redis 哨兵部署
redis 生产哨兵的测试
1、helm release的版本
helm repo add bitnami https://charts.bitnami.com/bitnami
helm pull bitnami/redis --version 18.2.2
sentinel-redis]# ls
redis redis-18.2.2.tgz
values.yaml 配置文件
注意配置文件的cm部分,先使用默认的configmap配置然后再单独修改cm,这样防止部署的时候第一次启动就报错。
这里把官方的注释和空行都过滤了,详细的配置可以参考官方的注释说明。
jgj-sentinel-redis]# grep -Ev '#|^$' redis/values.yaml
global:
imageRegistry: "swr.cn-south-1.myhuaweicloud.com/aaa"
imagePullSecrets: ["registry-huawei"]
storageClass: "csi-disk"
redis:
password: "AdVji0a"
kubeVersion: ""
nameOverride: ""
fullnameOverride: ""
commonLabels: {}
commonAnnotations: {}
secretAnnotations: {}
clusterDomain: cluster.local
extraDeploy: []
useHostnames: true
nameResolutionThreshold: 5
nameResolutionTimeout: 5
diagnosticMode:
enabled: false
command:
- sleep
args:
- infinity
image:
registry: swr.cn-south-1.myhuaweicloud.com/aaa
repository: redis
tag: 7.2.3-debian-11-r0
digest: ""
pullPolicy: IfNotPresent
pullSecrets: ["registry-huawei"]
debug: false
architecture: replication
auth:
enabled: true
sentinel: true
password: "AdVji0a"
existingSecret: ""
existingSecretPasswordKey: ""
usePasswordFiles: false
commonConfiguration: |-
appendonly no
save ""
existingConfigmap: ""
master:
count: 1
configuration: ""
disableCommands:
- FLUSHDB
- FLUSHALL
command: []
args: []
enableServiceLinks: true
preExecCmds: []
extraFlags: []
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
containerPorts:
redis: 6379
startupProbe:
enabled: false
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
livenessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
customStartupProbe: {}
customLivenessProbe: {}
customReadinessProbe: {}
resources:
limits: {cpu: 2, memory: 4G}
requests: {cpu: 1, memory: 4G}
podSecurityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
kind: StatefulSet
schedulerName: ""
updateStrategy:
type: RollingUpdate
minReadySeconds: 0
priorityClassName: ""
hostAliases: []
podLabels: {}
podAnnotations: {}
shareProcessNamespace: false
podAffinityPreset: ""
podAntiAffinityPreset: soft
nodeAffinityPreset:
type: ""
key: ""
values: []
affinity: {}
nodeSelector: {}
tolerations: []
topologySpreadConstraints: []
dnsPolicy: ""
dnsConfig: {}
lifecycleHooks: {}
extraVolumes: []
extraVolumeMounts: []
sidecars: []
initContainers: []
persistence:
enabled: true
medium: ""
sizeLimit: ""
path: /data
subPath: ""
subPathExpr: ""
storageClass: ""
accessModes:
- ReadWriteOnce
size: 2Gi
annotations: {}
labels: {}
selector: {}
dataSource: {}
existingClaim: ""
persistentVolumeClaimRetentionPolicy:
enabled: false
whenScaled: Retain
whenDeleted: Retain
service:
type: ClusterIP
ports:
redis: 6379
nodePorts:
redis: ""
externalTrafficPolicy: Cluster
extraPorts: []
internalTrafficPolicy: Cluster
clusterIP: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
externalIPs: []
annotations: {}
sessionAffinity: None
sessionAffinityConfig: {}
terminationGracePeriodSeconds: 30
serviceAccount:
create: false
name: ""
automountServiceAccountToken: true
annotations: {}
replica:
replicaCount: 3
configuration: ""
disableCommands:
- FLUSHDB
- FLUSHALL
command: []
args: []
enableServiceLinks: true
preExecCmds: []
extraFlags: []
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
externalMaster:
enabled: false
host: ""
port: 6379
containerPorts:
redis: 6379
startupProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 22
livenessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
customStartupProbe: {}
customLivenessProbe: {}
customReadinessProbe: {}
resources:
limits: {cpu: 2, memory: 2G}
requests: {cpu: 1, memory: 2G}
podSecurityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
schedulerName: ""
updateStrategy:
type: RollingUpdate
minReadySeconds: 0
priorityClassName: ""
podManagementPolicy: ""
hostAliases: []
podLabels: {}
podAnnotations: {}
shareProcessNamespace: false
podAffinityPreset: ""
podAntiAffinityPreset: soft
nodeAffinityPreset:
type: ""
key: ""
values: []
affinity: {}
nodeSelector: {}
tolerations: []
topologySpreadConstraints: []
dnsPolicy: ""
dnsConfig: {}
lifecycleHooks: {}
extraVolumes: []
extraVolumeMounts: []
sidecars: []
initContainers: []
persistence:
enabled: true
medium: ""
sizeLimit: ""
path: /data
subPath: ""
subPathExpr: ""
storageClass: ""
accessModes:
- ReadWriteOnce
size: 2Gi
annotations: {}
labels: {}
selector: {}
dataSource: {}
existingClaim: ""
persistentVolumeClaimRetentionPolicy:
enabled: false
whenScaled: Retain
whenDeleted: Retain
service:
type: ClusterIP
ports:
redis: 6379
nodePorts:
redis: ""
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
extraPorts: []
clusterIP: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
annotations: {}
sessionAffinity: None
sessionAffinityConfig: {}
terminationGracePeriodSeconds: 30
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 11
targetCPU: ""
targetMemory: ""
serviceAccount:
create: false
name: ""
automountServiceAccountToken: true
annotations: {}
sentinel:
enabled: true
image:
registry: docker.io
repository: redis-sentinel
tag: 7.2.3-debian-11-r0
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
debug: false
annotations: {}
masterSet: mymaster
quorum: 3
getMasterTimeout: 99
automateClusterRecovery: false
redisShutdownWaitFailover: true
downAfterMilliseconds: 60000
failoverTimeout: 180000
parallelSyncs: 1
configuration: ""
command: []
args: []
enableServiceLinks: true
preExecCmds: []
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
externalMaster:
enabled: false
host: ""
port: 6379
containerPorts:
sentinel: 26379
startupProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 22
livenessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 6
customStartupProbe: {}
customLivenessProbe: {}
customReadinessProbe: {}
persistence:
enabled: false
storageClass: ""
accessModes:
- ReadWriteOnce
size: 100Mi
annotations: {}
labels: {}
selector: {}
dataSource: {}
medium: ""
sizeLimit: ""
persistentVolumeClaimRetentionPolicy:
enabled: false
whenScaled: Retain
whenDeleted: Retain
resources:
limits: {cpu: 2, memory: 2G}
requests: {cpu: 1, memory: 2G}
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
lifecycleHooks: {}
extraVolumes: []
extraVolumeMounts: []
service:
type: ClusterIP
ports:
redis: 6379
sentinel: 26379
nodePorts:
redis: ""
sentinel: ""
externalTrafficPolicy: Cluster
extraPorts: []
clusterIP: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
annotations: {}
sessionAffinity: None
sessionAffinityConfig: {}
headless:
annotations: {}
terminationGracePeriodSeconds: 30
serviceBindings:
enabled: false
networkPolicy:
enabled: false
allowExternal: true
extraIngress: []
extraEgress: []
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
metrics:
allowExternal: true
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
podSecurityPolicy:
create: false
enabled: false
rbac:
create: false
rules: []
serviceAccount:
create: true
name: ""
automountServiceAccountToken: true
annotations: {}
pdb:
create: false
minAvailable: 1
maxUnavailable: ""
tls:
enabled: false
authClients: true
autoGenerated: false
existingSecret: ""
certificatesSecret: ""
certFilename: ""
certKeyFilename: ""
certCAFilename: ""
dhParamsFilename: ""
metrics:
enabled: false
image:
registry: docker.io
repository: bitnami/redis-exporter
tag: 1.55.0-debian-11-r0
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
startupProbe:
enabled: false
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
customStartupProbe: {}
customLivenessProbe: {}
customReadinessProbe: {}
command: []
redisTargetHost: "localhost"
extraArgs: {}
extraEnvVars: []
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
extraVolumes: []
extraVolumeMounts: []
resources:
limits: {}
requests: {}
podLabels: {}
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9121"
service:
type: ClusterIP
port: 9121
externalTrafficPolicy: Cluster
extraPorts: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
annotations: {}
clusterIP: ""
serviceMonitor:
enabled: false
namespace: ""
interval: 30s
scrapeTimeout: ""
relabellings: []
metricRelabelings: []
honorLabels: false
additionalLabels: {}
podTargetLabels: []
sampleLimit: false
targetLimit: false
podMonitor:
enabled: false
namespace: ""
interval: 30s
scrapeTimeout: ""
relabellings: []
metricRelabelings: []
honorLabels: false
additionalLabels: {}
podTargetLabels: []
sampleLimit: false
targetLimit: false
prometheusRule:
enabled: false
namespace: ""
additionalLabels: {}
rules: []
volumePermissions:
enabled: false
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r90
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
resources:
limits: {}
requests: {}
containerSecurityContext:
runAsUser: 0
sysctl:
enabled: false
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r90
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
command: []
mountHostSys: false
resources:
limits: {}
requests: {}
useExternalDNS:
enabled: false
suffix: ""
annotationKey: external-dns.alpha.kubernetes.io/
additionalAnnotations: {}
部署 redis
helm -n jian-butler install redis redis/
修改configmap
ckubectl -n jian-butler get cm redis-configuration -o yaml
apiVersion: v1
data:
master.conf: |-
dir /tmp
# User-supplied master configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
appendonly no
save ""
maxclients 65535
maxmemory 4G
slowlog-log-slower-than 10000
slowlog-max-len 128
timeout 10
tcp-keepalive 30
# End of master configuration
redis.conf: |-
appendonly no
save ""
dir /tmp
maxclients 65535
maxmemory 4G
slowlog-log-slower-than 10000
slowlog-max-len 128
timeout 10
tcp-keepalive 30
replica.conf: |-
dir /data
appendonly yes
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of replica configuration
sentinel.conf: |-
dir "/tmp"
port 26379
sentinel monitor mymaster redis-node-0.redis-headless.jian-butler.svc.cluster.local 6379 3
sentinel down-after-milliseconds mymaster 60000
sentinel failover-timeout mymaster 180000
sentinel parallel-syncs mymaster 1
# User-supplied sentinel configuration:
# End of sentinel configuration
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: redis
meta.helm.sh/release-namespace: jian-butler
labels:
app.kubernetes.io/instance: redis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.3
helm.sh/chart: redis-18.2.2
name: redis-configuration
namespace: jian-butler
查看修改之后的redis 哨兵状态。
jgj-sentinel-redis]# ckubectl -n jian-butler get pod
NAME READY STATUS RESTARTS AGE
redis-node-0 2/2 Running 0 15m
redis-node-1 2/2 Running 0 16m
redis-node-2 2/2 Running 0 16m
修改内核参数,优化配置
修改之后会重启redis的每个pod
initContainers:
- image: busybox
command:
- sh
- -c
- |
sysctl -w net.core.somaxconn=65535
sysctl -w fs.file-max=1048576
imagePullPolicy: Always
name: setsysctl
securityContext:
privileged: true