feat(container)!: Update image redis to v19 #328
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![obocaman[bot]](https://avatars.githubusercontent.com/in/871411?s=60&v=4){kind=small}
github-actions
bot
added
the
area/kubernetes
--- kubernetes/apps/datahub/redis/app Kustomization: flux-system/cluster-apps-redis HelmRelease: datahub/redis
+++ kubernetes/apps/datahub/redis/app Kustomization: flux-system/cluster-apps-redis HelmRelease: datahub/redis
@@ -10,13 +10,13 @@
chart: redis
interval: 5m
sourceRef:
kind: HelmRepository
name: bitnami
namespace: flux-system
- version: 18.4.0
+ version: 19.0.2
interval: 5m
values:
auth:
enabled: false
sentinel: false
commonConfiguration: |- |
--- kubernetes HelmRelease: datahub/redis ServiceAccount: datahub/redis
+++ kubernetes HelmRelease: datahub/redis ServiceAccount: datahub/redis
@@ -1,10 +1,10 @@
---
apiVersion: v1
kind: ServiceAccount
-automountServiceAccountToken: true
+automountServiceAccountToken: false
metadata:
name: redis
namespace: datahub
labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
--- kubernetes HelmRelease: datahub/redis StatefulSet: datahub/redis-node
+++ kubernetes HelmRelease: datahub/redis StatefulSet: datahub/redis-node
@@ -26,18 +26,21 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/component: node
annotations:
checksum/configmap: ec2d023ac6c42562fd205a2e03c6cbcaa530cfdddc13e76e6d616bc8da3a1824
checksum/health: 07a9e9f1ff08347b0d2cd65e962feb94d6390f5b64a77ed1346867af2559df4a
- checksum/scripts: 250c1f6d875af43186a39eee94348e500b42aab49e24a15ac1da9b821e104333
+ checksum/scripts: a47ae27b6e81642d5e12e70fac53bdbc2d8eeaa2af2879841f8433856fe239a9
checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
spec:
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1001
- automountServiceAccountToken: true
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
serviceAccountName: redis
affinity:
podAffinity: null
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
@@ -50,13 +53,13 @@
weight: 1
nodeAffinity: null
enableServiceLinks: true
terminationGracePeriodSeconds: 30
containers:
- name: redis
- image: docker.io/bitnami/redis:7.2.3-debian-11-r1
+ image: docker.io/bitnami/redis:7.2.4-debian-12-r9
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/bash
@@ -64,15 +67,17 @@
- /opt/bitnami/scripts/start-scripts/prestop-redis.sh
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- runAsGroup: 0
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
command:
- /bin/bash
args:
- -c
@@ -142,18 +147,20 @@
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- - name: redis-tmp-conf
+ - name: empty-dir
mountPath: /opt/bitnami/redis/etc
- - name: tmp
+ subPath: app-conf-dir
+ - name: empty-dir
mountPath: /tmp
+ subPath: tmp-dir
- name: sentinel
- image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r1
+ image: docker.io/bitnami/redis-sentinel:7.2.4-debian-12-r7
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/bash
@@ -161,15 +168,17 @@
- /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- runAsGroup: 0
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
+ seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
command:
- /bin/bash
args:
- -c
@@ -217,15 +226,24 @@
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh 10
resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: sentinel-data
mountPath: /opt/bitnami/redis-sentinel/etc
@@ -244,13 +262,11 @@
defaultMode: 493
- name: config
configMap:
name: redis-configuration
- name: sentinel-data
emptyDir: {}
- - name: redis-tmp-conf
- emptyDir: {}
- - name: tmp
+ - name: empty-dir
emptyDir: {}
- name: redis-data
emptyDir: {}
--- kubernetes HelmRelease: datahub/redis ConfigMap: datahub/redis-scripts
+++ kubernetes HelmRelease: datahub/redis ConfigMap: datahub/redis-scripts
@@ -299,13 +299,13 @@
full_hostname="${hostname}.${HEADLESS_SERVICE}"
echo "${full_hostname}"
}
run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
- redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+ redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
else
redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
fi
}
sentinel_failover_finished() {
REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "redis-master"))
@@ -354,13 +354,13 @@
full_hostname="${hostname}.${HEADLESS_SERVICE}"
echo "${full_hostname}"
}
run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
- env -u REDISCLI_AUTH redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+ env -u REDISCLI_AUTH redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
else
env -u REDISCLI_AUTH redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
fi
}
sentinel_failover_finished() {
REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "redis-master"))
--- kubernetes HelmRelease: datahub/redis NetworkPolicy: datahub/redis
+++ kubernetes HelmRelease: datahub/redis NetworkPolicy: datahub/redis
@@ -0,0 +1,25 @@
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: redis
+ namespace: datahub
+ labels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: redis
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: redis
+ app.kubernetes.io/name: redis
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 6379
+ - port: 26379
+ |
obocaman
bot
force-pushed
the
renovate/redis-19.x
branch
11 times, most recently
from
8ef3a95 to
8eb211d
Compare
obocaman
bot
force-pushed
the
renovate/redis-19.x
branch
11 times, most recently
from
76d3c5d to
9f24954
Compare
obocaman
bot
force-pushed
the
renovate/redis-19.x
branch
3 times, most recently
from
81c4b7f to
c0f8580
Compare
obocaman
bot
force-pushed
the
renovate/redis-19.x
branch
9 times, most recently
from
73165b7 to
b8e7917
Compare
obocaman
bot
force-pushed
the
renovate/redis-19.x
branch
from
b8e7917 to
809c650
Compare
obocaman
bot
force-pushed
the
renovate/redis-19.x
branch
from
809c650 to
e55aed4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
18.4.0->19.3.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Configuration
📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.