feat: Add redis operator

2025-09-30 18:55:14 +02:00
parent 210ccffdcd
commit 021878545a
10 changed files with 128 additions and 0 deletions
@@ -52,6 +52,8 @@ spec:
    server: https://kubernetes.default.svc
  - namespace: mariadb-operator
    server: https://kubernetes.default.svc
  - namespace: redis-operator
    server: https://kubernetes.default.svc
  - namespace: cilium-spire
    server: https://kubernetes.default.svc
  - namespace: cilium-test
@@ -113,3 +115,4 @@ spec:
  - ghcr.io/slinkyproject/charts/slurm-operator-crds
  - https://operator.mariadb.com/mariadb-enterprise-operator
  - https://operator.mariadb.com
  - https://ot-container-kit.github.io/helm-charts
@@ -0,0 +1,3 @@
 redis_operator:
  enabled: true
  autosync: false
@@ -0,0 +1,3 @@
 redis_operator:
  enabled: false
  autosync: false
@@ -0,0 +1,14 @@
 {{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-api-server
  namespace: redis-operator
 spec:
  egress:
    - toEntities:
        - kube-apiserver
  endpointSelector:
    matchLabels:
      app.kubernetes.io/instance: redis-operator
 {{- end}}
@@ -0,0 +1,14 @@
 {{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-host-to-redis
  namespace: redis-operator
 spec:
  endpointSelector:
    matchLabels:
      app.kubernetes.io/instance: redis-operator
  ingress:
    - fromEntities:
        - host
 {{- end}}
@@ -0,0 +1,19 @@
 {{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-prometheus-metrics
  namespace: redis-operator
 spec:
  endpointSelector:
    matchLabels:
      app.kubernetes.io/instance: redis-operator
  ingress:
    - fromEndpoints:
        - matchLabels:
            io.kubernetes.pod.namespace: prometheus
      toPorts:
        - ports:
            - port: "8080"
              protocol: TCP
 {{- end}}
@@ -0,0 +1,20 @@
 {{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-remote-node-webhooks
  namespace: redis-operator
 spec:
  endpointSelector:
    matchLabels: {}
  ingress:
    - fromEntities:
        - kube-apiserver
        - remote-node
      toPorts:
        - ports:
            - port: "443"
              protocol: TCP
            - port: "9443"
              protocol: TCP
 {{- end}}
@@ -0,0 +1,38 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: redis-operator
  namespace: argocd
 spec:
  destination:
    namespace: redis-operator
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfile.d
    plugin:
      name: helmfile-cmp
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
      - name: HELMFILE_ENVIRONMENT
        value: default
      - name: HELMFILE_FILE_PATH
        value: redis-operator.yaml.gotmpl
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
    {{- if .Values.redis_operator.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,14 @@
 # ha:
 #   enabled: false
 # metrics:
 #   enabled: true
 #   serviceMonitor:
 #     additionalLabels:
 #       release: prometheus
 #     enabled: true
 # webhook:
 #   certificate:
 #     certManager: false
 #   serviceMonitor:
 #     additionalLabels:
 #       release: prometehus