argo-redis

mrpbennett · Jul 14, 2024 · abb7380 · abb7380
1 parent 486a088
commit abb7380
Show file tree

Hide file tree

Showing 11 changed files with 187 additions and 46 deletions.
diff --git a/kubernetes/apps/postgres-db/deployment.yaml b/kubernetes/apps/postgres-db/deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   name: postgres
 spec:
-  replicas: 1
+  replicas: 3
   selector:
     matchLabels:
       app: postgres

diff --git a/kubernetes/apps/redis-db/deployment.yaml b/kubernetes/apps/redis-db/deployment.yaml
@@ -1,27 +1,79 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: redis-stack
+  labels:
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: redis
+  name: argocd-redis
 spec:
-  replicas: 1
   selector:
     matchLabels:
-      app: redis-stack
+      app.kubernetes.io/name: argocd-redis
   template:
     metadata:
       labels:
-        app: redis-stack
+        app.kubernetes.io/name: argocd-redis
     spec:
+      initContainers:
+        - command:
+            - argocd
+            - admin
+            - redis-initial-password
+          image: quay.io/argoproj/argocd:latest
+          imagePullPolicy: IfNotPresent
+          name: secret-init
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 999
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: argocd-redis
       containers:
-        - name: redis-stack
-          image: redis/redis-stack:latest
+        - name: redis
+          image: redis:7.0.15-alpine
+          imagePullPolicy: Always
+          args:
+            - "--save"
+            - ""
+            - "--appendonly"
+            - "no"
+            - --requirepass $(REDIS_PASSWORD)
+          env:
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: auth
+                  name: argocd-redis
           ports:
             - containerPort: 6379
-            - containerPort: 8001
-          volumeMounts:
-            - mountPath: /data
-              name: redis-data
-      volumes:
-        - name: redis-data
-          persistentVolumeClaim:
-            claimName: redis-pvc
+          securityContext:
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/name: argocd-redis
+                topologyKey: kubernetes.io/hostname
+            - weight: 5
+              podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/part-of: argocd
+                topologyKey: kubernetes.io/hostname
diff --git a/kubernetes/apps/redis-db/network-policy.yaml b/kubernetes/apps/redis-db/network-policy.yaml
@@ -0,0 +1,24 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: argocd-redis-network-policy
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-redis
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: argocd-server
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: argocd-repo-server
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: argocd-application-controller
+      ports:
+        - protocol: TCP
+          port: 6379
diff --git a/kubernetes/apps/redis-db/persistant-vol-claim.yaml b/kubernetes/apps/redis-db/persistant-vol-claim.yaml
diff --git a/kubernetes/apps/redis-db/persistant-vol.yaml b/kubernetes/apps/redis-db/persistant-vol.yaml
diff --git a/kubernetes/apps/redis-db/redis-insight/deployment.yaml b/kubernetes/apps/redis-db/redis-insight/deployment.yaml
@@ -0,0 +1,30 @@
+# Redis Insight deployment with name 'redisinsight'
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redisinsight #deployment name
+  labels:
+    app: redisinsight #deployment label
+spec:
+  replicas: 1 #a single replica pod
+  selector:
+    matchLabels:
+      app: redisinsight #which pods is the deployment managing, as defined by the pod template
+  template: #pod template
+    metadata:
+      labels:
+        app: redisinsight #label for pod/s
+    spec:
+      containers:
+        - name: redisinsight #Container name (DNS_LABEL, unique)
+          image: redis/redisinsight:latest #repo/image
+          imagePullPolicy: IfNotPresent #Installs the latest Redis Insight version
+          volumeMounts:
+            - name: redisinsight #Pod volumes to mount into the container's filesystem. Cannot be updated.
+              mountPath: /data
+          ports:
+            - containerPort: 5540 #exposed container port and protocol
+              protocol: TCP
+      volumes:
+        - name: redisinsight
+          emptyDir: {} # node-ephemeral volume https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
diff --git a/kubernetes/apps/redis-db/redis-insight/service.yaml b/kubernetes/apps/redis-db/redis-insight/service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redisinsight-svc
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      targetPort: 5540
+  selector:
+    app: redisinsight
diff --git a/kubernetes/apps/redis-db/role-binding.yaml b/kubernetes/apps/redis-db/role-binding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argocd-redis
+subjects:
+  - kind: ServiceAccount
+    name: argocd-redis
diff --git a/kubernetes/apps/redis-db/role.yaml b/kubernetes/apps/redis-db/role.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - argocd-redis
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
diff --git a/kubernetes/apps/redis-db/service-account.yaml b/kubernetes/apps/redis-db/service-account.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis
diff --git a/kubernetes/apps/redis-db/service.yaml b/kubernetes/apps/redis-db/service.yaml
@@ -1,17 +1,16 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: redis-stack
+  labels:
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: redis
+  name: argocd-redis
 spec:
-  selector:
-    app: redis
   ports:
-    - name: redis-port
-      protocol: TCP
+    - name: tcp-redis
       port: 6379
       targetPort: 6379
-    - name: ui-port
-      protocol: TCP
-      port: 8001
-      targetPort: 8001
-  type: LoadBalancer
+  selector:
+    app.kubernetes.io/name: argocd-redis
+type: LoadBalancer