fix: do not create empty PVC when storage has only volumeMount

.github/workflows/ci.yaml

@@ -147,7 +147,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Execute dockerlinter
-        uses: hadolint/hadolint-action@v3.1.0
+        uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           ignore: DL3007,DL3018

.github/workflows/pr-semantics.yaml

@@ -68,6 +68,7 @@ jobs:
             replication
             sentinel
             cluster
+            metrics
           ignoreLabels: |
             bot
             ignore-semantic-pull-request

.github/workflows/publish-charts.yaml

@@ -22,7 +22,7 @@ jobs:
         with:
           version: v3.5.4
 
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: '3.9'
           check-latest: true

.github/workflows/stale.yaml

@@ -17,7 +17,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           ascending: true

CONTRIBUTING.md

@@ -14,7 +14,7 @@
 
 For development and testing of operator on local system, we need to set up a [Minikube](https://minikube.sigs.k8s.io/docs/start/) or local Kubernetes cluster.
 
-Minikube is a single node Kubernetes cluster that generally gets used for the development and testing on Kubernetes. For creating a Minkube cluster we need to simply run:
+Minikube is a single node Kubernetes cluster that generally gets used for the development and testing on Kubernetes. For creating a Minikube cluster we need to simply run:
 
 ```shell
 $ minikube start --vm-driver virtualbox

Makefile

@@ -291,3 +291,4 @@ GOBIN=$(LOCALBIN) go install $${package} ;\
 mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\
 }
 endef
+

README.md

@@ -34,7 +34,7 @@ This operator only supports versions of Redis `>=6`.
 ## Architecture
 
 <div align="center">
-    <img src="./static/redis-operator-architecture.png">
+    <img src="./static/updated-redis-operator-architecture-using-meshery.jpg">
 </div>
 
 ## Purpose

api/common/v1beta2/common_types.go

@@ -160,7 +160,7 @@ type RedisConfig struct {
 	AdditionalRedisConfig   *string  `json:"additionalRedisConfig,omitempty"`
 }
 
-// Storage is the inteface to add pvc and pv support in redis
+// Storage is the interface to add pvc and pv support in redis
 // +k8s:deepcopy-gen=true
 type Storage struct {
 	KeepAfterDelete     bool                         `json:"keepAfterDelete,omitempty"`
@@ -178,7 +178,7 @@ type AdditionalVolume struct {
 // TLS Configuration for redis instances
 // +k8s:deepcopy-gen=true
 type TLSConfig struct {
-	CaKeyFile   string `json:"ca,omitempty"`
+	CaCertFile  string `json:"ca,omitempty"`
 	CertKeyFile string `json:"cert,omitempty"`
 	KeyFile     string `json:"key,omitempty"`
 	// Reference to secret which contains the certificates
@@ -288,7 +288,8 @@ type ACLConfig struct {
 	Secret *corev1.SecretVolumeSource `json:"secret,omitempty"`
 	// PersistentVolumeClaim-based ACL configuration
 	// Specify the PVC name to mount ACL file from persistent storage
-	// The operator will automatically mount /etc/redis/user.acl from the PVC
+	// The operator mounts the PVC at /data/redis so Redis can read and update /data/redis/user.acl
+	// This feature requires the GenerateConfigInInitContainer feature gate to be enabled.
 	PersistentVolumeClaim *string `json:"persistentVolumeClaim,omitempty"`
 }
 

charts/redis-cluster/README.md

@@ -46,7 +46,7 @@ helm delete <my-release> --namespace <namespace>
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| TLS.ca | string | `"ca.key"` |  |
+| TLS.ca | string | `"ca.crt"` |  |
 | TLS.cert | string | `"tls.crt"` |  |
 | TLS.key | string | `"tls.key"` |  |
 | TLS.secret.secretName | string | `""` |  |
@@ -70,7 +70,7 @@ helm delete <my-release> --namespace <namespace>
 | priorityClassName | string | `""` |  |
 | redisCluster.clusterSize | int | `3` | Default number of replicas for both leader and follower when not explicitly set |
 | redisCluster.clusterVersion | string | `"v7"` |  |
-| redisCluster.enableMasterSlaveAntiAffinity | bool | `false` | Enable pod anti-affinity between leader and follower pods by adding the appropriate label.    Notice that this requires the operator to have its mutating webhook enabled,    otherwise it will only add an annotation to the RedisCluster CR.     Default is false. |
+| redisCluster.enableMasterSlaveAntiAffinity | bool | `false` | Enable pod anti-affinity between leader and follower pods by adding the appropriate label.    Notice that this requires the operator to have its mutating webhook enabled,    otherwise it will only add an annotation to the RedisCluster CR.    Default is false. |
 | redisCluster.follower.affinity | string | `nil` |  |
 | redisCluster.follower.livenessProbe | object | `{}` |  |
 | redisCluster.follower.nodeSelector | string | `nil` |  |
@@ -103,7 +103,7 @@ helm delete <my-release> --namespace <namespace>
 | redisCluster.name | string | `""` |  |
 | redisCluster.persistenceEnabled | bool | `true` |  |
 | redisCluster.persistentVolumeClaimRetentionPolicy | object | `{}` |  |
-| redisCluster.recreateStatefulSetOnUpdateInvalid | bool | `false` | Some fields of statefulset are immutable, such as volumeClaimTemplates.    When set to true, the operator will delete the statefulset and recreate it.     Default is false. |
+| redisCluster.recreateStatefulSetOnUpdateInvalid | bool | `false` | Some fields of statefulset are immutable, such as volumeClaimTemplates.    When set to true, the operator will delete the statefulset and recreate it.    Default is false. |
 | redisCluster.redisSecret.secretKey | string | `""` |  |
 | redisCluster.redisSecret.secretName | string | `""` |  |
 | redisCluster.resources | object | `{}` |  |

charts/redis-cluster/templates/follower-service.yaml

@@ -1,4 +1,5 @@
-{{- if and (gt (int .Values.redisCluster.follower.replicas) 0) (eq .Values.externalService.enabled true) }}
+{{- $followerReplicas := .Values.redisCluster.follower.replicas | default .Values.redisCluster.clusterSize }}
+{{- if and (gt (int $followerReplicas) 0) (eq .Values.externalService.enabled true) }}
 ---
 apiVersion: v1
 kind: Service

charts/redis-cluster/templates/follower-sm.yaml

@@ -1,4 +1,5 @@
-{{- if and (eq .Values.serviceMonitor.enabled true)  (gt (int .Values.redisCluster.follower.replicas) 0) }}
+{{- $followerReplicas := .Values.redisCluster.follower.replicas | default .Values.redisCluster.clusterSize }}
+{{- if and (eq .Values.serviceMonitor.enabled true) (eq .Values.redisExporter.enabled true) (gt (int $followerReplicas) 0) }}
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
@@ -19,6 +20,7 @@ spec:
   selector:
     matchLabels:
       app: {{ .Values.redisCluster.name | default .Release.Name }}-follower
+      app.kubernetes.io/component: metrics
       redis_setup_type: cluster
       role: follower
   endpoints:

charts/redis-cluster/templates/leader-service.yaml

@@ -1,4 +1,5 @@
-{{- if and (gt (int .Values.redisCluster.leader.replicas) 0) (eq .Values.externalService.enabled true) }}
+{{- $leaderReplicas := .Values.redisCluster.leader.replicas | default .Values.redisCluster.clusterSize }}
+{{- if and (gt (int $leaderReplicas) 0) (eq .Values.externalService.enabled true) }}
 ---
 apiVersion: v1
 kind: Service

charts/redis-cluster/templates/leader-sm.yaml

@@ -1,4 +1,5 @@
-{{- if and (eq .Values.serviceMonitor.enabled true) (gt (int .Values.redisCluster.leader.replicas) 0) }}
+{{- $leaderReplicas := .Values.redisCluster.leader.replicas | default .Values.redisCluster.clusterSize }}
+{{- if and (eq .Values.serviceMonitor.enabled true) (eq .Values.redisExporter.enabled true) (gt (int $leaderReplicas) 0) }}
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
@@ -19,6 +20,7 @@ spec:
   selector:
     matchLabels:
       app: {{ .Values.redisCluster.name | default .Release.Name }}-leader
+      app.kubernetes.io/component: metrics
       redis_setup_type: cluster
       role: leader
   endpoints:

charts/redis-cluster/templates/redis-cluster.yaml

@@ -16,14 +16,14 @@ spec:
   persistenceEnabled: {{ .Values.redisCluster.persistenceEnabled }}
   clusterVersion: {{ .Values.redisCluster.clusterVersion }}
   redisLeader: {{- include "redis.role" .Values.redisCluster.leader | nindent 4 }}
-    replicas: {{ .Values.redisCluster.leader.replicas }}
+    replicas: {{ .Values.redisCluster.leader.replicas | default .Values.redisCluster.clusterSize }}
     {{- if .Values.externalConfig.enabled }}
     redisConfig:
       additionalRedisConfig: "{{ .Values.redisCluster.name | default .Release.Name }}-ext-config"
     {{- end }}
 
   redisFollower: {{-  include "redis.role" .Values.redisCluster.follower | nindent 4 }}
-    replicas: {{ .Values.redisCluster.follower.replicas }}
+    replicas: {{ .Values.redisCluster.follower.replicas | default .Values.redisCluster.clusterSize }}
     {{- if .Values.externalConfig.enabled }}
     redisConfig:
       additionalRedisConfig: "{{ .Values.redisCluster.name | default .Release.Name }}-ext-config"

charts/redis-cluster/values.yaml

@@ -23,7 +23,7 @@ redisCluster:
     #   memory: 128Mi
   minReadySeconds: 0
   # -- Some fields of statefulset are immutable, such as volumeClaimTemplates.
-  #    When set to true, the operator will delete the statefulset and recreate it. 
+  #    When set to true, the operator will delete the statefulset and recreate it.
   #    Default is false.
   recreateStatefulSetOnUpdateInvalid: false
   # -- MaxMemoryPercentOfLimit is the percentage of the Redis container memory limit to be used as maxmemory.
@@ -35,7 +35,7 @@ redisCluster:
     # whenScaled: Retain
   # -- Enable pod anti-affinity between leader and follower pods by adding the appropriate label.
   #    Notice that this requires the operator to have its mutating webhook enabled,
-  #    otherwise it will only add an annotation to the RedisCluster CR. 
+  #    otherwise it will only add an annotation to the RedisCluster CR.
   #    Default is false.
   enableMasterSlaveAntiAffinity: false
   leader:
@@ -83,7 +83,7 @@ redisCluster:
       # successThreshold: 1
       # failureThreshold: 4
       # initialDelaySeconds: 15
-    
+
   follower:
     # -- Number of Redis follower (slave) nodes. If not set, uses clusterSize value
     replicas: 3
@@ -238,7 +238,7 @@ podSecurityContext:
 # serviceAccountName: redis-sa
 
 TLS:
-  ca: ca.key
+  ca: ca.crt
   cert: tls.crt
   key: tls.key
   secret:

charts/redis-operator/crds/crds.yaml

@@ -117,7 +117,8 @@ spec:
                     description: |-
                       PersistentVolumeClaim-based ACL configuration
                       Specify the PVC name to mount ACL file from persistent storage
-                      The operator will automatically mount /etc/redis/user.acl from the PVC
+                      The operator mounts the PVC at /data/redis so Redis can read and update /data/redis/user.acl
+                      This feature requires the GenerateConfigInInitContainer feature gate to be enabled.
                     type: string
                   secret:
                     description: |-
@@ -3219,7 +3220,7 @@ spec:
                   type: object
                 type: array
               storage:
-                description: Storage is the inteface to add pvc and pv support in
+                description: Storage is the interface to add pvc and pv support in
                   redis
                 properties:
                   keepAfterDelete:
@@ -5544,7 +5545,8 @@ spec:
                     description: |-
                       PersistentVolumeClaim-based ACL configuration
                       Specify the PVC name to mount ACL file from persistent storage
-                      The operator will automatically mount /etc/redis/user.acl from the PVC
+                      The operator mounts the PVC at /data/redis so Redis can read and update /data/redis/user.acl
+                      This feature requires the GenerateConfigInInitContainer feature gate to be enabled.
                     type: string
                   secret:
                     description: |-
@@ -13393,7 +13395,8 @@ spec:
                     description: |-
                       PersistentVolumeClaim-based ACL configuration
                       Specify the PVC name to mount ACL file from persistent storage
-                      The operator will automatically mount /etc/redis/user.acl from the PVC
+                      The operator mounts the PVC at /data/redis so Redis can read and update /data/redis/user.acl
+                      This feature requires the GenerateConfigInInitContainer feature gate to be enabled.
                     type: string
                   secret:
                     description: |-
@@ -16757,7 +16760,7 @@ spec:
                   type: object
                 type: array
               storage:
-                description: Storage is the inteface to add pvc and pv support in
+                description: Storage is the interface to add pvc and pv support in
                   redis
                 properties:
                   keepAfterDelete:

charts/redis-operator/templates/role.yaml

@@ -12,6 +12,7 @@ metadata:
     app.kubernetes.io/version : {{ .Chart.AppVersion }}
     app.kubernetes.io/component: role
     app.kubernetes.io/part-of : {{ .Release.Name }}
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
 - apiGroups:
   - redis.redis.opstreelabs.in
@@ -80,7 +81,7 @@ rules:
   - configmaps
   - events
   - persistentvolumeclaims
-  - namespace
+  - namespaces
   verbs:
   - create
   - delete

charts/redis-replication/README.md

@@ -44,7 +44,7 @@ helm delete <my-release> --namespace <namespace>
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| TLS.ca | string | `"ca.key"` |  |
+| TLS.ca | string | `"ca.crt"` |  |
 | TLS.cert | string | `"tls.crt"` |  |
 | TLS.key | string | `"tls.key"` |  |
 | TLS.secret.secretName | string | `""` |  |
@@ -96,6 +96,12 @@ helm delete <my-release> --namespace <namespace>
 | redisReplication.serviceType | string | `"ClusterIP"` |  |
 | redisReplication.tag | string | `"v7.0.15"` |  |
 | securityContext | object | `{}` |  |
+| sentinel | object | `{"announceHostnames":"no","downAfterMilliseconds":"5000","enabled":false,"failoverTimeout":"10000","ignoreAnnotations":[],"image":"quay.io/opstree/redis-sentinel","imagePullPolicy":"IfNotPresent","minReadySeconds":0,"parallelSyncs":"1","persistentVolumeClaimRetentionPolicy":{},"resolveHostnames":"no","resources":{},"size":3,"tag":"v7.0.15"}` | Sentinel configuration for automatic failover. When enabled, the operator creates a Sentinel StatefulSet alongside the replication pods. The operator queries Sentinel for the current master instead of forcing master-by-ordinal. |
+| sentinel.announceHostnames | string | `"no"` | Whether Sentinel announces hostnames instead of IPs to clients |
+| sentinel.downAfterMilliseconds | string | `"5000"` | Time in milliseconds before master is considered down |
+| sentinel.failoverTimeout | string | `"10000"` | Failover timeout in milliseconds |
+| sentinel.parallelSyncs | string | `"1"` | Number of replicas to reconfigure in parallel during failover |
+| sentinel.resolveHostnames | string | `"no"` | Use hostnames instead of IPs for Sentinel monitoring. WARNING: the operator does not pass RESOLVE_HOSTNAMES env var to sentinel pods, so setting this to "yes" will cause SENTINEL MONITOR to fail. Keep as "no". |
 | serviceAccountName | string | `""` |  |
 | serviceMonitor.enabled | bool | `false` |  |
 | serviceMonitor.extraLabels | object | `{}` | extraLabels are added to the servicemonitor when enabled set to true |

charts/redis-replication/templates/redis-replication.yaml

@@ -123,4 +123,39 @@ spec:
     minAvailable: {{ .Values.pdb.minAvailable }}
     maxUnavailable: {{ .Values.pdb.maxUnavailable }}
   {{- end }}
-
+  {{- if .Values.sentinel.enabled }}
+  sentinel:
+    image: "{{ .Values.sentinel.image }}:{{ .Values.sentinel.tag }}"
+    imagePullPolicy: "{{ .Values.sentinel.imagePullPolicy }}"
+    size: {{ .Values.sentinel.size }}
+    {{- if .Values.sentinel.resources }}
+    resources: {{ toYaml .Values.sentinel.resources | nindent 6 }}
+    {{- end }}
+    {{- if .Values.sentinel.ignoreAnnotations }}
+    ignoreAnnotations: {{ toYaml .Values.sentinel.ignoreAnnotations | nindent 6 }}
+    {{- end }}
+    {{- if .Values.sentinel.minReadySeconds }}
+    minReadySeconds: {{ .Values.sentinel.minReadySeconds }}
+    {{- end }}
+    {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy }}
+    persistentVolumeClaimRetentionPolicy: {{ toYaml .Values.sentinel.persistentVolumeClaimRetentionPolicy | nindent 6 }}
+    {{- end }}
+    {{- if .Values.sentinel.parallelSyncs }}
+    parallelSyncs: {{ .Values.sentinel.parallelSyncs | quote }}
+    {{- end }}
+    {{- if .Values.sentinel.failoverTimeout }}
+    failoverTimeout: {{ .Values.sentinel.failoverTimeout | quote }}
+    {{- end }}
+    {{- if .Values.sentinel.downAfterMilliseconds }}
+    downAfterMilliseconds: {{ .Values.sentinel.downAfterMilliseconds | quote }}
+    {{- end }}
+    {{- if .Values.sentinel.resolveHostnames }}
+    resolveHostnames: {{ .Values.sentinel.resolveHostnames | quote }}
+    {{- end }}
+    {{- if .Values.sentinel.announceHostnames }}
+    announceHostnames: {{ .Values.sentinel.announceHostnames | quote }}
+    {{- end }}
+    {{- if .Values.sentinel.additionalSentinelConfig }}
+    additionalSentinelConfig: {{ .Values.sentinel.additionalSentinelConfig | quote }}
+    {{- end }}
+  {{- end }}

charts/redis-replication/templates/servicemonitor.yaml

@@ -1,4 +1,4 @@
-{{- if eq .Values.serviceMonitor.enabled true }}
+{{- if and (eq .Values.serviceMonitor.enabled true) (eq .Values.redisExporter.enabled true) }}
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
@@ -19,6 +19,7 @@ spec:
   selector:
     matchLabels:
       app: {{ .Values.redisReplication.name | default .Release.Name }}
+      app.kubernetes.io/component: metrics
       redis_setup_type: replication
       role: replication
   endpoints: