From 6807102284b57c6d2a8d4ae0e75f0f41b8292b3c Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Thu, 19 Dec 2024 12:34:27 -0500 Subject: [PATCH 01/21] go: upgraded golang.org/x/net v0.32.0 => v0.33.0 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index d56d9c0..18ba9c5 100644 --- a/go.mod +++ b/go.mod @@ -53,7 +53,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect diff --git a/go.sum b/go.sum index 52927fb..31711d2 100644 --- a/go.sum +++ b/go.sum @@ -119,6 +119,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 3456c42cb36986c423076223aaffb673b57b0ddb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 12:49:48 +0000 Subject: [PATCH 02/21] build(deps): bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.22.0 to 2.22.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.22.0...v2.22.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 14 ++++++-------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 18ba9c5..b366ed5 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ toolchain go1.23.4 require ( github.com/cert-manager/cert-manager v1.16.2 - github.com/onsi/ginkgo/v2 v2.22.0 + github.com/onsi/ginkgo/v2 v2.22.1 github.com/onsi/gomega v1.36.1 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 github.com/valkey-io/valkey-go v1.0.51 @@ -34,7 +34,7 @@ require ( github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/uuid v1.6.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -59,7 +59,7 @@ require ( golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.7.0 // indirect - golang.org/x/tools v0.26.0 // indirect + golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.35.1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect diff --git a/go.sum b/go.sum index 31711d2..f549e1c 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -67,8 +67,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -117,8 +117,6 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= @@ -143,8 +141,8 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 217a4bea9e4da3b8526ee2c0ceac66c45781ac66 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 12:42:06 +0000 Subject: [PATCH 03/21] build(deps): bump github.com/onsi/gomega from 1.36.1 to 1.36.2 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.36.1 to 1.36.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.36.1...v1.36.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index b366ed5..582d74f 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ toolchain go1.23.4 require ( github.com/cert-manager/cert-manager v1.16.2 github.com/onsi/ginkgo/v2 v2.22.1 - github.com/onsi/gomega v1.36.1 + github.com/onsi/gomega v1.36.2 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 github.com/valkey-io/valkey-go v1.0.51 k8s.io/api v0.32.0 @@ -61,7 +61,7 @@ require ( golang.org/x/time v0.7.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.35.1 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index f549e1c..0f990ed 100644 --- a/go.sum +++ b/go.sum @@ -69,8 +69,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= -github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= -github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -149,8 +149,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From f61ef27e5e74e0be029b0ac07a64ece6c9c9b4ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 13:08:56 +0000 Subject: [PATCH 04/21] build(deps): bump github.com/valkey-io/valkey-go from 1.0.51 to 1.0.52 Bumps [github.com/valkey-io/valkey-go](https://github.com/valkey-io/valkey-go) from 1.0.51 to 1.0.52. - [Release notes](https://github.com/valkey-io/valkey-go/releases) - [Commits](https://github.com/valkey-io/valkey-go/compare/v1.0.51...v1.0.52) --- updated-dependencies: - dependency-name: github.com/valkey-io/valkey-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 582d74f..e65eaef 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/onsi/ginkgo/v2 v2.22.1 github.com/onsi/gomega v1.36.2 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 - github.com/valkey-io/valkey-go v1.0.51 + github.com/valkey-io/valkey-go v1.0.52 k8s.io/api v0.32.0 k8s.io/apimachinery v0.32.0 k8s.io/client-go v0.32.0 diff --git a/go.sum b/go.sum index 0f990ed..f60e05e 100644 --- a/go.sum +++ b/go.sum @@ -94,8 +94,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/valkey-io/valkey-go v1.0.51 h1:qioDrTBplnkWLK5TrUq0rkuIv7HUL/RPJU/79wB93Lg= -github.com/valkey-io/valkey-go v1.0.51/go.mod h1:BXlVAPIL9rFQinSFM+N32JfWzfCaUAqBpZkc4vPY6fM= +github.com/valkey-io/valkey-go v1.0.52 h1:ojrR736satGucqpllYzal8fUrNNROc11V10zokAyIYg= +github.com/valkey-io/valkey-go v1.0.52/go.mod h1:BXlVAPIL9rFQinSFM+N32JfWzfCaUAqBpZkc4vPY6fM= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From 6e1d2f277627e8c79c0c9515f727ad95693c1b22 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Fri, 27 Dec 2024 15:36:39 -0500 Subject: [PATCH 05/21] feat: Modify CRD to support pre-setting service-password --- api/v1/valkey_types.go | 3 +++ api/v1/zz_generated.deepcopy.go | 5 +++++ config/crd/bases/hyperspike.io_valkeys.yaml | 23 +++++++++++++++++++++ internal/controller/valkey_controller.go | 22 ++++++++++++++++++++ 4 files changed, 53 insertions(+) diff --git a/api/v1/valkey_types.go b/api/v1/valkey_types.go index c4a785d..fe8bae0 100644 --- a/api/v1/valkey_types.go +++ b/api/v1/valkey_types.go @@ -75,6 +75,9 @@ type ValkeySpec struct { // External access configuration ExternalAccess *ExternalAccess `json:"externalAccess,omitempty"` + + // Service Password + ServicePassword *corev1.SecretKeySelector `json:"servicePassword,omitempty"` } // ExternalAccess defines the external access configuration diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 29143da..cc115cd 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -189,6 +189,11 @@ func (in *ValkeySpec) DeepCopyInto(out *ValkeySpec) { *out = new(ExternalAccess) (*in).DeepCopyInto(*out) } + if in.ServicePassword != nil { + in, out := &in.ServicePassword, &out.ServicePassword + *out = new(corev1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValkeySpec. diff --git a/config/crd/bases/hyperspike.io_valkeys.yaml b/config/crd/bases/hyperspike.io_valkeys.yaml index e803555..4a79d43 100644 --- a/config/crd/bases/hyperspike.io_valkeys.yaml +++ b/config/crd/bases/hyperspike.io_valkeys.yaml @@ -286,6 +286,29 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + servicePassword: + description: Service Password + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic storage: description: Persistent volume claim properties: diff --git a/internal/controller/valkey_controller.go b/internal/controller/valkey_controller.go index 06ba1c5..3d4a3fd 100644 --- a/internal/controller/valkey_controller.go +++ b/internal/controller/valkey_controller.go @@ -1185,9 +1185,31 @@ func (r *ValkeyReconciler) upsertCertificate(ctx context.Context, valkey *hyperv return nil } +func (r *ValkeyReconciler) getServicePassword(ctx context.Context, valkey *hyperv1.Valkey) (string, error) { + logger := log.FromContext(ctx) + + secret := &corev1.Secret{} + err := r.Get(ctx, types.NamespacedName{Namespace: valkey.Namespace, Name: valkey.Spec.ServicePassword.Name}, secret) + if err != nil { + logger.Error(err, "failed to fetch secret", "name", valkey.Spec.ServicePassword.Name) + return "", err + } + if secret.Data == nil { + return "", fmt.Errorf("secret %s/%s is empty", valkey.Namespace, valkey.Spec.ServicePassword.Name) + } + if secret.Data[valkey.Spec.ServicePassword.Key] == nil { + return "", fmt.Errorf("key %s is empty in secret %s/%s", valkey.Spec.ServicePassword.Key, valkey.Namespace, valkey.Spec.ServicePassword.Name) + } + return string(secret.Data[valkey.Spec.ServicePassword.Key]), nil +} + func (r *ValkeyReconciler) upsertSecret(ctx context.Context, valkey *hyperv1.Valkey, once bool) (string, error) { logger := log.FromContext(ctx) + if valkey.Spec.ServicePassword != nil { + return r.getServicePassword(ctx, valkey) + } + logger.Info("upserting secret") rs, err := randString(16) if err != nil { From 49afaf1e60772e9a62ec954eca0e8566b8af9046 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 12:44:20 +0000 Subject: [PATCH 06/21] build(deps): bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.22.1 to 2.22.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.22.1...v2.22.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e65eaef..89a9ba1 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ toolchain go1.23.4 require ( github.com/cert-manager/cert-manager v1.16.2 - github.com/onsi/ginkgo/v2 v2.22.1 + github.com/onsi/ginkgo/v2 v2.22.2 github.com/onsi/gomega v1.36.2 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 github.com/valkey-io/valkey-go v1.0.52 diff --git a/go.sum b/go.sum index f60e05e..18c2320 100644 --- a/go.sum +++ b/go.sum @@ -67,8 +67,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= -github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= +github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= +github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 0f6b673c04adac77cdb3ac82f8af1473455e8aaf Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Tue, 31 Dec 2024 09:10:34 -0500 Subject: [PATCH 07/21] feat: Github Attestation for image and image.yaml --- .github/workflows/image.yaml | 8 ++++++++ .github/workflows/publish.yaml | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 166f08e..591da12 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -68,6 +68,14 @@ jobs: run: | cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }}@${{ steps.docker_build.outputs.digest }} + - name: Attest + uses: actions/attest-build-provenance@v2 + id: attest + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.docker_build.outputs.digest }} + push-to-registry: true + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 1cbc2b6..e2bbe64 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -38,6 +38,12 @@ jobs: check-latest: true - name: Build Installer run: make build-installer IMG=ghcr.io/hyperspike/valkey-operator:${{ github.ref_name }} + - name: Attest + uses: actions/attest-build-provenance@v2 + id: attest + with: + subject-path: | + dist/install.yaml - name: Upload dist/install.yaml to release uses: svenstaro/upload-release-action@v2 with: From 8fd40e5cbe5baabab10d5a0363a3ca388150f295 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Tue, 31 Dec 2024 09:23:12 -0500 Subject: [PATCH 08/21] update action permissions --- .github/workflows/image.yaml | 1 + .github/workflows/publish.yaml | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 591da12..97f5929 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -22,6 +22,7 @@ jobs: packages: write id-token: write security-events: write + attestations: write steps: - name: Checkout repository diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e2bbe64..cf4ceaa 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -28,6 +28,11 @@ jobs: runs-on: ubuntu-latest needs: publish name: Upload release assets + permissions: + contents: write + packages: write + id-token: write + attestations: write steps: - name: Checkout uses: actions/checkout@v4 From 8c5dbe0139fcd57ceeec9b55953afca028214740 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Tue, 7 Jan 2025 10:38:21 -0500 Subject: [PATCH 09/21] chore: update testing rig versions cilium to 1.16.5 kubernetes to 1.32.0 --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 2d51dcf..5d32b22 100644 --- a/Makefile +++ b/Makefile @@ -27,9 +27,9 @@ CONTAINER_TOOL ?= docker SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec -K8S_VERSION ?= 1.31.3 +K8S_VERSION ?= 1.32.0 ENVTEST_K8S_VERSION = $(K8S_VERSION) -CILIUM_VERSION ?= 1.16.4 +CILIUM_VERSION ?= 1.16.5 V ?= 0 ifeq ($(V), 1) From 1ecf120749403a43cdffdbc3300c97df95310d1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:54:09 +0000 Subject: [PATCH 10/21] build(deps): bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.19.4 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.19.3 to 0.19.4. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.19.3...v0.19.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 3 ++- go.sum | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 89a9ba1..7c38a01 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( k8s.io/api v0.32.0 k8s.io/apimachinery v0.32.0 k8s.io/client-go v0.32.0 - sigs.k8s.io/controller-runtime v0.19.3 + sigs.k8s.io/controller-runtime v0.19.4 ) require ( @@ -22,6 +22,7 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect diff --git a/go.sum b/go.sum index 18c2320..01ae160 100644 --- a/go.sum +++ b/go.sum @@ -14,6 +14,8 @@ github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lSh github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= @@ -174,8 +176,8 @@ k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJ k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= -sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= +sigs.k8s.io/controller-runtime v0.19.4 h1:SUmheabttt0nx8uJtoII4oIP27BVVvAKFvdvGFwV/Qo= +sigs.k8s.io/controller-runtime v0.19.4/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= From 75408dd24bedd394ce061d981d337560fc39d64b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:46:00 +0000 Subject: [PATCH 11/21] build(deps): bump docker/build-push-action from 6.10.0 to 6.11.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.10.0 to 6.11.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/48aba3b46d1b1fec4febb7c5d0c644b249a11355...b32b51a8eda65d6793cd0494a773d4f6bcef32dc) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 97f5929..33fbb39 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -53,7 +53,7 @@ jobs: run: make V=1 - name: Build and push Docker image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc id: docker_build with: context: . From c70b6c22b208e8fac92c95b949c40432b2cd6b02 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Wed, 8 Jan 2025 16:37:29 -0500 Subject: [PATCH 12/21] Build out sidecar infrastructure (#125) * save work * more setup * pass valkey version * Fix build variables * embed versions * scan new dockerfiles * set package versions * set workdir instead of 'cd' * fix gosec, and image tag * make the linter happy * try adding trivy in scan * fix dockerfile arg * minor fix * test * set tags * test * Scan only valkey * missing : * force it * no metadata neeeded now * clean-up image builder * sidecar to be a cobra binary * fix misspelling and error check * fix valkey building * just need to test * eliminate need for bitnami image * appease the linter gods --- .github/workflows/image.yaml | 54 +++- .github/workflows/scan.yaml | 35 ++- .gitignore | 3 +- .golangci.yml | 3 + Dockerfile | 33 --- Dockerfile.controller | 5 + Dockerfile.sidecar | 6 + Dockerfile.valkey | 35 +++ Makefile | 56 +++- cfg/config.go | 15 +- cmd/{ => manager}/main.go | 8 +- cmd/sidecar/bootstrap.go | 19 ++ cmd/sidecar/daemon.go | 264 ++++++++++++++++++ cmd/sidecar/root.go | 17 ++ cmd/sidecar/version.go | 33 +++ config/manager/kustomization.yaml | 4 +- config/manager/manager.yaml | 4 +- go.mod | 12 +- go.sum | 24 +- hack/prometheus.yaml | 2 +- .../scripts/{default.conf => valkey.conf} | 28 +- internal/controller/valkey_controller.go | 256 ++++++++++++++--- internal/sidecar/init.go | 37 +++ 23 files changed, 824 insertions(+), 129 deletions(-) delete mode 100644 Dockerfile create mode 100644 Dockerfile.controller create mode 100644 Dockerfile.sidecar create mode 100644 Dockerfile.valkey rename cmd/{ => manager}/main.go (99%) create mode 100644 cmd/sidecar/bootstrap.go create mode 100644 cmd/sidecar/daemon.go create mode 100644 cmd/sidecar/root.go create mode 100644 cmd/sidecar/version.go rename internal/controller/scripts/{default.conf => valkey.conf} (99%) create mode 100644 internal/sidecar/init.go diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 33fbb39..6d1968a 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -13,6 +13,7 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} + VALKEY_VERSION: 8.0.1 jobs: build-and-push-image: @@ -35,16 +36,26 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta + - name: Extract metadata (Controller tags, labels) for Docker + id: meta_controller uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }} + - name: Extract metadata (Sidecar tags, labels) for Docker + id: meta_sidecar + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + with: + images: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }} + - name: Extract metadata (Valkey tags, labels) for Docker + id: meta_valkey + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + with: + images: ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }} - name: Setup Go ${{ matrix.go-version }} uses: actions/setup-go@v5 with: - go-version: 1.22 + go-version: 1.23 # You can test your matrix by printing the current Go version - name: Display Go version run: go version @@ -54,20 +65,47 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc - id: docker_build + id: docker_build_controller + with: + file: Dockerfile.controller + context: . + push: true + visibility: public + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }} + labels: ${{ steps.meta_manager.outputs.labels }} + - name: Build and push Sidecar image + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + id: docker_build_sidecar with: + file: Dockerfile.sidecar context: . push: true visibility: public - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }} + labels: ${{ steps.meta_sidecar.outputs.labels }} + - name: Build and push Valkey image + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + id: docker_build_valkey + with: + file: Dockerfile.valkey + context: . + push: true + visibility: public + tags: ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }} + labels: ${{ steps.meta_valkey.outputs.labels }} - name: Set up Cosign uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - - name: Sign image with GitHub OIDC Token + - name: Sign Controller image with GitHub OIDC Token + run: | + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }}@${{ steps.docker_build_controller.outputs.digest }} + - name: Sign Sidecar image with GitHub OIDC Token + run: | + cosign sign --yes ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }}@${{ steps.docker_build_sidecar.outputs.digest }} + - name: Sign Valkey image with GitHub OIDC Token run: | - cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }}@${{ steps.docker_build.outputs.digest }} + cosign sign --yes ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }}@${{ steps.docker_build_valkey.outputs.digest }} - name: Attest uses: actions/attest-build-provenance@v2 diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 53306ec..6fb520e 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -8,6 +8,9 @@ on: - main pull_request: +env: + REGISTRY: ghcr.io + permissions: contents: read security-events: write @@ -20,7 +23,13 @@ jobs: - uses: actions/checkout@v4 - uses: hadolint/hadolint-action@v3.1.0 with: - dockerfile: Dockerfile + dockerfile: Dockerfile.valkey + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile.controller + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile.sidecar gosec: runs-on: ubuntu-latest steps: @@ -68,3 +77,27 @@ jobs: # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. # skip-build-cache: true + trivy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Build the Valkey image + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + id: docker_build_valkey + with: + file: Dockerfile.valkey + context: . + push: false + tags: ${{ env.REGISTRY }}/hyperspike/valkey:${{ github.SHA }} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/hyperspike/valkey:${{ github.SHA }} + format: 'sarif' + output: 'trivy-results.sarif' + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + if: always() + with: + sarif_file: trivy-results.sarif diff --git a/.gitignore b/.gitignore index 1b2e677..54a5daa 100644 --- a/.gitignore +++ b/.gitignore @@ -32,6 +32,7 @@ go.work .ingress.yaml blank.yaml cilium/ -manager +/manager +/sidecar valkey-operator/ valkey-operator-*-chart.tgz diff --git a/.golangci.yml b/.golangci.yml index 38a4f2a..5aed2c0 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -39,3 +39,6 @@ linters: - unconvert - unparam - unused +linters-settings: + lll: + line-length: 256 diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 902e921..0000000 --- a/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -# Build the manager binary -#FROM golang:1.22 AS builder -#ARG TARGETOS -#ARG TARGETARCH - -#WORKDIR /workspace -# Copy the Go Modules manifests -#COPY go.mod go.mod -#COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -#RUN go mod download - -# Copy the go source -#COPY cmd/main.go cmd/main.go -#COPY api/ api/ -#COPY internal/controller/ internal/controller/ - -# Build -# the GOARCH has not a default value to allow the binary be built according to the host where the command -# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO -# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, -# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. -#RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go - -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -#WORKDIR / -COPY manager /manager -USER 65532:65532 - -ENTRYPOINT ["/manager"] diff --git a/Dockerfile.controller b/Dockerfile.controller new file mode 100644 index 0000000..0c8c61f --- /dev/null +++ b/Dockerfile.controller @@ -0,0 +1,5 @@ +FROM gcr.io/distroless/static:nonroot +COPY manager /manager +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/Dockerfile.sidecar b/Dockerfile.sidecar new file mode 100644 index 0000000..119cd62 --- /dev/null +++ b/Dockerfile.sidecar @@ -0,0 +1,6 @@ +FROM gcr.io/distroless/static:nonroot + +COPY sidecar /sidecar +USER 65532:65532 + +ENTRYPOINT ["/sidecar"] diff --git a/Dockerfile.valkey b/Dockerfile.valkey new file mode 100644 index 0000000..6f97878 --- /dev/null +++ b/Dockerfile.valkey @@ -0,0 +1,35 @@ +FROM alpine:3.21.1 AS builder + +ARG VALKEY_VERSION=8.0.1 + +WORKDIR /home/valkey + +RUN apk add --no-cache --virtual .build-deps \ + git=2.47.1-r0 \ + coreutils=9.5-r2 \ + linux-headers=6.6-r1 \ + musl-dev=1.2.5-r8 \ + openssl-dev=3.3.2-r4 \ + gcc=14.2.0-r4 \ + curl=8.11.1-r0 \ + make=4.4.1-r2 \ + && curl -L https://github.com/valkey-io/valkey/archive/refs/tags/${VALKEY_VERSION}.tar.gz -o valkey.tar.gz \ + && tar -xzf valkey.tar.gz --strip-components=1 \ + && make PREFIX=/usr BUILD_TLS=yes \ + && make install BUILD_TLS=yes PREFIX=/home/valkey/build + +FROM alpine:3.21.1 AS valkey + +RUN apk add --no-cache \ + openssl=3.3.2-r4 \ + ca-certificates=20241121-r1 \ + && addgroup -S valkey -g 1009 \ + && adduser -S -G valkey valkey -u 1009 \ + && mkdir /etc/valkey \ + && chown valkey:valkey /etc/valkey \ + && mkdir /var/lib/valkey \ + && chown valkey:valkey /var/lib/valkey + +COPY --from=builder /home/valkey/build/ /usr/ + +USER valkey diff --git a/Makefile b/Makefile index 5d32b22..f55a747 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,8 @@ # Image URL to use all building/pushing image targets -IMG ?= controller:latest +REGISTRY ?= ghcr.io/hyperspike +IMG_CONTROLLER ?= $(REGISTRY)/valkey-operator:$(VERSION) +IMG_SIDECAR ?= $(REGISTRY)/valkey-sidecar:$(VERSION) +IMG_VALKEY ?= $(REGISTRY)/valkey:$(VALKEY_VERSION) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) @@ -13,6 +16,7 @@ GO := $(shell which go) MINIKUBE := $(shell which minikube) KUBECTL := $(shell which kubectl) VERSION ?= $(shell if [ ! -z $$(git tag --points-at HEAD) ] ; then git tag --points-at HEAD|cat ; else git rev-parse --short HEAD|cat; fi ) +DATE ?= $(shell date -u +'%Y%m%d') SHA ?= $(shell git rev-parse --short HEAD) PKG ?= hyperspike.io/valkey-operator @@ -30,6 +34,7 @@ SHELL = /usr/bin/env bash -o pipefail K8S_VERSION ?= 1.32.0 ENVTEST_K8S_VERSION = $(K8S_VERSION) CILIUM_VERSION ?= 1.16.5 +VALKEY_VERSION ?= 8.0.2 V ?= 0 ifeq ($(V), 1) @@ -106,26 +111,47 @@ manager: manifests generate fmt vet ## Build manager binary. -trimpath \ -gcflags all="-N -l -trimpath=/src -trimpath=$(PWD)" \ -asmflags all="-trimpath=/src -trimpath=$(PWD)" \ - -ldflags "-s -w -X $(PKG)/cmd.Version=$(VERSION) -X $(PKG)/cmd.Commit=$(SHA)" \ + -ldflags "-s -w -X main.BuildDate=$(DATE) -X main.Version=$(VERSION) -X main.Commit=$(SHA) \ + -X $(PKG)/cfg.DefaultSidecarImage=$(IMG_SIDECAR) -X $(PKG)/cfg.DefaultValkeyImage=$(IMG_VALKEY)" \ -installsuffix cgo \ - -o $@ cmd/main.go + -o $@ ./cmd/manager/ -build: manager +sidecar: manifests generate fmt vet ## Build sidecar binary. + $QCGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GO) build $(VV) \ + -trimpath \ + -gcflags all="-N -l -trimpath=/src -trimpath=$(PWD)" \ + -asmflags all="-trimpath=/src -trimpath=$(PWD)" \ + -ldflags "-s -w -X main.BuildDate=$(DATE) -X main.Version=$(VERSION) -X main.Commit=$(SHA) \ + -X $(PKG)/cfg.DefaultSidecarImage=$(IMG_SIDECAR) -X $(PKG)/cfg.DefaultValkeyImage=$(IMG_VALKEY)" \ + -installsuffix cgo \ + -o $@ ./cmd/sidecar/ + +build: manager sidecar ## Build manager and sidecar binaries. .PHONY: run run: manifests generate fmt vet ## Run a controller from your host. - go run ./cmd/main.go + go run ./cmd/manager/main.go # If you wish to build the manager image targeting other platforms you can use the --platform flag. # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. # More info: https://docs.docker.com/develop/develop-images/build_enhancements/ -.PHONY: docker-build -docker-build: manager ## Build docker image with the manager. - $(CONTAINER_TOOL) build -t ${IMG} . +.PHONY: docker-build docker-build-manager docker-build-sidecar docker-build-valkey +docker-build-manager: manager ## Build docker image with the manager. + $(CONTAINER_TOOL) build -t ${IMG_CONTROLLER} -f Dockerfile.controller . + +docker-build-sidecar: sidecar ## Build docker image with the sidecar binary. + $(CONTAINER_TOOL) build -t ${IMG_SIDECAR} -f Dockerfile.sidecar . + +docker-build-valkey: ## Build docker image with the valkey binary. + $(CONTAINER_TOOL) build -t ${IMG_VALKEY} --build-arg VALKEY_VERSION=$(VALKEY_VERSION) -f Dockerfile.valkey . + +docker-build: docker-build-manager docker-build-sidecar docker-build-valkey ## Build docker image with the manager, sidecar and valkey binaries. .PHONY: docker-push docker-push: ## Push docker image with the manager. - $(CONTAINER_TOOL) push ${IMG} + $(CONTAINER_TOOL) push ${IMG_CONTROLLER} + $(CONTAINER_TOOL) push ${IMG_SIDECAR} + $(CONTAINER_TOOL) push ${IMG_VALKEY} # PLATFORMS defines the target platforms for the manager image be built to provide support to multiple # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: @@ -137,17 +163,17 @@ PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le .PHONY: docker-buildx docker-buildx: ## Build and push docker image for the manager for cross-platform support # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile - sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile.controller > Dockerfile.controller.cross - $(CONTAINER_TOOL) buildx create --name valkey-operator-builder $(CONTAINER_TOOL) buildx use valkey-operator-builder - - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG_CONTROLLER} -f Dockerfile.controller.cross . - $(CONTAINER_TOOL) buildx rm valkey-operator-builder - rm Dockerfile.cross + rm Dockerfile.controller.cross .PHONY: build-installer build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. $Qmkdir -p dist - $Qcd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $Qcd config/manager && $(KUSTOMIZE) edit set image controller=${IMG_CONTROLLER} $Q$(KUSTOMIZE) build config/default > dist/install.yaml ##@ Deployment @@ -166,7 +192,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified .PHONY: deploy deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG_CONTROLLER} $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - .PHONY: undeploy @@ -223,7 +249,7 @@ HELM_VERSION ?= v3.15.4 GOSEC_VERSION ?= v2.20.0 helm-gen: manifests kustomize helmify ## Generate Helm chart from Kustomize manifests - $Qcd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $Qcd config/manager && $(KUSTOMIZE) edit set image controller=${IMG_CONTROLLER} $Q$(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir valkey-operator $Qsed s@\\\(app.kubernetes.io/name\\\)@\'\\\1\'@ -i valkey-operator/templates/deployment.yaml $Qsed s@\\\(app.kubernetes.io/instance\\\)@\'\\\1\'@ -i valkey-operator/templates/deployment.yaml diff --git a/cfg/config.go b/cfg/config.go index bf67f1f..0969472 100644 --- a/cfg/config.go +++ b/cfg/config.go @@ -1,8 +1,15 @@ package cfg +var ( + // Default Settings + DefaultSidecarImage string + DefaultValkeyImage string + DefaultNodes int = 3 +) + type Config struct { // The default clusterwide prometheus exporter image to use - ExporterImage string `json:"exporterImage"` + SidecarImage string `json:"exporterImage"` // The default clusterwide valkey image to use ValkeyImage string `json:"valkeyImage"` // The default number of nodes to use @@ -11,8 +18,8 @@ type Config struct { func Defaults() *Config { return &Config{ - ExporterImage: "docker.io/bitnami/redis-exporter:1.63.0-debian-12-r0", - ValkeyImage: "docker.io/bitnami/valkey-cluster:8.0.1-debian-12-r0", - Nodes: 3, + SidecarImage: DefaultSidecarImage, + ValkeyImage: DefaultValkeyImage, + Nodes: DefaultNodes, } } diff --git a/cmd/main.go b/cmd/manager/main.go similarity index 99% rename from cmd/main.go rename to cmd/manager/main.go index b04e567..124cdc3 100644 --- a/cmd/main.go +++ b/cmd/manager/main.go @@ -53,8 +53,10 @@ var ( setupLog = ctrl.Log.WithName("setup") ) -var Version string -var Commit string +var ( + Version string + Commit string +) func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) @@ -183,7 +185,7 @@ func main() { config := cfg.Defaults() for k, v := range cfgMap.Data { if k == "exporterImage" && v != "" { - config.ExporterImage = v + config.SidecarImage = v } if k == "valkeyImage" && v != "" { config.ValkeyImage = v diff --git a/cmd/sidecar/bootstrap.go b/cmd/sidecar/bootstrap.go new file mode 100644 index 0000000..b97899e --- /dev/null +++ b/cmd/sidecar/bootstrap.go @@ -0,0 +1,19 @@ +package main + +import ( + "github.com/spf13/cobra" + "hyperspike.io/valkey-operator/internal/sidecar" +) + +var bootstrapCmd = &cobra.Command{ + Use: "bootstrap", + Long: "Bootstrap", + Short: "Bootstrap", + Run: func(cmd *cobra.Command, args []string) { + sidecar.SetVolumePermissions() + }, +} + +func init() { + rootCmd.AddCommand(bootstrapCmd) +} diff --git a/cmd/sidecar/daemon.go b/cmd/sidecar/daemon.go new file mode 100644 index 0000000..efe0b33 --- /dev/null +++ b/cmd/sidecar/daemon.go @@ -0,0 +1,264 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package main + +import ( + "context" + "errors" + "flag" + "fmt" + "net/http" + "os" + "os/signal" + "runtime" + "strconv" + "syscall" + "time" + + "github.com/oliver006/redis_exporter/exporter" + "github.com/prometheus/client_golang/prometheus" + "github.com/spf13/cobra" + "go.uber.org/zap" +) + +var daemonCmd = &cobra.Command{ + Use: "daemon", + Short: "Start the Redis metrics exporter", + Long: `Start the Redis metrics exporter`, + Run: func(cmd *cobra.Command, args []string) { + daemon() + }, +} + +func init() { + rootCmd.AddCommand(daemonCmd) +} + +func getEnv(key string, defaultVal string) string { + if envVal, ok := os.LookupEnv(key); ok { + return envVal + } + return defaultVal +} + +func getEnvBool(key string, defaultVal bool) bool { + if envVal, ok := os.LookupEnv(key); ok { + envBool, err := strconv.ParseBool(envVal) + if err == nil { + return envBool + } + } + return defaultVal +} + +func getEnvInt64(key string, defaultVal int64) int64 { + if envVal, ok := os.LookupEnv(key); ok { + envInt64, err := strconv.ParseInt(envVal, 10, 64) + if err == nil { + return envInt64 + } + } + return defaultVal +} + +func daemon() { + log := zap.NewExample().Sugar() + defer func() { + if err := log.Sync(); err != nil { + fmt.Println("Error syncing log", err) + } + }() + var ( + redisAddr = flag.String("redis.addr", getEnv("REDIS_ADDR", "redis://localhost:6379"), "Address of the Redis instance to scrape") + redisUser = flag.String("redis.user", getEnv("REDIS_USER", ""), "User name to use for authentication (Redis ACL for Redis 6.0 and newer)") + redisPwd = flag.String("redis.password", getEnv("REDIS_PASSWORD", ""), "Password of the Redis instance to scrape") + redisPwdFile = flag.String("redis.password-file", getEnv("REDIS_PASSWORD_FILE", ""), "Password file of the Redis instance to scrape") + namespace = flag.String("namespace", getEnv("REDIS_EXPORTER_NAMESPACE", "redis"), "Namespace for metrics") + checkKeys = flag.String("check-keys", getEnv("REDIS_EXPORTER_CHECK_KEYS", ""), "Comma separated list of key-patterns to export value and length/size, searched for with SCAN") + checkSingleKeys = flag.String("check-single-keys", getEnv("REDIS_EXPORTER_CHECK_SINGLE_KEYS", ""), "Comma separated list of single keys to export value and length/size") + checkKeyGroups = flag.String("check-key-groups", getEnv("REDIS_EXPORTER_CHECK_KEY_GROUPS", ""), "Comma separated list of lua regex for grouping keys") + checkStreams = flag.String("check-streams", getEnv("REDIS_EXPORTER_CHECK_STREAMS", ""), "Comma separated list of stream-patterns to export info about streams, groups and consumers, searched for with SCAN") + checkSingleStreams = flag.String("check-single-streams", getEnv("REDIS_EXPORTER_CHECK_SINGLE_STREAMS", ""), "Comma separated list of single streams to export info about streams, groups and consumers") + streamsExcludeConsumerMetrics = flag.Bool("streams-exclude-consumer-metrics", getEnvBool("REDIS_EXPORTER_STREAMS_EXCLUDE_CONSUMER_METRICS", false), "Don't collect per consumer metrics for streams (decreases cardinality)") + countKeys = flag.String("count-keys", getEnv("REDIS_EXPORTER_COUNT_KEYS", ""), "Comma separated list of patterns to count (eg: 'db0=production_*,db3=sessions:*'), searched for with SCAN") + checkKeysBatchSize = flag.Int64("check-keys-batch-size", + getEnvInt64("REDIS_EXPORTER_CHECK_KEYS_BATCH_SIZE", 1000), + "Approximate number of keys to process in each execution, larger value speeds up scanning.\nWARNING: Still Redis is a single-threaded app, huge COUNT can affect production environment.") + listenAddress = flag.String("web.listen-address", getEnv("REDIS_EXPORTER_WEB_LISTEN_ADDRESS", ":9121"), "Address to listen on for web interface and telemetry.") + metricPath = flag.String("web.telemetry-path", getEnv("REDIS_EXPORTER_WEB_TELEMETRY_PATH", "/metrics"), "Path under which to expose metrics.") + configCommand = flag.String("config-command", getEnv("REDIS_EXPORTER_CONFIG_COMMAND", "CONFIG"), "What to use for the CONFIG command, set to \"-\" to skip config metrics extraction") + connectionTimeout = flag.String("connection-timeout", getEnv("REDIS_EXPORTER_CONNECTION_TIMEOUT", "15s"), "Timeout for connection to Redis instance") + tlsClientKeyFile = flag.String("tls-client-key-file", getEnv("REDIS_EXPORTER_TLS_CLIENT_KEY_FILE", ""), "Name of the client key file (including full path) if the server requires TLS client authentication") + tlsClientCertFile = flag.String("tls-client-cert-file", getEnv("REDIS_EXPORTER_TLS_CLIENT_CERT_FILE", ""), "Name of the client certificate file (including full path) if the server requires TLS client authentication") + tlsCaCertFile = flag.String("tls-ca-cert-file", getEnv("REDIS_EXPORTER_TLS_CA_CERT_FILE", ""), "Name of the CA certificate file (including full path) if the server requires TLS client authentication") + tlsServerKeyFile = flag.String("tls-server-key-file", getEnv("REDIS_EXPORTER_TLS_SERVER_KEY_FILE", ""), "Name of the server key file (including full path) if the web interface and telemetry should use TLS") + tlsServerCertFile = flag.String("tls-server-cert-file", getEnv("REDIS_EXPORTER_TLS_SERVER_CERT_FILE", ""), "Name of the server certificate file (including full path) if the web interface and telemetry should use TLS") + tlsServerCaCertFile = flag.String("tls-server-ca-cert-file", + getEnv("REDIS_EXPORTER_TLS_SERVER_CA_CERT_FILE", ""), + "Name of the CA certificate file (including full path) if the web interface and telemetry should require TLS client authentication") + tlsServerMinVersion = flag.String("tls-server-min-version", getEnv("REDIS_EXPORTER_TLS_SERVER_MIN_VERSION", "TLS1.2"), "Minimum TLS version that is acceptable by the web interface and telemetry when using TLS") + maxDistinctKeyGroups = flag.Int64("max-distinct-key-groups", + getEnvInt64("REDIS_EXPORTER_MAX_DISTINCT_KEY_GROUPS", 100), + "The maximum number of distinct key groups with the most memory utilization to present as distinct metrics per database, the leftover key groups will be aggregated in the 'overflow' bucket") + setClientName = flag.Bool("set-client-name", getEnvBool("REDIS_EXPORTER_SET_CLIENT_NAME", true), "Whether to set client name to redis_exporter") + isTile38 = flag.Bool("is-tile38", getEnvBool("REDIS_EXPORTER_IS_TILE38", false), "Whether to scrape Tile38 specific metrics") + isCluster = flag.Bool("is-cluster", getEnvBool("REDIS_EXPORTER_IS_CLUSTER", false), "Whether this is a redis cluster (Enable this if you need to fetch key level data on a Redis Cluster).") + exportClientList = flag.Bool("export-client-list", getEnvBool("REDIS_EXPORTER_EXPORT_CLIENT_LIST", false), "Whether to scrape Client List specific metrics") + exportClientPort = flag.Bool("export-client-port", + getEnvBool("REDIS_EXPORTER_EXPORT_CLIENT_PORT", false), + "Whether to include the client's port when exporting the client list. Warning: including the port increases the number of metrics generated and will make your Prometheus server take up more memory") + showVersion = flag.Bool("version", false, "Show version information and exit") + redisMetricsOnly = flag.Bool("redis-only-metrics", getEnvBool("REDIS_EXPORTER_REDIS_ONLY_METRICS", false), "Whether to also export go runtime metrics") + pingOnConnect = flag.Bool("ping-on-connect", getEnvBool("REDIS_EXPORTER_PING_ON_CONNECT", false), "Whether to ping the redis instance after connecting") + inclConfigMetrics = flag.Bool("include-config-metrics", getEnvBool("REDIS_EXPORTER_INCL_CONFIG_METRICS", false), "Whether to include all config settings as metrics") + inclModulesMetrics = flag.Bool("include-modules-metrics", getEnvBool("REDIS_EXPORTER_INCL_MODULES_METRICS", false), "Whether to collect Redis Modules metrics") + disableExportingKeyValues = flag.Bool("disable-exporting-key-values", getEnvBool("REDIS_EXPORTER_DISABLE_EXPORTING_KEY_VALUES", false), "Whether to disable values of keys stored in redis as labels or not when using check-keys/check-single-key") + excludeLatencyHistogramMetrics = flag.Bool("exclude-latency-histogram-metrics", getEnvBool("REDIS_EXPORTER_EXCLUDE_LATENCY_HISTOGRAM_METRICS", false), "Do not try to collect latency histogram metrics") + redactConfigMetrics = flag.Bool("redact-config-metrics", getEnvBool("REDIS_EXPORTER_REDACT_CONFIG_METRICS", true), "Whether to redact config settings that include potentially sensitive information like passwords") + inclSystemMetrics = flag.Bool("include-system-metrics", getEnvBool("REDIS_EXPORTER_INCL_SYSTEM_METRICS", false), "Whether to include system metrics like e.g. redis_total_system_memory_bytes") + skipTLSVerification = flag.Bool("skip-tls-verification", getEnvBool("REDIS_EXPORTER_SKIP_TLS_VERIFICATION", false), "Whether to to skip TLS verification") + ) + flag.Parse() + + log.Infof("Redis Metrics Exporter %s build date: %s sha1: %s Go: %s GOOS: %s GOARCH: %s", + Version, BuildDate, Commit, + runtime.Version(), + runtime.GOOS, + runtime.GOARCH, + ) + if *showVersion { + return + } + + to, err := time.ParseDuration(*connectionTimeout) + if err != nil { + log.Fatalf("Couldn't parse connection timeout duration, err: %s", err) + } + + passwordMap := make(map[string]string) + if *redisPwd == "" && *redisPwdFile != "" { + passwordMap, err = exporter.LoadPwdFile(*redisPwdFile) + if err != nil { + log.Fatalf("Error loading redis passwords from file %s, err: %s", *redisPwdFile, err) + } + } + + registry := prometheus.NewRegistry() + if !*redisMetricsOnly { + registry = prometheus.DefaultRegisterer.(*prometheus.Registry) + } + + exp, err := exporter.NewRedisExporter( + *redisAddr, + exporter.Options{ + User: *redisUser, + Password: *redisPwd, + PasswordMap: passwordMap, + Namespace: *namespace, + ConfigCommandName: *configCommand, + CheckKeys: *checkKeys, + CheckSingleKeys: *checkSingleKeys, + CheckKeysBatchSize: *checkKeysBatchSize, + CheckKeyGroups: *checkKeyGroups, + MaxDistinctKeyGroups: *maxDistinctKeyGroups, + CheckStreams: *checkStreams, + CheckSingleStreams: *checkSingleStreams, + StreamsExcludeConsumerMetrics: *streamsExcludeConsumerMetrics, + CountKeys: *countKeys, + InclSystemMetrics: *inclSystemMetrics, + InclConfigMetrics: *inclConfigMetrics, + DisableExportingKeyValues: *disableExportingKeyValues, + ExcludeLatencyHistogramMetrics: *excludeLatencyHistogramMetrics, + RedactConfigMetrics: *redactConfigMetrics, + SetClientName: *setClientName, + IsTile38: *isTile38, + IsCluster: *isCluster, + InclModulesMetrics: *inclModulesMetrics, + ExportClientList: *exportClientList, + ExportClientsInclPort: *exportClientPort, + SkipTLSVerification: *skipTLSVerification, + ClientCertFile: *tlsClientCertFile, + ClientKeyFile: *tlsClientKeyFile, + CaCertFile: *tlsCaCertFile, + ConnectionTimeouts: to, + MetricsPath: *metricPath, + RedisMetricsOnly: *redisMetricsOnly, + PingOnConnect: *pingOnConnect, + RedisPwdFile: *redisPwdFile, + Registry: registry, + BuildInfo: exporter.BuildInfo{ + Version: Version, + CommitSha: Commit, + Date: BuildDate, + }, + }, + ) + if err != nil { + log.Fatal(err) + } + + // Verify that initial client keypair and CA are accepted + if (*tlsClientCertFile != "") != (*tlsClientKeyFile != "") { + log.Fatal("TLS client key file and cert file should both be present") + } + _, err = exp.CreateClientTLSConfig() + if err != nil { + log.Fatal(err) + } + + log.Infof("Providing metrics at %s%s", *listenAddress, *metricPath) + log.Debugf("Configured redis addr: %#v", *redisAddr) + server := &http.Server{ + Addr: *listenAddress, + Handler: exp, + ReadTimeout: 5 * time.Second, + WriteTimeout: 10 * time.Second, + IdleTimeout: 120 * time.Second, + } + go func() { + if *tlsServerCertFile != "" && *tlsServerKeyFile != "" { + log.Debugf("Bind as TLS using cert %s and key %s", *tlsServerCertFile, *tlsServerKeyFile) + + tlsConfig, err := exp.CreateServerTLSConfig(*tlsServerCertFile, *tlsServerKeyFile, *tlsServerCaCertFile, *tlsServerMinVersion) + if err != nil { + log.Fatal(err) + } + server.TLSConfig = tlsConfig + if err := server.ListenAndServeTLS("", ""); err != nil && !errors.Is(err, http.ErrServerClosed) { + log.Fatalf("TLS Server error: %v", err) + } + } else { + if err := server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { + log.Fatalf("Server error: %v", err) + } + } + }() + + // graceful shutdown + quit := make(chan os.Signal, 1) + signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM) + _quit := <-quit + log.Infof("Received %s signal, exiting", _quit.String()) + // Create a context with a timeout + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Shutdown the HTTP server gracefully + if err := server.Shutdown(ctx); err != nil { + log.Fatalf("Server shutdown failed: %v", err) + } + log.Infof("Server shut down gracefully") +} diff --git a/cmd/sidecar/root.go b/cmd/sidecar/root.go new file mode 100644 index 0000000..4081e2d --- /dev/null +++ b/cmd/sidecar/root.go @@ -0,0 +1,17 @@ +package main + +import ( + "github.com/spf13/cobra" +) + +var rootCmd = &cobra.Command{ + Use: "sidecar", + Short: "The Valkey Sidecar", + Long: "A tool to manage Valkey clusters within Kubernetes", +} + +func main() { + if err := rootCmd.Execute(); err != nil { + panic(err) + } +} diff --git a/cmd/sidecar/version.go b/cmd/sidecar/version.go new file mode 100644 index 0000000..f011e18 --- /dev/null +++ b/cmd/sidecar/version.go @@ -0,0 +1,33 @@ +package main + +import ( + "fmt" + "runtime" + + "github.com/spf13/cobra" +) + +var ( + /* + BuildVersion, BuildDate, BuildCommitSha are filled in by the build script + */ + Version = "<<< filled in by build >>>" + BuildDate = "<<< filled in by build >>>" + Commit = "<<< filled in by build >>>" +) + +var versionCmd = &cobra.Command{ + Use: "version", + Short: "Print package versions", + Long: `Print package versions`, + Run: func(cmd *cobra.Command, args []string) { + fmt.Println("Version: ", Version) + fmt.Println("Build Date: ", BuildDate) + fmt.Println("Commit: ", Commit) + fmt.Println("Go Version: ", runtime.Version()) + }, +} + +func init() { + rootCmd.AddCommand(versionCmd) +} diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index a7564fb..462e391 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: localhost:5000/controller - newTag: "6" + newName: localhost:5000/valkey-operator + newTag: "31" diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index be75eb8..1496a4e 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -18,8 +18,8 @@ metadata: app.kubernetes.io/managed-by: kustomize data: nodes: "3" - valkeyImage: "docker.io/bitnami/valkey-cluster:8.0.1-debian-12-r0" - exporterImage: "docker.io/bitnami/redis-exporter:1.63.0-debian-12-r0" + valkeyImage: "ghcr.io/hyperspike/valkey:8.0.2" + exporterImage: "ghcr.io/hyperspike/valkey-sidecar:v0.0.46" --- apiVersion: apps/v1 kind: Deployment diff --git a/go.mod b/go.mod index 7c38a01..5655474 100644 --- a/go.mod +++ b/go.mod @@ -6,9 +6,13 @@ toolchain go1.23.4 require ( github.com/cert-manager/cert-manager v1.16.2 + github.com/oliver006/redis_exporter v1.66.0 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 + github.com/prometheus/client_golang v1.20.5 + github.com/spf13/cobra v1.8.1 + go.uber.org/zap v1.27.0 github.com/onsi/ginkgo/v2 v2.22.2 github.com/onsi/gomega v1.36.2 - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 github.com/valkey-io/valkey-go v1.0.52 k8s.io/api v0.32.0 k8s.io/apimachinery v0.32.0 @@ -32,27 +36,29 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/gomodule/redigo v1.9.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/uuid v1.6.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/mna/redisc v1.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.20.4 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect diff --git a/go.sum b/go.sum index 01ae160..2373ebc 100644 --- a/go.sum +++ b/go.sum @@ -4,6 +4,7 @@ github.com/cert-manager/cert-manager v1.16.2 h1:c9UU2E+8XWGruyvC/mdpc1wuLddtgmNr github.com/cert-manager/cert-manager v1.16.2/go.mod h1:MfLVTL45hFZsqmaT1O0+b2ugaNNQQZttSFV9hASHUb0= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -34,6 +35,9 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/gomodule/redigo v1.8.5/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= +github.com/gomodule/redigo v1.9.2 h1:HrutZBLhSIU8abiSfW8pj8mPhOyMYjZT/wcA4/L9L9s= +github.com/gomodule/redigo v1.9.2/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -46,6 +50,8 @@ github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/Z github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -62,6 +68,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mna/redisc v1.4.0 h1:rBKXyGO/39SGmYoRKCyzXcBpoMMKqkikg8E1G8YIfSA= +github.com/mna/redisc v1.4.0/go.mod h1:CplIoaSTDi5h9icnj4FLbRgHoNKCHDNJDVRztWDGeSQ= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -69,6 +77,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/oliver006/redis_exporter v1.66.0 h1:IokginIt2aIDb1FfKb+QTojDkrUMi64CfSHHzCzIUGE= +github.com/oliver006/redis_exporter v1.66.0/go.mod h1:xBNCR/4yiaRFT1iI/zS4Kq+AgPk/3f4qDxw4RtzzuzA= github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= @@ -80,8 +90,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 h1:DGv150w4UyxnjNHlkCw85R3+lspOxegtdnbpP2vKRrk= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2/go.mod h1:AVMP4QEW8xuGWnxaWSpI3kKjP9fDA31nO68zsyREJZA= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= @@ -90,10 +100,17 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/valkey-io/valkey-go v1.0.52 h1:ojrR736satGucqpllYzal8fUrNNROc11V10zokAyIYg= @@ -129,6 +146,7 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= @@ -160,6 +178,8 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= diff --git a/hack/prometheus.yaml b/hack/prometheus.yaml index 8f9c5f0..d39cf5d 100644 --- a/hack/prometheus.yaml +++ b/hack/prometheus.yaml @@ -51,7 +51,7 @@ kind: Prometheus metadata: name: prometheus spec: - image: quay.io/prometheus/prometheus:v3.0.0-beta.0 + image: quay.io/prometheus/prometheus:v3.0.0 serviceAccountName: prometheus serviceMonitorSelector: matchLabels: diff --git a/internal/controller/scripts/default.conf b/internal/controller/scripts/valkey.conf similarity index 99% rename from internal/controller/scripts/default.conf rename to internal/controller/scripts/valkey.conf index 43df58a..48787c7 100644 --- a/internal/controller/scripts/default.conf +++ b/internal/controller/scripts/valkey.conf @@ -84,7 +84,8 @@ # You will also need to set a password unless you explicitly disable protected # mode. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -bind 127.0.0.1 -::1 +#bind 127.0.0.1 -::1 +bind * -::* # By default, outgoing connections (from replica to master, from Sentinel to # instances, cluster bus, etc.) are not bound to a specific local address. In @@ -135,7 +136,7 @@ protected-mode yes # Accept connections on the specified port, default is 6379 (IANA #815344). # If port 0 is specified Valkey will not listen on a TCP socket. -port 6379 +#port 6379 # TCP listen() backlog. # @@ -190,15 +191,22 @@ tcp-keepalive 300 # directive can be used to define TLS-listening ports. To enable TLS on the # default port, use: # -# port 0 -# tls-port 6379 +{{ if .Spec.TLS }} +port 0 +tls-auth-clients no + +tls-cluster yes +tls-replication yes +tls-port 6379 +tls-cert-file /etc/valkey/certs/tls.crt +tls-key-file /etc/valkey/certs/tls.key +tls-ca-cert-file /etc/valkey/certs/ca.crt +{{ end }} # Configure a X.509 certificate and private key to use for authenticating the # server to connected clients, masters or cluster peers. These files should be # PEM formatted. # -# tls-cert-file valkey.crt -# tls-key-file valkey.key # # If the key file is encrypted using a passphrase, it can be included here # as well. @@ -232,8 +240,6 @@ tcp-keepalive 300 # clients and peers. Valkey requires an explicit configuration of at least one # of these, and will not implicitly use the system wide configuration. # -# tls-ca-cert-file ca.crt -# tls-ca-cert-dir /etc/ssl/certs # By default, clients (including replica servers) on a TLS port are required # to authenticate using valid client side certificates. @@ -337,7 +343,7 @@ daemonize no # # Note that on modern Linux systems "/run/valkey.pid" is more conforming # and should be used instead. -pidfile /opt/bitnami/valkey/tmp/valkey_6379.pid +pidfile /tmp/valkey_6379.pid # Specify the server verbosity level. # This can be one of: @@ -500,7 +506,7 @@ rdb-del-sync-files no # The Append Only File will also be created inside this directory. # # Note that you must specify a directory here, not a file name. -dir /bitnami/valkey/data +dir /data ################################# REPLICATION ################################# @@ -1571,7 +1577,7 @@ cluster-enabled yes # Make sure that instances running in the same system do not have # overlapping cluster configuration file names. # -cluster-config-file /bitnami/valkey/data/nodes.conf +cluster-config-file /data/nodes.conf # Cluster node timeout is the amount of milliseconds a node must be unreachable # for it to be considered in failure state. diff --git a/internal/controller/valkey_controller.go b/internal/controller/valkey_controller.go index 3d4a3fd..c0274b5 100644 --- a/internal/controller/valkey_controller.go +++ b/internal/controller/valkey_controller.go @@ -17,6 +17,7 @@ limitations under the License. package controller import ( + "bytes" "context" "crypto/rand" "crypto/tls" @@ -27,7 +28,9 @@ import ( "math/big" "net" "os" + "strconv" "strings" + "text/template" "time" valkeyClient "github.com/valkey-io/valkey-go" @@ -192,6 +195,9 @@ func (r *ValkeyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr if err := r.upsertStatefulSet(ctx, valkey); err != nil { return ctrl.Result{}, err } + if err := r.initCluster(ctx, valkey); err != nil { + return ctrl.Result{Requeue: true, RequeueAfter: time.Second * 3}, err + } if err := r.checkState(ctx, valkey, password); err != nil { return ctrl.Result{Requeue: true, RequeueAfter: time.Second * 3}, nil } @@ -346,9 +352,19 @@ func (r *ValkeyReconciler) upsertConfigMap(ctx context.Context, valkey *hyperv1. logger.Info("upserting configmap") - defaultConf, err := scripts.ReadFile("scripts/default.conf") + defaultConfTmpl, err := scripts.ReadFile("scripts/valkey.conf") + if err != nil { + logger.Error(err, "failed to read valkey.conf") + return err + } + confTmpl, err := template.New("valkey.conf").Parse(string(defaultConfTmpl)) if err != nil { - logger.Error(err, "failed to read default.conf") + logger.Error(err, "failed to parse valkey.conf") + return err + } + conf := &bytes.Buffer{} + if err := confTmpl.Execute(conf, valkey); err != nil { + logger.Error(err, "failed to execute valkey.conf") return err } pingReadinessLocal, err := scripts.ReadFile("scripts/ping_readiness_local.sh") @@ -368,7 +384,7 @@ func (r *ValkeyReconciler) upsertConfigMap(ctx context.Context, valkey *hyperv1. Labels: labels(valkey), }, Data: map[string]string{ - "valkey-default.conf": string(defaultConf), + "valkey.conf": conf.String(), "ping_readiness_local.sh": string(pingReadinessLocal), "ping_liveness_local.sh": string(pingLivenessLocal), }, @@ -418,6 +434,180 @@ func (r *ValkeyReconciler) GetPassword(ctx context.Context, valkey *hyperv1.Valk return string(secret.Data["password"]), nil } +func (r *ValkeyReconciler) getPodNames(ctx context.Context, valkey *hyperv1.Valkey) ([]string, error) { + logger := log.FromContext(ctx) + + pods := &corev1.PodList{} + if err := r.List(ctx, pods, client.InNamespace(valkey.Namespace), client.MatchingLabels(labels(valkey))); err != nil { + logger.Error(err, "failed to list pods") + return nil, err + } + names := []string{} + for _, pod := range pods.Items { + names = append(names, pod.Name+"."+valkey.Name+"-headless."+valkey.Namespace+".svc") + } + return names, nil +} + +func (r *ValkeyReconciler) initCluster(ctx context.Context, valkey *hyperv1.Valkey) error { // nolint:gocyclo + logger := log.FromContext(ctx) + + logger.Info("initializing cluster") + + password, err := r.GetPassword(ctx, valkey) + if err != nil { + logger.Error(err, "failed to get password") + return err + } + + podNames, err := r.getPodNames(ctx, valkey) + if err != nil { + logger.Error(err, "failed to get pod names") + return err + } + + tmpips, err := r.getPodIPs(ctx, valkey) + if err != nil { + logger.Error(err, "failed to get pod ips") + return err + } + + ips := map[string]string{} + for ip, host := range tmpips { + ips[host] = ip + } + + clients := map[string]valkeyClient.Client{} + for _, podName := range podNames { + _, ok := ips[podName] + if !ok { + logger.Info("ip not found", "pod", podName) + return fmt.Errorf("ip not found for %s", podName) + } + address := podName + ":6379" + opt := valkeyClient.ClientOption{ + InitAddress: []string{address}, + Password: password, + ForceSingleClient: true, // this is necessary to avoid failing through to another shard and setting the wrong ip + } + if valkey.Spec.TLS { + ca, err := r.getCACertificate(ctx, valkey) + if err != nil { + logger.Error(err, "failed to get ca certificate") + return err + } + if ca == "" { + return fmt.Errorf("ca certificate not ready") + } + certpool, err := x509.SystemCertPool() + if err != nil { + logger.Error(err, "failed to get system cert pool") + return err + } + certpool.AppendCertsFromPEM([]byte(ca)) + opt.TLSConfig = &tls.Config{ + MinVersion: tls.VersionTLS12, + RootCAs: certpool, + } + } + clients[podName], err = valkeyClient.NewClient(opt) + if err != nil { + logger.Error(err, "failed to create valkey client") + return err + } + defer clients[podName].Close() + } + + counter := 0 + for podName, client := range clients { + logger.Info("setting epoch", "pod", podName) + r.Recorder.Event(valkey, "Normal", "Setting", + fmt.Sprintf("Setting epoch on pod %s for %s/%s", podName, valkey.Namespace, valkey.Name)) + info, err := client.Do(ctx, client.B().ClusterInfo().Build()).ToString() + if err != nil { + logger.Error(err, "failed to get epoch") + return err + } + e := "0" + for _, line := range strings.Split(info, "\r\n") { + if strings.HasPrefix(line, "cluster_my_epoch") { + e = strings.Split(line, ":")[1] + } + } + epoch, err := strconv.Atoi(e) + if err != nil { + logger.Error(err, "failed to parse epoch") + return err + } + if epoch > 0 { + logger.Info("epoch already set", "epoch", epoch) + continue + } + if err := client.Do(ctx, client.B().ClusterSetConfigEpoch().ConfigEpoch(int64(counter+1)).Build()).Error(); err != nil { + logger.Error(err, "failed to set epoch") + return err + } + counter++ + } + + // set cluster slotrange + slotRange := 16384 / int(valkey.Spec.Shards) + for i := 0; i < int(valkey.Spec.Shards); i++ { + logger.Info("setting slotrange", "shard", i) + r.Recorder.Event(valkey, "Normal", "Setting", + fmt.Sprintf("Setting slotrange on shard %d for %s/%s", i, valkey.Namespace, valkey.Name)) + info, err := clients[podNames[i]].Do(ctx, clients[podNames[i]].B().ClusterInfo().Build()).ToString() + if err != nil { + logger.Error(err, "failed to get cluster into") + return err + } + cont := false + for _, line := range strings.Split(info, "\r\n") { + if strings.HasPrefix(line, "cluster_slots_assigned") { + if strings.Split(line, ":")[1] != "0" { + logger.Info("slotrange already set") + cont = true + } + } + } + if cont { + continue + } + start := slotRange * i + end := slotRange*(i+1) - 1 + if i == int(valkey.Spec.Shards)-1 { + end = end + 1 + } + if err := clients[podNames[i]].Do(ctx, clients[podNames[i]].B().ClusterAddslotsrange().StartSlotEndSlot().StartSlotEndSlot(int64(start), int64(end)).Build()).Error(); err != nil { + logger.Error(err, "failed to set slotrange") + return err + } + } + + // set cluster meet + for _, podName := range podNames { + for _, shard := range podNames { + if shard == podName { + continue + } + logger.Info("node meeting peer", "peer", shard, "pod", podName) + r.Recorder.Event(valkey, "Normal", "Setting", + fmt.Sprintf("Node meeting peer %s on pod %s for %s/%s", shard, podName, valkey.Namespace, valkey.Name)) + ip, ok := ips[shard] + if !ok { + logger.Info("ip not found", "pod", shard) + return fmt.Errorf("ip not found for %s", shard) + } + if err := clients[podName].Do(ctx, clients[podName].B().ClusterMeet().Ip(ip).Port(6379).Build()).Error(); err != nil { + logger.Error(err, "failed to cluster meet", "shard", shard, "ip", shard, "pod", podName) + return err + } + } + } + + return nil +} + func (r *ValkeyReconciler) setClusterAnnounceIp(ctx context.Context, valkey *hyperv1.Valkey) error { logger := log.FromContext(ctx) @@ -1360,7 +1550,7 @@ func (r *ValkeyReconciler) balanceNodes(ctx context.Context, valkey *hyperv1.Val var tries int for { if len(pods) != int(valkey.Spec.Shards) { - pods, err = r.getPodIps(ctx, valkey) + pods, err = r.getPodIPs(ctx, valkey) if err != nil { logger.Error(err, "failed to get pod ips") return err @@ -1457,7 +1647,7 @@ func (r *ValkeyReconciler) balanceNodes(ctx context.Context, valkey *hyperv1.Val return nil } -func (r *ValkeyReconciler) getPodIps(ctx context.Context, valkey *hyperv1.Valkey) (map[string]string, error) { +func (r *ValkeyReconciler) getPodIPs(ctx context.Context, valkey *hyperv1.Valkey) (map[string]string, error) { logger := log.FromContext(ctx) pods := &corev1.PodList{} @@ -1467,7 +1657,7 @@ func (r *ValkeyReconciler) getPodIps(ctx context.Context, valkey *hyperv1.Valkey } ret := map[string]string{} for _, pod := range pods.Items { - ret[pod.Status.PodIP] = pod.Name + ret[pod.Status.PodIP] = pod.Name + "." + valkey.Name + "-headless." + valkey.Namespace + ".svc" } return ret, nil } @@ -1620,7 +1810,7 @@ func (r *ValkeyReconciler) upsertPodDisruptionBudget(ctx context.Context, valkey } func (r *ValkeyReconciler) exporter(valkey *hyperv1.Valkey) corev1.Container { - image := r.GlobalConfig.ExporterImage + image := r.GlobalConfig.SidecarImage if valkey.Spec.ExporterImage != "" { image = valkey.Spec.ExporterImage } @@ -1810,13 +2000,7 @@ func getInitContainerResourceRequirements() corev1.ResourceRequirements { }, } } -func createCluster(valkey *hyperv1.Valkey) string { - create := "no" - if valkey.Spec.Shards > 1 { - create = "yes" - } - return create -} + func (r *ValkeyReconciler) upsertStatefulSet(ctx context.Context, valkey *hyperv1.Valkey) error { logger := log.FromContext(ctx) @@ -1900,23 +2084,9 @@ func (r *ValkeyReconciler) upsertStatefulSet(ctx context.Context, valkey *hyperv Name: Valkey, ImagePullPolicy: "IfNotPresent", Command: []string{ - "/bin/bash", - "-c", - }, - Args: []string{ - fmt.Sprintf(`# Backwards compatibility change -if ! [[ -f /opt/bitnami/valkey/etc/valkey.conf ]]; then - echo COPYING FILE - cp /opt/bitnami/valkey/etc/valkey-default.conf /opt/bitnami/valkey/etc/valkey.conf -fi -pod_index=($(echo "$POD_NAME" | tr "-" "\n")) -pod_index="${pod_index[-1]}" -if [[ "$pod_index" == "0" ]]; then - export VALKEY_CLUSTER_CREATOR="%s" - export VALKEY_CLUSTER_REPLICAS="%d" -fi -export VALKEY_CLUSTER_ANNOUNCE_HOSTNAME="${POD_NAME}.%s" -/opt/bitnami/scripts/valkey-cluster/entrypoint.sh /opt/bitnami/scripts/valkey-cluster/run.sh`, createCluster(valkey), valkey.Spec.Replicas, valkey.Name+"-headless."+valkey.Namespace+".svc."+valkey.Spec.ClusterDomain), + "valkey-server", + "/valkey/etc/valkey.conf", + "--requirepass", "$(VALKEY_PASSWORD)", }, Env: []corev1.EnvVar{ { @@ -2020,26 +2190,26 @@ export VALKEY_CLUSTER_ANNOUNCE_HOSTNAME="${POD_NAME}.%s" }, { Name: "valkey-data", - MountPath: "/bitnami/valkey/data", - }, - { - Name: "valkey-conf", - MountPath: "/opt/bitnami/valkey/etc/valkey-default.conf", - SubPath: "valkey-default.conf", + MountPath: "/data", }, { Name: "empty-dir", - MountPath: "/opt/bitnami/valkey/etc/", + MountPath: "/valkey/etc", SubPath: "app-conf-dir", }, + { + Name: "valkey-conf", + MountPath: "/valkey/etc/valkey.conf", + SubPath: "valkey.conf", + }, { Name: "empty-dir", - MountPath: "/opt/bitnami/valkey/tmp", + MountPath: "/valkey/tmp", SubPath: "app-tmp-dir", }, { Name: "empty-dir", - MountPath: "/opt/bitnami/valkey/logs", + MountPath: "/var/logs/valkey", SubPath: "app-logs-dir", }, { @@ -2093,7 +2263,7 @@ export VALKEY_CLUSTER_ANNOUNCE_HOSTNAME="${POD_NAME}.%s" "/bin/chown", "-R", "1001:1001", - "/bitnami/valkey/data", + "/data", }, Resources: getInitContainerResourceRequirements(), SecurityContext: &corev1.SecurityContext{ @@ -2102,7 +2272,7 @@ export VALKEY_CLUSTER_ANNOUNCE_HOSTNAME="${POD_NAME}.%s" VolumeMounts: []corev1.VolumeMount{ { Name: "valkey-data", - MountPath: "/bitnami/valkey/data", + MountPath: "/data", }, { Name: "empty-dir", @@ -2205,7 +2375,7 @@ export VALKEY_CLUSTER_ANNOUNCE_HOSTNAME="${POD_NAME}.%s" } r.Recorder.Event(valkey, "Normal", "Updated", fmt.Sprintf("StatefulSet %s/%s is updated (image)", valkey.Namespace, valkey.Name)) } - exporterImage := r.GlobalConfig.ExporterImage + exporterImage := r.GlobalConfig.SidecarImage if valkey.Spec.ExporterImage != "" { exporterImage = valkey.Spec.ExporterImage } diff --git a/internal/sidecar/init.go b/internal/sidecar/init.go new file mode 100644 index 0000000..cf3ee35 --- /dev/null +++ b/internal/sidecar/init.go @@ -0,0 +1,37 @@ +package sidecar + +import ( + "fmt" + "os" + "strconv" +) + +// Set permissions on valkey data volume +func SetVolumePermissions() { + dir := os.Getenv("DATA_DIR") + if dir == "" { + dir = "/data" + } + user := os.Getenv("VALKEY_USER") + if user == "" { + user = "1001" + } + group := os.Getenv("VALKEY_GROUP") + if group == "" { + group = user + } + uid, err := strconv.Atoi(user) + if err != nil { + fmt.Println("Failed to convert user to int: ", err) + os.Exit(1) + } + gid, err := strconv.Atoi(group) + if err != nil { + fmt.Println("Failed to convert group to int: ", err) + os.Exit(1) + } + if err := os.Chown(dir, uid, gid); err != nil { + fmt.Println("Failed to chown data dir: ", err) + os.Exit(1) + } +} From 6bc0983df134129cd869ff89bae8216c260c52e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 07:34:50 -0500 Subject: [PATCH 13/21] build(deps): bump alpine from 3.21.1 to 3.21.2 (#155) Bumps alpine from 3.21.1 to 3.21.2. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.valkey | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.valkey b/Dockerfile.valkey index 6f97878..14b37e2 100644 --- a/Dockerfile.valkey +++ b/Dockerfile.valkey @@ -1,4 +1,4 @@ -FROM alpine:3.21.1 AS builder +FROM alpine:3.21.2 AS builder ARG VALKEY_VERSION=8.0.1 @@ -18,7 +18,7 @@ RUN apk add --no-cache --virtual .build-deps \ && make PREFIX=/usr BUILD_TLS=yes \ && make install BUILD_TLS=yes PREFIX=/home/valkey/build -FROM alpine:3.21.1 AS valkey +FROM alpine:3.21.2 AS valkey RUN apk add --no-cache \ openssl=3.3.2-r4 \ From 13c80444d9f7cacadfa834585783a6eb19af8da3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 12:37:09 +0000 Subject: [PATCH 14/21] build(deps): bump github.com/oliver006/redis_exporter (#156) Bumps [github.com/oliver006/redis_exporter](https://github.com/oliver006/redis_exporter) from 1.66.0 to 1.67.0. - [Release notes](https://github.com/oliver006/redis_exporter/releases) - [Commits](https://github.com/oliver006/redis_exporter/compare/v1.66.0...v1.67.0) --- updated-dependencies: - dependency-name: github.com/oliver006/redis_exporter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 5655474..f4a1567 100644 --- a/go.mod +++ b/go.mod @@ -6,14 +6,14 @@ toolchain go1.23.4 require ( github.com/cert-manager/cert-manager v1.16.2 - github.com/oliver006/redis_exporter v1.66.0 + github.com/oliver006/redis_exporter v1.67.0 + github.com/onsi/ginkgo/v2 v2.22.2 + github.com/onsi/gomega v1.36.2 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 github.com/prometheus/client_golang v1.20.5 github.com/spf13/cobra v1.8.1 - go.uber.org/zap v1.27.0 - github.com/onsi/ginkgo/v2 v2.22.2 - github.com/onsi/gomega v1.36.2 github.com/valkey-io/valkey-go v1.0.52 + go.uber.org/zap v1.27.0 k8s.io/api v0.32.0 k8s.io/apimachinery v0.32.0 k8s.io/client-go v0.32.0 diff --git a/go.sum b/go.sum index 2373ebc..6c65481 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/oliver006/redis_exporter v1.66.0 h1:IokginIt2aIDb1FfKb+QTojDkrUMi64CfSHHzCzIUGE= -github.com/oliver006/redis_exporter v1.66.0/go.mod h1:xBNCR/4yiaRFT1iI/zS4Kq+AgPk/3f4qDxw4RtzzuzA= +github.com/oliver006/redis_exporter v1.67.0 h1:DIWpIYOQ+T7vYKxL1jbmtqlJYxBzpaFhjbqGvWuCMXo= +github.com/oliver006/redis_exporter v1.67.0/go.mod h1:xBNCR/4yiaRFT1iI/zS4Kq+AgPk/3f4qDxw4RtzzuzA= github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= From d7d127219636f511214c88c4066425d4b40fcee0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 08:14:03 -0500 Subject: [PATCH 15/21] build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1 (#158) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.5.1 to 5.6.1. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5.5.1...369eb591f429131d6889c46b94e711f089e6ca96) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 6d1968a..947140b 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -43,12 +43,12 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }} - name: Extract metadata (Sidecar tags, labels) for Docker id: meta_sidecar - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 with: images: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }} - name: Extract metadata (Valkey tags, labels) for Docker id: meta_valkey - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 with: images: ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }} From e0f9e4591bc512245fdf951c84d0992fd1381087 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 13:16:07 +0000 Subject: [PATCH 16/21] build(deps): bump docker/build-push-action from 6.9.0 to 6.11.0 (#157) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.9.0 to 6.11.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.9.0...b32b51a8eda65d6793cd0494a773d4f6bcef32dc) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image.yaml | 4 ++-- .github/workflows/scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 947140b..997a7da 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -74,7 +74,7 @@ jobs: tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }} labels: ${{ steps.meta_manager.outputs.labels }} - name: Build and push Sidecar image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc id: docker_build_sidecar with: file: Dockerfile.sidecar @@ -84,7 +84,7 @@ jobs: tags: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }} labels: ${{ steps.meta_sidecar.outputs.labels }} - name: Build and push Valkey image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc id: docker_build_valkey with: file: Dockerfile.valkey diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 6fb520e..f482f58 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -83,7 +83,7 @@ jobs: - uses: actions/checkout@v4 - name: Build the Valkey image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc id: docker_build_valkey with: file: Dockerfile.valkey From ebdf34da5b69e4e084625d218239ffb54497bfa6 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Fri, 10 Jan 2025 10:53:26 -0500 Subject: [PATCH 17/21] fix(controller): Fix add-slots-range algorithm in initCluster (#159) --- internal/controller/valkey_controller.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/internal/controller/valkey_controller.go b/internal/controller/valkey_controller.go index c0274b5..9ddde16 100644 --- a/internal/controller/valkey_controller.go +++ b/internal/controller/valkey_controller.go @@ -552,6 +552,7 @@ func (r *ValkeyReconciler) initCluster(ctx context.Context, valkey *hyperv1.Valk // set cluster slotrange slotRange := 16384 / int(valkey.Spec.Shards) + prevEnd := 0 for i := 0; i < int(valkey.Spec.Shards); i++ { logger.Info("setting slotrange", "shard", i) r.Recorder.Event(valkey, "Normal", "Setting", @@ -573,15 +574,19 @@ func (r *ValkeyReconciler) initCluster(ctx context.Context, valkey *hyperv1.Valk if cont { continue } - start := slotRange * i - end := slotRange*(i+1) - 1 + start := prevEnd + 1 + if i == 0 { + start = 0 + } + end := start + slotRange if i == int(valkey.Spec.Shards)-1 { - end = end + 1 + end = 16383 } if err := clients[podNames[i]].Do(ctx, clients[podNames[i]].B().ClusterAddslotsrange().StartSlotEndSlot().StartSlotEndSlot(int64(start), int64(end)).Build()).Error(); err != nil { logger.Error(err, "failed to set slotrange") return err } + prevEnd = end } // set cluster meet From 165b728bb9b60a0b5fc941b86a356e9c80bb0318 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Fri, 10 Jan 2025 12:07:31 -0500 Subject: [PATCH 18/21] work on building containers in PR-Branches (#160) * work on building containers in PR-Branches * more cleanup * not sure now --- .github/workflows/build.yaml | 50 ++++++++++++++++++++++++++++-------- .github/workflows/image.yaml | 7 ++--- 2 files changed, 43 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 32a971a..26fc276 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,19 +1,47 @@ -name: Go Build +name: Build on: pull_request: +env: + REGISTRY: ghcr.io + jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Setup Go ${{ matrix.go-version }} - uses: actions/setup-go@v5 - with: - go-version: 1.23 - # You can test your matrix by printing the current Go version - - name: Display Go version - run: go version - - name: Build it - run: make V=1 + - uses: actions/checkout@v4 + - name: Setup Go ${{ matrix.go-version }} + uses: actions/setup-go@v5 + with: + go-version: 1.23 + # You can test your matrix by printing the current Go version + - name: Display Go version + run: go version + - name: Build it + run: make V=1 + build-operator-container: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Go ${{ matrix.go-version }} + uses: actions/setup-go@v5 + with: + go-version: 1.23 + - name: Build it + run: make V=1 + - name: Extract metadata (Operator tags, labels) for Docker + id: meta_operator + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 + with: + images: ${{ env.REGISTRY }}/hyperspike/valkey-operator:${{ github.sha }} + - name: Build Operator image + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc + id: docker_build_operator + with: + file: Dockerfile.controller + context: . + push: false + visibility: public + tags: ${{ steps.meta_operator.outputs.images }} + labels: ${{ steps.meta_operator.outputs.labels }} diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 997a7da..9703b4d 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -13,7 +13,8 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - VALKEY_VERSION: 8.0.1 + VALKEY_VERSION: 8.0.2 + RELEASE_VERSION: ${{ github.ref_name }} jobs: build-and-push-image: @@ -40,7 +41,7 @@ jobs: id: meta_controller uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }} + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} - name: Extract metadata (Sidecar tags, labels) for Docker id: meta_sidecar uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 @@ -71,7 +72,7 @@ jobs: context: . push: true visibility: public - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} labels: ${{ steps.meta_manager.outputs.labels }} - name: Build and push Sidecar image uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc From 48e7bf0403aa127152cfb3bd0f354244b5585005 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Fri, 10 Jan 2025 12:25:46 -0500 Subject: [PATCH 19/21] prep for v0.0.48 --- .github/workflows/image.yaml | 18 ++++++++++++++++-- config/manager/manager.yaml | 2 +- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 9703b4d..76a070c 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -108,12 +108,26 @@ jobs: run: | cosign sign --yes ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }}@${{ steps.docker_build_valkey.outputs.digest }} - - name: Attest + - name: Attest the Controller image uses: actions/attest-build-provenance@v2 id: attest with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - subject-digest: ${{ steps.docker_build.outputs.digest }} + subject-digest: ${{ steps.docker_build_controller.outputs.digest }} + push-to-registry: true + - name: Attest the Sidecar image + uses: actions/attest-build-provenance@v2 + id: attest + with: + subject-name: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar + subject-digest: ${{ steps.docker_build_sidecar.outputs.digest }} + push-to-registry: true + - name: Attest the Valkey image + uses: actions/attest-build-provenance@v2 + id: attest + with: + subject-name: ${{ env.REGISTRY }}/hyperspike/valkey + subject-digest: ${{ steps.docker_build_valkey.outputs.digest }} push-to-registry: true - name: Run Trivy vulnerability scanner diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 1496a4e..5e07ed8 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -19,7 +19,7 @@ metadata: data: nodes: "3" valkeyImage: "ghcr.io/hyperspike/valkey:8.0.2" - exporterImage: "ghcr.io/hyperspike/valkey-sidecar:v0.0.46" + exporterImage: "ghcr.io/hyperspike/valkey-sidecar:v0.0.48" --- apiVersion: apps/v1 kind: Deployment From 2410f54c32603d7acbc1806b4a149a2679723d5b Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Fri, 10 Jan 2025 12:27:50 -0500 Subject: [PATCH 20/21] fix job ids --- .github/workflows/image.yaml | 6 +++--- config/manager/manager.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 76a070c..aee805c 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -110,21 +110,21 @@ jobs: - name: Attest the Controller image uses: actions/attest-build-provenance@v2 - id: attest + id: attest_controller with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.docker_build_controller.outputs.digest }} push-to-registry: true - name: Attest the Sidecar image uses: actions/attest-build-provenance@v2 - id: attest + id: attest_sidecar with: subject-name: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar subject-digest: ${{ steps.docker_build_sidecar.outputs.digest }} push-to-registry: true - name: Attest the Valkey image uses: actions/attest-build-provenance@v2 - id: attest + id: attest_valkey with: subject-name: ${{ env.REGISTRY }}/hyperspike/valkey subject-digest: ${{ steps.docker_build_valkey.outputs.digest }} diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 5e07ed8..df4b6c7 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -19,7 +19,7 @@ metadata: data: nodes: "3" valkeyImage: "ghcr.io/hyperspike/valkey:8.0.2" - exporterImage: "ghcr.io/hyperspike/valkey-sidecar:v0.0.48" + exporterImage: "ghcr.io/hyperspike/valkey-sidecar:v0.0.49" --- apiVersion: apps/v1 kind: Deployment From 46404be0231f3d0417a497090c7f3d1d603ebb26 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Fri, 10 Jan 2025 12:33:52 -0500 Subject: [PATCH 21/21] missing tag in image singing --- .github/workflows/image.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index aee805c..1f6c381 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -100,7 +100,7 @@ jobs: - name: Sign Controller image with GitHub OIDC Token run: | - cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }}@${{ steps.docker_build_controller.outputs.digest }} + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}@${{ steps.docker_build_controller.outputs.digest }} - name: Sign Sidecar image with GitHub OIDC Token run: | cosign sign --yes ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }}@${{ steps.docker_build_sidecar.outputs.digest }} @@ -133,7 +133,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }}' + image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}' format: 'sarif' output: 'trivy-results.sarif'