CadolesKube/varnish-kustom
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(node): adding all in one node support

Browse Source
This commit is contained in:
Philippe Caseiro 2025-05-20 15:52:43 +02:00
parent bb6ad3532d
commit 66412ff589
15 changed files with 633 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
files/default.vcl
View File

@ -1,6 +0,0 @@
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
}

11
kustomization.yaml
View File

@ -2,13 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- resources/deployment.yaml - resources/node
- resources/svc.yaml
configMapGenerator:
- name: varnish-env
literals:
- VARNISH_SIZE=1G
- name: varnish-config
files:
- files/default.vcl

1
misc/docker/Dockerfile
View File

@ -14,5 +14,6 @@ RUN git clone https://github.com/coveooss/gotemplate.git . && \
FROM busybox FROM busybox
COPY --from=builder /app/gotemplate /gotemplate COPY --from=builder /app/gotemplate /gotemplate
COPY --from=builder /bin/cp /cp
ENTRYPOINT [ "/gotemplate" ] ENTRYPOINT [ "/gotemplate" ]

53
resources/deployment.yaml
View File

@ -1,53 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: varnish
labels:
app: varnish
spec:
replicas: 1
selector:
matchLabels:
app: varnish
template:
metadata:
labels:
app: varnish
spec:
containers:
- name: varnish
image: reg.cadoles.com/dh/library/varnish:7.6.1-alpine
imagePullPolicy: IfNotPresent
env:
- name: VARNISH_HTTP_PORT
value: "8080"
envFrom:
- configMapRef:
name: varnish-env
ports:
- containerPort: 8080
volumeMounts:
- mountPath: /etc/varnish/default.vcl
name: varnish-config
subPath: default.vcl
- mountPath: /var/lib/varnish/varnishd
name: varnish-lib
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
add: [ "IPC_LOCK" ]
volumes:
- name: varnish-config
configMap:
name: varnish-config
items:
- key: default.vcl
path: default.vcl
- name: varnish-lib
emptyDir:
sizeLimit: 1Gi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true

108
resources/node/files/conf/replication.conf.tpl Normal file
View File

@ -0,0 +1,108 @@
################################## INCLUDES ###################################
################################## MODULES #####################################
################################## NETWORK #####################################
bind 127.0.0.1 -::1
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
################################# TLS/SSL #####################################
port {{ env "VALKEY_PORT" }}
################################### RDMA ######################################
################################# GENERAL #####################################
daemonize yes
pidfile /opt/bitnami/valkey/tmp/valkey.pid
loglevel notice
logfile ""
databases 16
always-show-logo no
hide-user-data-from-log yes
set-proc-title yes
proc-title-template "{title} {listen-addr} {server-mode}"
locale-collate ""
################################ SNAPSHOTTING ################################
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
rdb-version-check strict
dbfilename dump.rdb
rdb-del-sync-files no
dir {{ env "VALKEY_DATA_DIR" }}
################################# REPLICATION #################################
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync yes
repl-diskless-sync-delay 5
repl-diskless-sync-max-replicas 0
repl-diskless-load disabled
dual-channel-replication-enabled no
repl-disable-tcp-nodelay no
replica-priority 100
############################### KEYS TRACKING #################################
################################## SECURITY ###################################
acllog-max-len 128
################################### CLIENTS ####################################
############################## MEMORY MANAGEMENT ################################
############################# LAZY FREEING ####################################
lazyfree-lazy-eviction yes
lazyfree-lazy-expire yes
lazyfree-lazy-server-del yes
replica-lazy-flush yes
lazyfree-lazy-user-del yes
lazyfree-lazy-user-flush yes
################################ THREADED I/O #################################
############################ KERNEL OOM CONTROL ##############################
oom-score-adj no
oom-score-adj-values 0 200 800
#################### KERNEL transparent hugepage CONTROL ######################
disable-thp yes
############################## APPEND ONLY MODE ###############################
appendonly no
appendfilename "appendonly.aof"
appenddirname "appendonlydir"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
aof-timestamp-enabled no
################################ SHUTDOWN #####################################
################ NON-DETERMINISTIC LONG BLOCKING COMMANDS #####################
################################ VALKEY CLUSTER ###############################
########################## CLUSTER DOCKER/NAT support ########################
################################## COMMAND LOG ###################################
commandlog-execution-slower-than 10000
commandlog-slow-execution-max-len 128
commandlog-request-larger-than 1048576
commandlog-large-request-max-len 128
commandlog-reply-larger-than 1048576
commandlog-large-reply-max-len 128
################################ LATENCY MONITOR ##############################
latency-monitor-threshold 0
################################ LATENCY TRACKING ##############################
############################# EVENT NOTIFICATION ##############################
notify-keyspace-events ""
############################### ADVANCED CONFIG ###############################
hash-max-listpack-entries 512
hash-max-listpack-value 64
list-max-listpack-size -2
list-compress-depth 0
set-max-intset-entries 512
set-max-listpack-entries 128
set-max-listpack-value 64
zset-max-listpack-entries 128
zset-max-listpack-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
########################### ACTIVE DEFRAGMENTATION #######################
jemalloc-bg-thread yes

41
resources/node/files/conf/sentinel.conf.tpl Normal file
View File

@ -0,0 +1,41 @@
{{- $hostname := env "HOSTNAME" }}
{{- $service := env "VALKEY_SERVICE" }}
{{- $namespace := env "NAMESPACE" }}
{{- $port := env "VALKEY_PORT" }}
{{- $sentinel_port := env "VALKEY_SENTINEL_PORT" }}
{{- $replicas := env "VALKEY_REPLICAS" }}
{{- $domain := printf "%s.%s.svc.cluster.local" $service $namespace }}
{{- $fqdn := printf "%s.%s" $hostname $domain }}
{{- $hostid := sha1sum $hostname }}
dir "/tmp"
port {{ $port }}
sentinel monitor mymaster {{ printf "%s %s" $fqdn $port }} 2
sentinel down-after-milliseconds mymaster 60000
# User-supplied sentinel configuration:
# End of sentinel configuration
{{- printf "sentinel myid %s" $hostid }}
sentinel announce-hostnames yes
sentinel resolve-hostnames yes
sentinel announce-port {{- $sentinel_port }}
sentinel announce-ip {{- $fqdn }}
# Generated by CONFIG REWRITE
latency-tracking-info-percentiles 50 99 99.9
protected-mode no
# gotemplate-pause!
user default on nopass sanitize-payload ~* &* +@all
# gotemplate-resume!
sentinel config-epoch mymaster 0
sentinel leader-epoch mymaster 0
sentinel current-epoch 0
{{- range $i, $e := until ( int $replicas ) }}
{{- $ndeHostname := printf "valkey-node-%d" $i }}
{{- $ndeFQDN := printf "%s.%s" $ndeHostname $domain }}
{{- $nodeID := sha1sum $ndeHostname }}
sentinel {{ printf "known-sentinel mymaster %s %s %s" $ndeFQDN $sentinel_port $nodeID }}
sentinel {{ printf "known-replica mymaster %s %s" $ndeFQDN $port }}
{{- end}}

27
resources/node/files/scripts/liveness-local.sh Normal file
View File

@ -0,0 +1,27 @@
#!/bin/sh
ping_valkey() {
resp=$(timeout -s 15 $1 \
valkey-cli \
-h localhost \
-p $VALKEY_PORT \
ping)
ret=${?}
echo $resp
return ${ret}
}
response=$(ping_valkey 5)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
firstWord=$(echo $response | awk 'NR==1 {print $1;}')
if [ "$response" != "PONG" ] && [ "$firstWord" != "LOADING" ] && [ "$firstWord" != "MASTERDOWN" ]; then
echo "Valey is not alive [${response}]"
exit 1
fi
echo "$( date +'[%Y/%m/%d %H:%M:%S]') Valkey is alive"
exit 0

28
resources/node/files/scripts/ping-sentinel.sh Normal file
View File

@ -0,0 +1,28 @@
#!/bin/sh
ping_sentinel() {
resp=$(timeout -s 15 $1 \
valkey-cli \
-h localhost \
-p $VALKEY_SENTINEL_PORT \
ping)
ret=${?}
echo $resp
return ${ret}
}
response=$(ping_sentinel 5)
if [ "${?}" -eq 124 ]; then
echo "Sentinel ping timed out"
exit 124
fi
if [ "${response}" != "PONG" ];
then
echo "Sentinel is not responding"
exit 1
fi
echo "$( date +'[%Y/%m/%d %H:%M:%S]') Sentinel is responding"
exit 0

0
resources/node/files/scripts/pre-start-sentinel.sh Normal file
View File

50
resources/node/files/scripts/pre-stop.sh Normal file
View File

@ -0,0 +1,50 @@
#!/bin/bash
# Run Valkey command
vcli() {
valkey_cli -h 127.0.0.1 -P "${VALKEY_PORT}" "$@"
return $?
}
# Run Sentinel command
vscli() {
valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_PORT" sentinel "$@"
return $?
}
sentinelFailOverFinished() {
# Check if the failover is finished
local failoverStatus
primaryInfo=$(vscli get-primary-by-name "mymaster")
primaryHost=${primaryInfo[0]}
fullPrimaryHostname="${primaryHost}.${HEADLESS_SERVICE}"
[[ "${fullPrimaryHostname}" == "${HOSTNAME}}" ]]
}
if [ "${VALKEY_ROLE}" = "replication"]; then
echo "Stopping replication"
ROLE=$(vcli role | head 1)
if [ "${ROLE}" = "master" ]; then
#Pausing write connections to avoid data loss"
vcli CLIENT PAUSE "22000"
echo "Failover in progress"
vscli failover "mymaster"
i=0
while true; do
sentinelFailOverFinished
if [ $? -eq 0 ]; then
echo "Failover finished"
break
fi
sleep 1
i=$((i + 1))
if [ $i -gt 60 ]; then
echo "Failover timed out"
exit 1
fi
done
else
exit 0
fi
fi

26
resources/node/files/scripts/readiness-local.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
ping_valkey() {
resp=$(timeout -s 15 $1 \
valkey-cli \
-h localhost \
-p $VALKEY_PORT \
ping)
ret=${?}
echo $resp
return ${ret}
}
response=$(ping_valkey 5)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
if [ "$response" != "PONG" ]; then
echo "Valey is not ready [${response}]"
exit 1
fi
echo "$( date +'[%Y/%m/%d %H:%M:%S]') Valkey is ready"
exit 0

30
resources/node/kustomization.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources/sa.yaml
- resources/statefulset.yaml
configMapGenerator:
- name: valkey-env
literals:
- NAMESPACE="default"
- VALKEY_ENV="base"
- VALKEY_REPLICAS="4"
- VALKEY_PORT="6379"
- VALKEY_SENTINEL_PORT="26379"
- ALLOW_EMPTY_PASSWORD="yes"
- VALKEY_TLS_ENABLED="no"
- VALKEY_SENTINEL_TLS_ENABLED="no"
- VALKEY_DATA_DIR="/data"
- name: valkey-config
files:
- files/conf/replication.conf.tpl
- files/conf/sentinel.conf.tpl
- name: valkey-scripts
files:
- files/scripts/pre-stop.sh
- files/scripts/pre-start-sentinel.sh
- files/scripts/ping-sentinel.sh
- files/scripts/liveness-local.sh
- files/scripts/readiness-local.sh

10
resources/node/resources/sa.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: valkey
app.kubernetes.io/part-of: valkey
app.kubernetes.io/version: 8.1.1
name: valkey

311
resources/node/resources/statefulset.yaml Normal file
View File

@ -0,0 +1,311 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: valkey
app.kubernetes.io/part-of: valkey
app.kubernetes.io/version: 8.1.1
name: valkey-node
spec:
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
podManagementPolicy: OrderedReady
replicas: 4
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
serviceName: valkey-headless
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: valkey
app.kubernetes.io/version: 8.1.1
helm.sh/chart: valkey-3.0.7
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
topologyKey: kubernetes.io/hostname
weight: 1
automountServiceAccountToken: false
initContainers:
- name: copy-config-templates
image: reg.cadoles.com/dh/library/busybox:1.37.0-musl
command:
- /bin/cp
args:
- -R
- /templates
- /tmp/
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /templates/replication.conf
name: valkey-config
subPath: replication.conf.tpl
- mountPath: /templates/sentinel.conf
name: valkey-config
subPath: sentinel.conf.tpl
- mountPath: /tmp/
name: tmp
- name: generate-config
image: reg.cadoles.com/cadoles/gotemplate:0.0.5-dev
imagePullPolicy: IfNotPresent
args:
- --source
- /tmp/templates
- --target
- /etc/valkey/
- --no-overwrite
- replication.conf
- sentinel.conf
envFrom:
- configMapRef:
name: valkey-env
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /etc/valkey/
name: valkey-etc
- mountPath: /tmp/
name: tmp
containers:
- name: valkey
image: reg.cadoles.com/dh/valkey/valkey:8.1.1-alpine3.21
command:
- valkey-server
args:
- /etc/valkey/replication.conf
imagePullPolicy: IfNotPresent
env:
- name: VALKEY_ROLE
value: "replication"
lifecycle:
preStop:
exec:
command:
- /bin/bash
- -c
- /opt/scripts/pre-stop.sh
livenessProbe:
exec:
command:
- sh
- -c
- /opt/scripts/liveness-local.sh 5
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
ports:
- containerPort: 6379
name: valkey
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- /opt/scripts/readiness-local.sh 1
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 150m
memory: 192Mi
ephemeral-storage: 2Gi
requests:
cpu: 100m
memory: 128Mi
ephemeral-storage: 50Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
startupProbe:
exec:
command:
- sh
- -c
- /opt/scripts/liveness-local.sh 5
failureThreshold: 22
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/valkey/
name: valkey-etc
- mountPath: /opt/scripts
name: valkey-scripts
- name: sentinel
image: reg.cadoles.com/dh/valkey/valkey:8.1.1-alpine3.21
imagePullPolicy: IfNotPresent
command:
args:
- --sentienel
- /etc/valkey/sentinel.conf
env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: VALKEY_SENTINEL_TLS_ENABLED
value: "no"
- name: VALKEY_SENTINEL_PORT
value: "26379"
# lifecycle:
# preStop:
# exec:
# command:
# - /bin/bash
# - -c
# - /opt/scripts/pre-stop-sentinel.sh
livenessProbe:
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh 5
failureThreshold: 6
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
ports:
- containerPort: 26379
name: valkey-sentinel
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh 1
failureThreshold: 6
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
startupProbe:
exec:
command:
- sh
- -c
- /opt/scripts/ping-sentinel.sh 5
failureThreshold: 22
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/scripts
name: valkey-scripts
- mountPath: /etc/valkey/
name: valkey-etc
dnsPolicy: ClusterFirst
enableServiceLinks: true
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
serviceAccount: valkey
serviceAccountName: valkey
terminationGracePeriodSeconds: 30
volumes:
- name: valkey-scripts
configMap:
defaultMode: 493
name: valkey-scripts
- name: valkey-config
configMap:
defaultMode: 420
name: valkey-config
- emptyDir: {}
name: valkey-etc
- emptyDir: {}
name: tmp
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
name: valkey-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
volumeMode: Filesystem
status:
phase: Pending

12
resources/svc.yaml
View File

@ -1,12 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: varnish
spec:
selector:
app: varnish
ports:
- name: varnish-http
protocol: TCP
port: 8080
targetPort: 8080