-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/redis] PreStop Hook to Initiate Failover for Sentinel on PodTermination #5528
[bitnami/redis] PreStop Hook to Initiate Failover for Sentinel on PodTermination #5528
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much for this great contribution! @miguelaeh @rafariossaa could you please take a look too?
Co-authored-by: Juan Ariza Toledano <[email protected]>
fi | ||
|
||
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then | ||
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" | |
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
Also, using -a
will show a warning becuase of using the password in the command, it would be better to set it with the env var REDISCLI_AUTH
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there an example? The other scripts in the ConfigMap works exactly the same way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The command itelf is correct, but there could be issues with variables expansions, that's why they should be in the way ${XXX}
not $XXX
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then | ||
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" | ||
else | ||
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" | |
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR!
Please take a look at the comments
Thanks for the PR! |
Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
It seems you forgot to implement two of the suggestions, I have unresolved them, could you take a look?
Also, I just notice the Redis service is using template
instead of include
, added a comment below.
Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @0x46616c6b ,
Please check the comments again, you changed two lines that were correct.
There is a difference between "$VARIABLE" note the there are not {}
and "substring${VARIABLE}substring2" note the {}
Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @0x46616c6b,
Sorry to be picky with this, I think those are the last needed changes. I tried to edit the files myself but I don't have permissions to do it. Did you allow the file editing by maintainers?
Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>
Thanks for the good review and your patience. Yes, you can edit the PR or need you some permissions from me? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for addressing the changes!
LGTM!
About the changes, I can't edit the files on this PR, please rebase master to able to merge it
…Termination (bitnami#5528) * add prestop hook for redis sentinel to failover the master * Update bitnami/redis/templates/configmap-scripts.yaml Co-authored-by: Juan Ariza Toledano <[email protected]> * fix indentation * remove duplicated line * Apply suggestions from code review Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]> * Update bitnami/redis/templates/configmap-scripts.yaml Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]> * Apply suggestions from code review Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]> Co-authored-by: Juan Ariza Toledano <[email protected]> Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then | ||
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel failover mymaster | ||
else | ||
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} sentinel failover mymaster |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this use the configured {{ .Values.sentinel.masterSet }}
instead of hard-coding mymaster
?
Hi guys, thank you for noticing this issue and opening a PR to fix it! We are taking care of it. |
This improves on bitnami#5528 by checking and waiting until the failover is finished on both the redis and the sentinel container. This completely eliminates momentary service interruption during rollouts. As we cannot guarantee the failover will be successful the wait time is capped by the termination grace period - 10s.
…rruption (#6080) * Wait until failover finishes during master pod shutdown This improves on #5528 by checking and waiting until the failover is finished on both the redis and the sentinel container. This completely eliminates momentary service interruption during rollouts. As we cannot guarantee the failover will be successful the wait time is capped by the termination grace period - 10s. * Separate terminationGracePeriod setings for each pod type * make the use of REDISCLI_AUTH clear * [bitnami/redis] Update components versions Signed-off-by: Bitnami Containers <[email protected]> Co-authored-by: Bitnami Containers <[email protected]>
Description of the change
We have encountered problems with Redis Sentinel and Rolling Upgrades. In this case, the Master Election takes several minutes, which ensures that the service does not work correctly during that time.
Therefore, we implemented a
PreStop
hook that checks if the pod is the master and initiates a failover.Benefits
Possible drawbacks
Applicable issues
#5418
#5400
Checklist
Chart.yaml
according to semver.[bitnami/chart]
)