diff --git a/clusters/cl01tl/manifests/postiz/ConfigMap-postiz-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/postiz/ConfigMap-postiz-valkey-init-scripts.yaml new file mode 100644 index 000000000..b372da398 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/ConfigMap-postiz-valkey-init-scripts.yaml @@ -0,0 +1,87 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postiz-valkey-init-scripts + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm +data: + init.sh: |- + #!/bin/sh + set -eu + + # Default config paths + VALKEY_CONFIG=${VALKEY_CONFIG_PATH:-/data/conf/valkey.conf} + + LOGFILE="/data/init.log" + DATA_DIR="/data/conf" + + # Logging function (outputs to stderr and file) + log() { + echo "$(date) $1" | tee -a "$LOGFILE" >&2 + } + + # Clean old log if requested + if [ "${KEEP_OLD_LOGS:-false}" != "true" ]; then + rm -f "$LOGFILE" + fi + + if [ -f "$LOGFILE" ]; then + log "Detected restart of this instance ($HOSTNAME)" + fi + + log "Creating configuration in $DATA_DIR..." + mkdir -p "$DATA_DIR" + rm -f "$VALKEY_CONFIG" + + + # Base valkey.conf + log "Generating base valkey.conf" + { + echo "port 6379" + echo "protected-mode no" + echo "bind * -::*" + echo "dir /data" + } >>"$VALKEY_CONFIG" + # Replica mode configuration + log "Configuring replication mode" + + # Use POD_INDEX from Kubernetes metadata + POD_INDEX=${POD_INDEX:-0} + IS_MASTER=false + + # Check if this is pod-0 (master) + if [ "$POD_INDEX" = "0" ]; then + IS_MASTER=true + log "This pod (index $POD_INDEX) is configured as MASTER" + else + log "This pod (index $POD_INDEX) is configured as REPLICA" + fi + + # Configure replica settings + if [ "$IS_MASTER" = "false" ]; then + MASTER_HOST="postiz-valkey-0.postiz-valkey-headless.postiz.svc.cluster.local" + MASTER_PORT="6379" + + log "Configuring replica to follow master at $MASTER_HOST:$MASTER_PORT" + + { + echo "" + echo "# Replica Configuration" + echo "replicaof $MASTER_HOST $MASTER_PORT" + echo "replica-announce-ip postiz-valkey-$POD_INDEX.postiz-valkey-headless.postiz.svc.cluster.local" + } >>"$VALKEY_CONFIG" + fi + + # Append extra configs if present + if [ -f /usr/local/etc/valkey/valkey.conf ]; then + log "Appending /usr/local/etc/valkey/valkey.conf" + cat /usr/local/etc/valkey/valkey.conf >>"$VALKEY_CONFIG" + fi + if [ -d /extravalkeyconfigs ]; then + log "Appending files in /extravalkeyconfigs/" + cat /extravalkeyconfigs/* >>"$VALKEY_CONFIG" + fi diff --git a/clusters/cl01tl/manifests/postiz/Deployment-postiz.yaml b/clusters/cl01tl/manifests/postiz/Deployment-postiz.yaml index 4134e7603..c71befd73 100644 --- a/clusters/cl01tl/manifests/postiz/Deployment-postiz.yaml +++ b/clusters/cl01tl/manifests/postiz/Deployment-postiz.yaml @@ -55,7 +55,7 @@ spec: valueFrom: secretKeyRef: key: REDIS_URL - name: postiz-redis-config + name: postiz-valkey-config - name: BACKEND_INTERNAL_URL value: http://localhost:3000 - name: IS_GENERAL diff --git a/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-redis-config.yaml b/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-valkey-config.yaml similarity index 73% rename from clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-redis-config.yaml rename to clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-valkey-config.yaml index 13659088a..0d829d136 100644 --- a/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-redis-config.yaml +++ b/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-valkey-config.yaml @@ -1,10 +1,10 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: postiz-redis-config + name: postiz-valkey-config namespace: postiz labels: - app.kubernetes.io/name: postiz-redis-config + app.kubernetes.io/name: postiz-valkey-config app.kubernetes.io/instance: postiz app.kubernetes.io/part-of: postiz spec: @@ -18,7 +18,7 @@ spec: decodingStrategy: None key: /cl01tl/postiz/redis metadataPolicy: None - property: REDIS_URL + property: url - secretKey: user remoteRef: conversionStrategy: Default @@ -33,3 +33,10 @@ spec: key: /cl01tl/postiz/redis metadataPolicy: None property: password + - secretKey: default + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/postiz/redis + metadataPolicy: None + property: password diff --git a/clusters/cl01tl/manifests/postiz/PodMonitor-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/PodMonitor-postiz-valkey.yaml new file mode 100644 index 000000000..e0456b746 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/PodMonitor-postiz-valkey.yaml @@ -0,0 +1,23 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: postiz-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey + app.kubernetes.io/component: podmonitor +spec: + podMetricsEndpoints: + - port: metrics + interval: 30s + namespaceSelector: + matchNames: + - postiz + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz diff --git a/clusters/cl01tl/manifests/postiz/PrometheusRule-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/PrometheusRule-postiz-valkey.yaml new file mode 100644 index 000000000..7c4e1a8c1 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/PrometheusRule-postiz-valkey.yaml @@ -0,0 +1,47 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: postiz-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey +spec: + groups: + - name: postiz-valkey + rules: + - alert: ValkeyDown + annotations: + description: Valkey instance {{ $labels.instance }} is down. + summary: Valkey instance {{ $labels.instance }} down + expr: | + redis_up{service="postiz-valkey-metrics"} == 0 + for: 2m + labels: + severity: error + - alert: ValkeyMemoryHigh + annotations: + description: | + Valkey instance {{ $labels.instance }} is using {{ $value }}% of its available memory. + summary: Valkey instance {{ $labels.instance }} is using too much memory + expr: | + redis_memory_used_bytes{service="postiz-valkey-metrics"} * 100 + / + redis_memory_max_bytes{service="postiz-valkey-metrics"} + > 90 <= 100 + for: 2m + labels: + severity: error + - alert: ValkeyKeyEviction + annotations: + description: | + Valkey instance {{ $labels.instance }} has evicted {{ $value }} keys in the last 5 minutes. + summary: Valkey instance {{ $labels.instance }} has evicted keys + expr: | + increase(redis_evicted_keys_total{service="postiz-valkey-metrics"}[5m]) > 0 + for: 1s + labels: + severity: error diff --git a/clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml b/clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml deleted file mode 100644 index f61ac1c5a..000000000 --- a/clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-postiz - namespace: postiz - labels: - helm.sh/chart: redis-replication-1.1.0 - app.kubernetes.io/version: "1.1.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis-replication-postiz - app.kubernetes.io/instance: postiz - app.kubernetes.io/part-of: postiz -spec: - clusterSize: 3 - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 - kubernetesConfig: - image: "quay.io/opstree/redis:v8.4.2" - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 32Mi - redisSecret: - name: postiz-redis-config - key: password - storage: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: ceph-block - redisExporter: - enabled: true - image: "quay.io/opstree/redis-exporter:v1.81.0" - sentinel: - image: "quay.io/opstree/redis-sentinel:v8.4.2" - imagePullPolicy: IfNotPresent - redisSecret: - name: postiz-redis-config - key: password - resources: - requests: - cpu: 10m - memory: 32Mi - size: 3 diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-headless.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-headless.yaml new file mode 100644 index 000000000..194a1d9a0 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-headless.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: postiz-valkey-headless + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: headless +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: tcp + port: 6379 + targetPort: tcp + protocol: TCP + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-metrics.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-metrics.yaml new file mode 100644 index 000000000..4a1d3057f --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-metrics.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: postiz-valkey-metrics + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: valkey + annotations: +spec: + type: ClusterIP + ports: + - name: metrics + port: 9121 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-read.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-read.yaml new file mode 100644 index 000000000..cc4556a25 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-read.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: postiz-valkey-read + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: read +spec: + type: ClusterIP + ports: + - name: tcp + port: 6379 + targetPort: tcp + protocol: TCP + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey.yaml new file mode 100644 index 000000000..660ddb312 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: postiz-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: primary +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: tcp + protocol: TCP + name: tcp + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + statefulset.kubernetes.io/pod-name: postiz-valkey-0 diff --git a/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-valkey.yaml new file mode 100644 index 000000000..480c1718f --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-valkey.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: postiz-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/postiz/ServiceMonitor-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/ServiceMonitor-postiz-valkey.yaml new file mode 100644 index 000000000..373445233 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/ServiceMonitor-postiz-valkey.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: postiz-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey + app.kubernetes.io/component: service-monitor +spec: + endpoints: + - port: metrics + interval: 30s + namespaceSelector: + matchNames: + - postiz + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/component: metrics diff --git a/clusters/cl01tl/manifests/postiz/ServiceMonitor-redis-replication-postiz.yaml b/clusters/cl01tl/manifests/postiz/ServiceMonitor-redis-replication-postiz.yaml deleted file mode 100644 index 3394ef1c1..000000000 --- a/clusters/cl01tl/manifests/postiz/ServiceMonitor-redis-replication-postiz.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-postiz - namespace: postiz - labels: - helm.sh/chart: redis-replication-1.1.0 - app.kubernetes.io/version: "1.1.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis-replication-postiz - app.kubernetes.io/instance: postiz - app.kubernetes.io/part-of: postiz -spec: - selector: - matchLabels: - app: redis-replication-postiz - redis_setup_type: replication - role: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/postiz/StatefulSet-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/StatefulSet-postiz-valkey.yaml new file mode 100644 index 000000000..ca3920cca --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/StatefulSet-postiz-valkey.yaml @@ -0,0 +1,129 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postiz-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm +spec: + serviceName: postiz-valkey-headless + replicas: 3 + podManagementPolicy: OrderedReady + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + volumeClaimTemplates: + - metadata: + name: valkey-data + spec: + accessModes: + - ReadWriteOnce + storageClassName: "ceph-block" + resources: + requests: + storage: "1Gi" + template: + metadata: + labels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: postiz + annotations: + checksum/initconfig: "8ebc9d0805e0ac2e6000ec208f86483c" + spec: + automountServiceAccountToken: false + serviceAccountName: postiz-valkey + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + initContainers: + - name: postiz-valkey-init + image: docker.io/valkey/valkey:9.0.3 + imagePullPolicy: IfNotPresent + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + command: ["/scripts/init.sh"] + env: + - name: POD_INDEX + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + volumeMounts: + - name: valkey-data + mountPath: /data + - name: scripts + mountPath: /scripts + containers: + - name: postiz-valkey + image: docker.io/valkey/valkey:9.0.3 + imagePullPolicy: IfNotPresent + command: ["valkey-server"] + args: ["/data/conf/valkey.conf"] + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + env: + - name: POD_INDEX + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: VALKEY_LOGLEVEL + value: "notice" + ports: + - name: tcp + containerPort: 6379 + protocol: TCP + startupProbe: + exec: + command: ["sh", "-c", "valkey-cli ping"] + livenessProbe: + exec: + command: ["sh", "-c", "valkey-cli ping"] + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - name: valkey-data + mountPath: /data + - name: metrics + image: ghcr.io/oliver006/redis_exporter:v1.81.0 + imagePullPolicy: "IfNotPresent" + ports: + - name: metrics + containerPort: 9121 + startupProbe: + tcpSocket: + port: metrics + livenessProbe: + tcpSocket: + port: metrics + readinessProbe: + httpGet: + path: / + port: metrics + resources: + requests: + cpu: 10m + memory: 64M + env: + - name: REDIS_ALIAS + value: postiz-valkey + volumes: + - name: scripts + configMap: + name: postiz-valkey-init-scripts + defaultMode: 0555 diff --git a/clusters/cl01tl/manifests/stalwart/ConfigMap-stalwart-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/stalwart/ConfigMap-stalwart-valkey-init-scripts.yaml new file mode 100644 index 000000000..55e4aa591 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ConfigMap-stalwart-valkey-init-scripts.yaml @@ -0,0 +1,87 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stalwart-valkey-init-scripts + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm +data: + init.sh: |- + #!/bin/sh + set -eu + + # Default config paths + VALKEY_CONFIG=${VALKEY_CONFIG_PATH:-/data/conf/valkey.conf} + + LOGFILE="/data/init.log" + DATA_DIR="/data/conf" + + # Logging function (outputs to stderr and file) + log() { + echo "$(date) $1" | tee -a "$LOGFILE" >&2 + } + + # Clean old log if requested + if [ "${KEEP_OLD_LOGS:-false}" != "true" ]; then + rm -f "$LOGFILE" + fi + + if [ -f "$LOGFILE" ]; then + log "Detected restart of this instance ($HOSTNAME)" + fi + + log "Creating configuration in $DATA_DIR..." + mkdir -p "$DATA_DIR" + rm -f "$VALKEY_CONFIG" + + + # Base valkey.conf + log "Generating base valkey.conf" + { + echo "port 6379" + echo "protected-mode no" + echo "bind * -::*" + echo "dir /data" + } >>"$VALKEY_CONFIG" + # Replica mode configuration + log "Configuring replication mode" + + # Use POD_INDEX from Kubernetes metadata + POD_INDEX=${POD_INDEX:-0} + IS_MASTER=false + + # Check if this is pod-0 (master) + if [ "$POD_INDEX" = "0" ]; then + IS_MASTER=true + log "This pod (index $POD_INDEX) is configured as MASTER" + else + log "This pod (index $POD_INDEX) is configured as REPLICA" + fi + + # Configure replica settings + if [ "$IS_MASTER" = "false" ]; then + MASTER_HOST="stalwart-valkey-0.stalwart-valkey-headless.stalwart.svc.cluster.local" + MASTER_PORT="6379" + + log "Configuring replica to follow master at $MASTER_HOST:$MASTER_PORT" + + { + echo "" + echo "# Replica Configuration" + echo "replicaof $MASTER_HOST $MASTER_PORT" + echo "replica-announce-ip stalwart-valkey-$POD_INDEX.stalwart-valkey-headless.stalwart.svc.cluster.local" + } >>"$VALKEY_CONFIG" + fi + + # Append extra configs if present + if [ -f /usr/local/etc/valkey/valkey.conf ]; then + log "Appending /usr/local/etc/valkey/valkey.conf" + cat /usr/local/etc/valkey/valkey.conf >>"$VALKEY_CONFIG" + fi + if [ -d /extravalkeyconfigs ]; then + log "Appending files in /extravalkeyconfigs/" + cat /extravalkeyconfigs/* >>"$VALKEY_CONFIG" + fi diff --git a/clusters/cl01tl/manifests/stalwart/PodMonitor-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/PodMonitor-stalwart-valkey.yaml new file mode 100644 index 000000000..0fbeeeb59 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/PodMonitor-stalwart-valkey.yaml @@ -0,0 +1,23 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: stalwart-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey + app.kubernetes.io/component: podmonitor +spec: + podMetricsEndpoints: + - port: metrics + interval: 30s + namespaceSelector: + matchNames: + - stalwart + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart diff --git a/clusters/cl01tl/manifests/stalwart/PrometheusRule-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/PrometheusRule-stalwart-valkey.yaml new file mode 100644 index 000000000..9d95ad260 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/PrometheusRule-stalwart-valkey.yaml @@ -0,0 +1,47 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: stalwart-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey +spec: + groups: + - name: stalwart-valkey + rules: + - alert: ValkeyDown + annotations: + description: Valkey instance {{ $labels.instance }} is down. + summary: Valkey instance {{ $labels.instance }} down + expr: | + redis_up{service="stalwart-valkey-metrics"} == 0 + for: 2m + labels: + severity: error + - alert: ValkeyMemoryHigh + annotations: + description: | + Valkey instance {{ $labels.instance }} is using {{ $value }}% of its available memory. + summary: Valkey instance {{ $labels.instance }} is using too much memory + expr: | + redis_memory_used_bytes{service="stalwart-valkey-metrics"} * 100 + / + redis_memory_max_bytes{service="stalwart-valkey-metrics"} + > 90 <= 100 + for: 2m + labels: + severity: error + - alert: ValkeyKeyEviction + annotations: + description: | + Valkey instance {{ $labels.instance }} has evicted {{ $value }} keys in the last 5 minutes. + summary: Valkey instance {{ $labels.instance }} has evicted keys + expr: | + increase(redis_evicted_keys_total{service="stalwart-valkey-metrics"}[5m]) > 0 + for: 1s + labels: + severity: error diff --git a/clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml b/clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml deleted file mode 100644 index 64480c7e7..000000000 --- a/clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-stalwart - namespace: stalwart - labels: - helm.sh/chart: redis-replication-1.1.0 - app.kubernetes.io/version: "1.1.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis-replication-stalwart - app.kubernetes.io/instance: stalwart - app.kubernetes.io/part-of: stalwart -spec: - clusterSize: 3 - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 - kubernetesConfig: - image: "quay.io/opstree/redis:v8.4.2" - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 32Mi - storage: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: ceph-block - redisExporter: - enabled: true - image: "quay.io/opstree/redis-exporter:v1.81.0" - sentinel: - image: "quay.io/opstree/redis-sentinel:v8.4.2" - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 32Mi - size: 3 diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-headless.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-headless.yaml new file mode 100644 index 000000000..03bccfb21 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-headless.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: stalwart-valkey-headless + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: headless +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: tcp + port: 6379 + targetPort: tcp + protocol: TCP + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-metrics.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-metrics.yaml new file mode 100644 index 000000000..3acad5563 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-metrics.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: stalwart-valkey-metrics + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: valkey + annotations: +spec: + type: ClusterIP + ports: + - name: metrics + port: 9121 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-read.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-read.yaml new file mode 100644 index 000000000..c1892fc72 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-read.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: stalwart-valkey-read + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: read +spec: + type: ClusterIP + ports: + - name: tcp + port: 6379 + targetPort: tcp + protocol: TCP + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey.yaml new file mode 100644 index 000000000..34479d96b --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: stalwart-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: primary +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: tcp + protocol: TCP + name: tcp + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + statefulset.kubernetes.io/pod-name: stalwart-valkey-0 diff --git a/clusters/cl01tl/manifests/stalwart/ServiceAccount-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/ServiceAccount-stalwart-valkey.yaml new file mode 100644 index 000000000..115e027fe --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ServiceAccount-stalwart-valkey.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: stalwart-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/stalwart/ServiceMonitor-redis-replication-stalwart.yaml b/clusters/cl01tl/manifests/stalwart/ServiceMonitor-redis-replication-stalwart.yaml deleted file mode 100644 index e16d3b080..000000000 --- a/clusters/cl01tl/manifests/stalwart/ServiceMonitor-redis-replication-stalwart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-stalwart - namespace: stalwart - labels: - helm.sh/chart: redis-replication-1.1.0 - app.kubernetes.io/version: "1.1.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis-replication-stalwart - app.kubernetes.io/instance: stalwart - app.kubernetes.io/part-of: stalwart -spec: - selector: - matchLabels: - app: redis-replication-stalwart - redis_setup_type: replication - role: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/stalwart/ServiceMonitor-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/ServiceMonitor-stalwart-valkey.yaml new file mode 100644 index 000000000..a33baae99 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ServiceMonitor-stalwart-valkey.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: stalwart-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey + app.kubernetes.io/component: service-monitor +spec: + endpoints: + - port: metrics + interval: 30s + namespaceSelector: + matchNames: + - stalwart + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/component: metrics diff --git a/clusters/cl01tl/manifests/stalwart/StatefulSet-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/StatefulSet-stalwart-valkey.yaml new file mode 100644 index 000000000..01570866b --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/StatefulSet-stalwart-valkey.yaml @@ -0,0 +1,129 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: stalwart-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm +spec: + serviceName: stalwart-valkey-headless + replicas: 3 + podManagementPolicy: OrderedReady + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + volumeClaimTemplates: + - metadata: + name: valkey-data + spec: + accessModes: + - ReadWriteOnce + storageClassName: "ceph-block" + resources: + requests: + storage: "1Gi" + template: + metadata: + labels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: stalwart + annotations: + checksum/initconfig: "0b239a281121e840428928da1c5cc8f7" + spec: + automountServiceAccountToken: false + serviceAccountName: stalwart-valkey + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + initContainers: + - name: stalwart-valkey-init + image: docker.io/valkey/valkey:9.0.3 + imagePullPolicy: IfNotPresent + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + command: ["/scripts/init.sh"] + env: + - name: POD_INDEX + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + volumeMounts: + - name: valkey-data + mountPath: /data + - name: scripts + mountPath: /scripts + containers: + - name: stalwart-valkey + image: docker.io/valkey/valkey:9.0.3 + imagePullPolicy: IfNotPresent + command: ["valkey-server"] + args: ["/data/conf/valkey.conf"] + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + env: + - name: POD_INDEX + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: VALKEY_LOGLEVEL + value: "notice" + ports: + - name: tcp + containerPort: 6379 + protocol: TCP + startupProbe: + exec: + command: ["sh", "-c", "valkey-cli ping"] + livenessProbe: + exec: + command: ["sh", "-c", "valkey-cli ping"] + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - name: valkey-data + mountPath: /data + - name: metrics + image: ghcr.io/oliver006/redis_exporter:v1.81.0 + imagePullPolicy: "IfNotPresent" + ports: + - name: metrics + containerPort: 9121 + startupProbe: + tcpSocket: + port: metrics + livenessProbe: + tcpSocket: + port: metrics + readinessProbe: + httpGet: + path: / + port: metrics + resources: + requests: + cpu: 10m + memory: 64M + env: + - name: REDIS_ALIAS + value: stalwart-valkey + volumes: + - name: scripts + configMap: + name: stalwart-valkey-init-scripts + defaultMode: 0555