redaction (#1)

Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
--- a/manifests/infrastructure/redis/bitnami/redis.yaml
+++ b/manifests/infrastructure/redis/bitnami/redis.yaml
@@ -0,0 +1,203 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: redis
+  namespace: redis-system
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: redis
+      version: "20.13.4"
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: redis-system
+  
+  values:
+
+    redis:
+      envFrom:
+        - secretRef:
+            name: redis-credentials
+
+    # Use cluster domain for DNS resolution
+    clusterDomain: cluster.local
+    
+    # Global Redis configuration
+    global:
+      # Allow non-Bitnami images for redis/redis-exporter
+      security:
+        allowInsecureImages: true
+      redis:
+        # Use secret for password
+        existingSecret: redis-credentials
+        existingSecretPasswordKey: redis-password
+    
+    # Redis architecture: replication (primary-replica)
+    architecture: replication
+    
+    # Authentication configuration
+    auth:
+      enabled: true
+      # Password will be loaded from secret
+      existingSecret: redis-credentials
+      existingSecretPasswordKey: redis-password
+    
+    # Primary Redis configuration
+    master:
+      count: 1
+
+      podLabels:
+        app.kubernetes.io/name: redis
+        app.kubernetes.io/instance: redis
+        app.kubernetes.io/component: master
+      
+      # Use bitnamilegacy Redis image (includes Bash/Bitnami entrypoint scripts)
+      image:
+        registry: docker.io
+        repository: bitnamilegacy/redis
+
+      disableCommands: []
+      
+      # Node affinity to ensure primary runs on specific node
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: redis
+                  app.kubernetes.io/component: replica
+              topologyKey: kubernetes.io/hostname
+      
+      # Resource limits appropriate for your 16GB nodes
+      resources:
+        requests:
+          cpu: 500m
+          memory: 1Gi
+        limits:
+          cpu: 2000m
+          memory: 4Gi
+      
+      # Storage configuration
+      persistence:
+        enabled: true
+        storageClass: longhorn-redis
+        size: 20Gi
+        accessModes:
+        - ReadWriteOnce
+      
+      # Redis configuration optimized for your setup
+      configuration: |-
+        # Network and timeout settings optimized for 100Mbps VLAN
+        tcp-keepalive 60
+        timeout 300
+        
+        # Memory and persistence settings
+        maxmemory-policy allkeys-lru
+        save 900 1
+        save 300 10
+        save 60 10000
+        
+        # Replication settings optimized for async over slower network
+        repl-diskless-sync no
+        repl-diskless-sync-delay 5
+        repl-ping-replica-period 10
+        repl-timeout 60
+        
+        # Performance optimizations
+        tcp-backlog 511
+        databases 16
+      
+      # Allow scheduling on control plane nodes
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+        operator: Exists
+    
+    # Replica Redis configuration  
+    replica:
+      replicaCount: 0
+      
+      # Use bitnamilegacy Redis image (includes Bash/Bitnami entrypoint scripts)
+      image:
+        registry: docker.io
+        repository: bitnamilegacy/redis
+        tag: 8.2.1-debian-12-r0
+      
+      # Ensure replica runs on different node than primary
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app.kubernetes.io/name: redis
+                app.kubernetes.io/component: master
+            topologyKey: kubernetes.io/hostname
+      
+      # Resource limits for replica
+      resources:
+        requests:
+          cpu: 500m
+          memory: 1Gi
+        limits:
+          cpu: 2000m
+          memory: 4Gi
+      
+      # Storage configuration for replica
+      persistence:
+        enabled: true
+        storageClass: longhorn-redis
+        size: 20Gi
+        accessModes:
+        - ReadWriteOnce
+      
+      # Allow scheduling on control plane nodes
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+        operator: Exists
+    
+    # Metrics configuration for OpenObserve integration
+    metrics:
+      enabled: false
+      
+      # Redis exporter configuration - using bitnamilegacy image (compatible with chart scripts)
+      image:
+        registry: docker.io
+        repository: bitnamilegacy/redis-exporter
+        tag: 1.76.0-debian-12-r0
+      
+      # Resources for metrics exporter
+      resources:
+        requests:
+          cpu: 50m
+          memory: 64Mi
+        limits:
+          cpu: 200m
+          memory: 128Mi
+      
+      # ServiceMonitor for Prometheus/OpenObserve
+      serviceMonitor:
+        enabled: true
+        namespace: redis-system
+        interval: 30s
+        scrapeTimeout: 10s
+        labels:
+          app: redis
+        selector:
+          matchLabels:
+            app.kubernetes.io/name: redis
+            app.kubernetes.io/component: metrics
+    
+    # Network Policy (optional, can be enabled later)
+    networkPolicy:
+      enabled: false
+    
+    # Pod Disruption Budget for high availability
+    pdb:
+      create: true
+      minAvailable: 1