Source

Implementation

Provisioner Type

Resource Type

Flavor

Tool

redis

Provisions a dedicated Redis instance.

type: redis
expected_outputs:
  - host
  - port
  - username
  - password

provisioners.yaml (view on GitHub) :

- uri: template://default-provisioners/redis
  type: redis
  description: Provisions a dedicated Redis instance.
  init: |
    randomPassword: {{ randAlphaNum 16 | quote }}    
  state: |
    service: redis-{{ .SourceWorkload }}-{{ substr 0 8 .Guid | lower }}
    username: default
    password: {{ dig "password" .Init.randomPassword .State | quote }}    
  outputs: |
    host: {{ .State.service }}
    port: 6379
    username: {{ .State.username }}
    password: {{ encodeSecretRef .State.service "password" }}    
  manifests: |
    - apiVersion: v1
      kind: Secret
      metadata:
        name: {{ .State.service }}
        {{ if ne .Namespace "" }}
        namespace: {{ .Namespace }}
        {{ end }}
        annotations:
          k8s.score.dev/source-workload: {{ .SourceWorkload }}
          k8s.score.dev/resource-uid: {{ .Uid }}
          k8s.score.dev/resource-guid: {{ .Guid }}
        labels:
          app.kubernetes.io/managed-by: score-k8s
          app.kubernetes.io/name: {{ .State.service }}
          app.kubernetes.io/instance: {{ .State.service }}
      data:
        password: {{ .State.password | b64enc }}
        redis.conf: {{ printf "requirepass %s\nport 6379\nsave 60 1\nloglevel warning\n" .State.password | b64enc }}
    - apiVersion: apps/v1
      kind: StatefulSet
      metadata:
        name: {{ .State.service }}
        {{ if ne .Namespace "" }}
        namespace: {{ .Namespace }}
        {{ end }}
        annotations:
          k8s.score.dev/source-workload: {{ .SourceWorkload }}
          k8s.score.dev/resource-uid: {{ .Uid }}
          k8s.score.dev/resource-guid: {{ .Guid }}
        labels:
          app.kubernetes.io/managed-by: score-k8s
          app.kubernetes.io/name: {{ .State.service }}
          app.kubernetes.io/instance: {{ .State.service }}
      spec:
        replicas: 1
        serviceName: {{ .State.service }}
        selector:
          matchLabels:
            app.kubernetes.io/instance: {{ .State.service }}
        template:
          metadata:
            labels:
              app.kubernetes.io/managed-by: score-k8s
              app.kubernetes.io/name: {{ .State.service }}
              app.kubernetes.io/instance: {{ .State.service }}
            annotations:
              k8s.score.dev/source-workload: {{ .SourceWorkload }}
              k8s.score.dev/resource-uid: {{ .Uid }}
              k8s.score.dev/resource-guid: {{ .Guid }}
          spec:
            automountServiceAccountToken: false
            containers:
            - name: redis
              image: mirror.gcr.io/redis:7-alpine
              securityContext:
                allowPrivilegeEscalation: false
                capabilities:
                  drop:
                    - ALL
                privileged: false
                readOnlyRootFilesystem: true
              ports:
              - name: redis
                containerPort: 6379
              volumeMounts:
              - name: redis-data
                mountPath: /data
              - name: config
                mountPath: /usr/local/etc/redis
              readinessProbe:
                exec:
                  command:
                  - redis-cli
                  - ping
                periodSeconds: 3
            securityContext:
              fsGroup: 1000
              runAsGroup: 1000
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
            volumes:
            - name: config
              secret:
                secretName: {{ .State.service }}
                items:
                - key: redis.conf
                  path: redis.conf
        volumeClaimTemplates:
        - metadata:
            name: redis-data
            annotations:
              k8s.score.dev/source-workload: {{ .SourceWorkload }}
              k8s.score.dev/resource-uid: {{ .Uid }}
              k8s.score.dev/resource-guid: {{ .Guid }}
            labels:
              app.kubernetes.io/managed-by: score-k8s
              app.kubernetes.io/name: {{ .State.service }}
              app.kubernetes.io/instance: {{ .State.service }}
          spec:
            accessModes: ["ReadWriteOnce"]
            resources:
              requests:
                storage: 1Gi
    - apiVersion: v1
      kind: Service
      metadata:
        name: {{ .State.service }}
        {{ if ne .Namespace "" }}
        namespace: {{ .Namespace }}
        {{ end }}
        annotations:
          k8s.score.dev/source-workload: {{ .SourceWorkload }}
          k8s.score.dev/resource-uid: {{ .Uid }}
          k8s.score.dev/resource-guid: {{ .Guid }}
        labels:
          app.kubernetes.io/managed-by: score-k8s
          app.kubernetes.io/name: {{ .State.service }}
          app.kubernetes.io/instance: {{ .State.service }}
      spec:
        selector:
          app.kubernetes.io/instance: {{ .State.service }}
        type: ClusterIP
        ports:
        - port: 6379
          targetPort: 6379    
  expected_outputs:
    - host
    - port
    - username
    - password