := "redis://localhost:6379"
 	if tlsConfig != nil {
-		redisHost = "rediss://localhost:6379"
-		envVars = append(envVars, GenerateTLSEnvironmentVariables(tlsConfig)...)
-		if enabledMetric {
-			envVars = append(envVars, corev1.EnvVar{
-				Name:  "REDIS_EXPORTER_TLS_CLIENT_KEY_FILE",
-				Value: "/tls/tls.key",
-			})
-			envVars = append(envVars, corev1.EnvVar{
-				Name:  "REDIS_EXPORTER_TLS_CLIENT_CERT_FILE",
-				Value: "/tls/tls.crt",
-			})
-			envVars = append(envVars, corev1.EnvVar{
-				Name:  "REDIS_EXPORTER_TLS_CA_CERT_FILE",
-				Value: "/tls/ca.crt",
-			})
-			envVars = append(envVars, corev1.EnvVar{
-				Name:  "REDIS_EXPORTER_SKIP_TLS_VERIFICATION",
-				Value: "true",
-			})
-		}
+		envVars = append(envVars, GenerateTLSEnvironmentVariables(enabledMetric, tlsConfig)...)
 	}
 
-	envVars = append(envVars, corev1.EnvVar{
-		Name:  "REDIS_ADDR",
-		Value: redisHost,
-	})
+	RedisPassword := "REDISCLI_AUTH"
+	if enabledMetric {
+		envVars = append(envVars, corev1.EnvVar{
+			Name: "REDIS_ADDR",
+			Value: func(role string, tls *redisv1beta1.TLSConfig) string {
+				prefix := "redis://localhost:"
+				if tls != nil {
+					prefix = "rediss://localhost:"
+				}
+				if role == "sentinel" {
+					return prefix + strconv.Itoa(sentinelPort)
+				} else {
+					return prefix + strconv.Itoa(redisPort)
+				}
+			}(role, tlsConfig),
+		})
+		RedisPassword = "REDIS_PASSWORD"
+	} else {
+		envVars = append(envVars, corev1.EnvVar{Name: "SERVER_MODE", Value: role})
+	}
 
 	if enabledPassword != nil && *enabledPassword {
 		envVars = append(envVars, corev1.EnvVar{
-			Name: "REDIS_PASSWORD",
+			Name: RedisPassword,
 			ValueFrom: &corev1.EnvVarSource{
 				SecretKeyRef: &corev1.SecretKeySelector{
 					LocalObjectReference: corev1.LocalObjectReference{
@@ -508,7 +535,7 @@ func getEnvironmentVariables(role string, enabledMetric bool, enabledPassword *b
 		envVars = append(envVars, corev1.EnvVar{Name: "PERSISTENCE_ENABLED", Value: "true"})
 	}
 
-	if exporterEnvVar != nil {
+	if enabledMetric && exporterEnvVar != nil {
 		envVars = append(envVars, *exporterEnvVar...)
 	}
 	sort.SliceStable(envVars, func(i, j int) bool {