From 021878545a9771013cbe8611c7e95913b59b1751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 30 Sep 2025 18:55:14 +0200 Subject: [PATCH] feat: Add redis operator --- values/argo/manifests/sys-project.yaml | 3 ++ ...lues.yaml => mariadb-operator.yaml.gotmpl} | 0 .../redis-operator/env-oceanbox.yaml.gotmpl | 3 ++ values/redis-operator/env.yaml.gotmpl | 3 ++ .../CiliumNetworkPolicy-allow-api-server.yaml | 14 +++++++ ...liumNetworkPolicy-allow-host-to-redis.yaml | 14 +++++++ ...etworkPolicy-allow-prometheus-metrics.yaml | 19 ++++++++++ ...workPolicy-allow-remote-node-webhooks.yaml | 20 ++++++++++ .../manifests/redis-operator.yaml | 38 +++++++++++++++++++ .../values/redis-operator.yaml.gotmpl | 14 +++++++ 10 files changed, 128 insertions(+) rename values/mariadb-operator/values/{values.yaml => mariadb-operator.yaml.gotmpl} (100%) create mode 100644 values/redis-operator/env-oceanbox.yaml.gotmpl create mode 100644 values/redis-operator/env.yaml.gotmpl create mode 100644 values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml create mode 100644 values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml create mode 100644 values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml create mode 100644 values/redis-operator/manifests/redis-operator.yaml create mode 100644 values/redis-operator/values/redis-operator.yaml.gotmpl diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index 3b2f2efc..b0add1e1 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -52,6 +52,8 @@ spec: server: https://kubernetes.default.svc - namespace: mariadb-operator server: https://kubernetes.default.svc + - namespace: redis-operator + server: https://kubernetes.default.svc - namespace: cilium-spire server: https://kubernetes.default.svc - namespace: cilium-test @@ -113,3 +115,4 @@ spec: - ghcr.io/slinkyproject/charts/slurm-operator-crds - https://operator.mariadb.com/mariadb-enterprise-operator - https://operator.mariadb.com + - https://ot-container-kit.github.io/helm-charts diff --git a/values/mariadb-operator/values/values.yaml b/values/mariadb-operator/values/mariadb-operator.yaml.gotmpl similarity index 100% rename from values/mariadb-operator/values/values.yaml rename to values/mariadb-operator/values/mariadb-operator.yaml.gotmpl diff --git a/values/redis-operator/env-oceanbox.yaml.gotmpl b/values/redis-operator/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..f87f0124 --- /dev/null +++ b/values/redis-operator/env-oceanbox.yaml.gotmpl @@ -0,0 +1,3 @@ +redis_operator: + enabled: true + autosync: false diff --git a/values/redis-operator/env.yaml.gotmpl b/values/redis-operator/env.yaml.gotmpl new file mode 100644 index 00000000..5d7833c9 --- /dev/null +++ b/values/redis-operator/env.yaml.gotmpl @@ -0,0 +1,3 @@ +redis_operator: + enabled: false + autosync: false diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml new file mode 100644 index 00000000..c2180393 --- /dev/null +++ b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-server + namespace: redis-operator +spec: + egress: + - toEntities: + - kube-apiserver + endpointSelector: + matchLabels: + app.kubernetes.io/instance: redis-operator +{{- end}} diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml new file mode 100644 index 00000000..a78637a1 --- /dev/null +++ b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-host-to-redis + namespace: redis-operator +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: redis-operator + ingress: + - fromEntities: + - host +{{- end}} diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..1f83cc1a --- /dev/null +++ b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,19 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: redis-operator +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: redis-operator + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + toPorts: + - ports: + - port: "8080" + protocol: TCP +{{- end}} diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml new file mode 100644 index 00000000..027d06a0 --- /dev/null +++ b/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml @@ -0,0 +1,20 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-webhooks + namespace: redis-operator +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - remote-node + toPorts: + - ports: + - port: "443" + protocol: TCP + - port: "9443" + protocol: TCP +{{- end}} diff --git a/values/redis-operator/manifests/redis-operator.yaml b/values/redis-operator/manifests/redis-operator.yaml new file mode 100644 index 00000000..66126931 --- /dev/null +++ b/values/redis-operator/manifests/redis-operator.yaml @@ -0,0 +1,38 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: redis-operator + namespace: argocd +spec: + destination: + namespace: redis-operator + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d + plugin: + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: default + - name: HELMFILE_FILE_PATH + value: redis-operator.yaml.gotmpl + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true + {{- if .Values.redis_operator.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/redis-operator/values/redis-operator.yaml.gotmpl b/values/redis-operator/values/redis-operator.yaml.gotmpl new file mode 100644 index 00000000..af4970d0 --- /dev/null +++ b/values/redis-operator/values/redis-operator.yaml.gotmpl @@ -0,0 +1,14 @@ +# ha: +# enabled: false +# metrics: +# enabled: true +# serviceMonitor: +# additionalLabels: +# release: prometheus +# enabled: true +# webhook: +# certificate: +# certManager: false +# serviceMonitor: +# additionalLabels: +# release: prometehus