From 27d6db687e5961e1daff8bcbfef24c79a03432eb Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Wed, 8 Oct 2025 13:56:11 +0200 Subject: [PATCH 1/7] Add support for Redis Sentinel --- zammad/ci/full-values.yaml | 6 ++++ zammad/templates/_helpers.tpl | 52 +++++++++++++++++++++++++++++++---- zammad/templates/secrets.yaml | 17 ++++++++++++ zammad/values.yaml | 22 ++++++++++++--- 4 files changed, 88 insertions(+), 9 deletions(-) diff --git a/zammad/ci/full-values.yaml b/zammad/ci/full-values.yaml index 66310765..2ed70457 100755 --- a/zammad/ci/full-values.yaml +++ b/zammad/ci/full-values.yaml @@ -34,6 +34,9 @@ redis: auth: existingSecret: redis-existing-secret existingSecretPasswordKey: redis-password + sentinel: + enabled: true + architecture: replication zammadConfig: storageVolume: @@ -60,6 +63,9 @@ zammadConfig: my-railsserver-pod-label: my-railsserver-pod-label-value podAnnotations: my-railsserver-pod-annotation: my-railsserver-pod-annotation-value + redis: + sentinel: + enabled: true scheduler: podLabels: my-scheduler-pod-label: my-scheduler-pod-label-value diff --git a/zammad/templates/_helpers.tpl b/zammad/templates/_helpers.tpl index 16fa3ba2..01932aad 100755 --- a/zammad/templates/_helpers.tpl +++ b/zammad/templates/_helpers.tpl @@ -138,6 +138,17 @@ redis secret name {{- end -}} {{- end -}} +{{/* +redis sentinel secret name +*/}} +{{- define "zammad.redisSentinelSecretName" -}} +{{- if .Values.secrets.redis.sentinel.useExisting -}} +{{ .Values.secrets.redis.sentinel.secretName }} +{{- else -}} +{{ include "zammad.fullname" . }}-{{ .Values.secrets.redis.sentinel.secretName }} +{{- end -}} +{{- end -}} + {{/* S3 access URL */}} @@ -176,22 +187,53 @@ S3 access URL {{- end -}} {{/* -environment variables for the Zammad Rails stack +Redis Variables */}} -{{- define "zammad.env" -}} -{{- if or .Values.zammadConfig.redis.pass .Values.secrets.redis.useExisting -}} +{{- define "zammad.env.redisVariables" -}} +{{- if .Values.zammadConfig.redis.sentinel.username }} +- name: REDIS_USERNAME + value: "{{ .Values.zammadConfig.redis.username }}" +{{- end }} +{{- if or .Values.zammadConfig.redis.pass .Values.secrets.redis.useExisting }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: {{ include "zammad.redisSecretName" . }} key: {{ .Values.secrets.redis.secretKey }} {{- end }} +# sentinel +{{- if .Values.zammadConfig.redis.sentinel.enabled }} +- name: REDIS_SENTINELS + value: "{{ join "," .Values.zammadConfig.redis.sentinel.sentinels }}" +- name: REDIS_SENTINEL_NAME + value: "{{ .Values.zammadConfig.redis.sentinel.masterName | default "mymaster" }}" +{{- if .Values.zammadConfig.redis.sentinel.username }} +- name: REDIS_SENTINEL_USERNAME + value: "{{ .Values.zammadConfig.redis.sentinel.username }}" +{{- end }} +{{- if or .Values.zammadConfig.redis.sentinel.pass .Values.secrets.redis.useExisting }} +- name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "zammad.redisSentinelSecretName" . }} + key: {{ .Values.secrets.redis.sentinel.secretKey }} +{{- end }} +{{- else }} +# standalone +- name: REDIS_URL + value: "redis://$(REDIS_USERNAME):$(REDIS_PASSWORD)@{{ if .Values.zammadConfig.redis.enabled }}{{ .Release.Name }}-redis-master{{ else }}{{ .Values.zammadConfig.redis.host }}{{ end }}:{{ .Values.zammadConfig.redis.port }}" +{{- end }} +{{- end }} + +{{/* +environment variables for the Zammad Rails stack +*/}} +{{- define "zammad.env" -}} +{{ include "zammad.env.redisVariables" . }} - name: MEMCACHE_SERVERS value: "{{ if .Values.zammadConfig.memcached.enabled }}{{ .Release.Name }}-memcached{{ else }}{{ .Values.zammadConfig.memcached.host }}{{ end }}:{{ .Values.zammadConfig.memcached.port }}" - name: RAILS_TRUSTED_PROXIES value: "{{ .Values.zammadConfig.railsserver.trustedProxies }}" -- name: REDIS_URL - value: "redis://:$(REDIS_PASSWORD)@{{ if .Values.zammadConfig.redis.enabled }}{{ .Release.Name }}-redis-master{{ else }}{{ .Values.zammadConfig.redis.host }}{{ end }}:{{ .Values.zammadConfig.redis.port }}" - name: POSTGRESQL_PASS valueFrom: secretKeyRef: diff --git a/zammad/templates/secrets.yaml b/zammad/templates/secrets.yaml index 0e472330..c707684e 100644 --- a/zammad/templates/secrets.yaml +++ b/zammad/templates/secrets.yaml @@ -53,3 +53,20 @@ type: Opaque data: {{ .Values.secrets.redis.secretKey }}: {{ .Values.zammadConfig.redis.pass | b64enc | quote }} {{ end }} + +{{ if and .Values.zammadConfig.redis.sentinel.enabled }} +{{ if and .Values.zammadConfig.redis.sentinel.pass (not .Values.secrets.redis.sentinel.useExisting) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "zammad.redisSentinelSecretName" . }} + labels: + {{- include "zammad.labels" . | nindent 4 }} + annotations: + {{- include "zammad.annotations" . | nindent 4 }} +type: Opaque +data: + {{ .Values.secrets.redis.sentinel.secretKey }}: {{ .Values.zammadConfig.redis.sentinel.pass | b64enc | quote }} +{{ end }} +{{ end }} diff --git a/zammad/values.yaml b/zammad/values.yaml index dfa8e106..ec2bddde 100755 --- a/zammad/values.yaml +++ b/zammad/values.yaml @@ -53,6 +53,10 @@ secrets: useExisting: false secretKey: redis-password secretName: redis-pass + sentinel: + useExisting: false + secretKey: redis-sentinel-password + secretName: redis-sentinel-pass s3: useExisting: false secretKey: s3-url @@ -271,8 +275,17 @@ zammadConfig: host: "zammad-redis-master" # needs to be the same as the redis.auth.password pass: zammad + username: # leave empty if no username is required port: 6379 + sentinel: + enabled: false # set to true to enable Redis Sentinel + sentinels: + - zammad-redis + masterName: mymaster + pass: zammad + username: # leave empty if no username is required + scheduler: resources: {} # requests: @@ -809,20 +822,21 @@ redis: metrics: image: repository: bitnamilegacy/redis-exporter - sentinel: - image: - repository: bitnamilegacy/redis-sentinel kubectl: image: repository: bitnamilegacy/kubectl sysctl: image: repository: bitnamilegacy/os-shell + sentinel: + image: + repository: bitnamilegacy/redis-sentinel + enabled: false # set to true to enable Redis Sentinel global: security: allowInsecureImages: true - architecture: standalone + architecture: standalone # set to 'replication' to use Redis Sentinel auth: password: zammad # To avoid passwords in your values.yaml, you can comment out the line above From 0c20d0b92c01ba1d8ec9fb16261e31d2460e46e3 Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Wed, 8 Oct 2025 13:57:52 +0200 Subject: [PATCH 2/7] Bump chart version --- zammad/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zammad/Chart.yaml b/zammad/Chart.yaml index 35f6370f..b371b288 100755 --- a/zammad/Chart.yaml +++ b/zammad/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: zammad -version: 15.4.1 +version: 15.5.0 appVersion: 6.5.2-43 description: Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails. home: https://zammad.org From 8e80ce68a29723443b74c1e1176a94ccc33614a2 Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Wed, 8 Oct 2025 14:29:33 +0200 Subject: [PATCH 3/7] Prettify YAML syntax --- zammad/values.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/zammad/values.yaml b/zammad/values.yaml index ec2bddde..0eeccf4b 100755 --- a/zammad/values.yaml +++ b/zammad/values.yaml @@ -275,7 +275,8 @@ zammadConfig: host: "zammad-redis-master" # needs to be the same as the redis.auth.password pass: zammad - username: # leave empty if no username is required + # leave empty if no username is required + username: port: 6379 sentinel: @@ -284,7 +285,8 @@ zammadConfig: - zammad-redis masterName: mymaster pass: zammad - username: # leave empty if no username is required + # leave empty if no username is required + username: scheduler: resources: {} @@ -831,7 +833,8 @@ redis: sentinel: image: repository: bitnamilegacy/redis-sentinel - enabled: false # set to true to enable Redis Sentinel + # set to true to enable Redis Sentinel + enabled: false global: security: allowInsecureImages: true From 6109823edfe645f315009d98540596e2221a9e7c Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Wed, 8 Oct 2025 15:23:14 +0200 Subject: [PATCH 4/7] Switch to develop for testing purposes --- zammad/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zammad/Chart.yaml b/zammad/Chart.yaml index b371b288..8c730d69 100755 --- a/zammad/Chart.yaml +++ b/zammad/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: zammad version: 15.5.0 -appVersion: 6.5.2-43 +appVersion: develop description: Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails. home: https://zammad.org icon: https://raw.githubusercontent.com/zammad/zammad-documentation/main/images/zammad_logo_600x520.png From 15a0717c0989ccd38d95230a1b9488e8bba63c91 Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Thu, 9 Oct 2025 08:34:50 +0200 Subject: [PATCH 5/7] Fix redis standalone username handling --- zammad/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zammad/templates/_helpers.tpl b/zammad/templates/_helpers.tpl index 01932aad..11ced120 100755 --- a/zammad/templates/_helpers.tpl +++ b/zammad/templates/_helpers.tpl @@ -221,7 +221,7 @@ Redis Variables {{- else }} # standalone - name: REDIS_URL - value: "redis://$(REDIS_USERNAME):$(REDIS_PASSWORD)@{{ if .Values.zammadConfig.redis.enabled }}{{ .Release.Name }}-redis-master{{ else }}{{ .Values.zammadConfig.redis.host }}{{ end }}:{{ .Values.zammadConfig.redis.port }}" + value: "redis://{{ if .Values.zammadConfig.redis.username }}$(REDIS_USERNAME){{ end }}:$(REDIS_PASSWORD)@{{ if .Values.zammadConfig.redis.enabled }}{{ .Release.Name }}-redis-master{{ else }}{{ .Values.zammadConfig.redis.host }}{{ end }}:{{ .Values.zammadConfig.redis.port }}" {{- end }} {{- end }} From c829a871ad0241dc687d1923584297591b8a8784 Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Thu, 9 Oct 2025 09:02:55 +0200 Subject: [PATCH 6/7] Fix handling of internal service name --- zammad/templates/_helpers.tpl | 6 +++++- zammad/values.yaml | 12 ++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/zammad/templates/_helpers.tpl b/zammad/templates/_helpers.tpl index 11ced120..ce093e5c 100755 --- a/zammad/templates/_helpers.tpl +++ b/zammad/templates/_helpers.tpl @@ -204,7 +204,11 @@ Redis Variables # sentinel {{- if .Values.zammadConfig.redis.sentinel.enabled }} - name: REDIS_SENTINELS +{{- if .Values.zammadConfig.redis.enabled }} + value: "{{ .Release.Name }}-redis" +{{- else }} value: "{{ join "," .Values.zammadConfig.redis.sentinel.sentinels }}" +{{- end }} - name: REDIS_SENTINEL_NAME value: "{{ .Values.zammadConfig.redis.sentinel.masterName | default "mymaster" }}" {{- if .Values.zammadConfig.redis.sentinel.username }} @@ -221,7 +225,7 @@ Redis Variables {{- else }} # standalone - name: REDIS_URL - value: "redis://{{ if .Values.zammadConfig.redis.username }}$(REDIS_USERNAME){{ end }}:$(REDIS_PASSWORD)@{{ if .Values.zammadConfig.redis.enabled }}{{ .Release.Name }}-redis-master{{ else }}{{ .Values.zammadConfig.redis.host }}{{ end }}:{{ .Values.zammadConfig.redis.port }}" + value: "redis://{{ .Values.zammadConfig.redis.username }}:$(REDIS_PASSWORD)@{{ if .Values.zammadConfig.redis.enabled }}{{ .Release.Name }}-redis-master{{ else }}{{ .Values.zammadConfig.redis.host }}{{ end }}:{{ .Values.zammadConfig.redis.port }}" {{- end }} {{- end }} diff --git a/zammad/values.yaml b/zammad/values.yaml index 0eeccf4b..74313643 100755 --- a/zammad/values.yaml +++ b/zammad/values.yaml @@ -272,21 +272,21 @@ zammadConfig: redis: # enable/disable redis chart dependency enabled: true - host: "zammad-redis-master" - # needs to be the same as the redis.auth.password - pass: zammad + host: zammad-redis-master + port: 6379 # leave empty if no username is required username: - port: 6379 + # needs to be the same as the redis.auth.password + pass: zammad sentinel: enabled: false # set to true to enable Redis Sentinel sentinels: - - zammad-redis + - zammad-redis:26379 masterName: mymaster - pass: zammad # leave empty if no username is required username: + pass: zammad scheduler: resources: {} From 2015335c356230541a56ea1aae7ab0be9f7fb8c2 Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Thu, 9 Oct 2025 11:33:43 +0200 Subject: [PATCH 7/7] Fix full test scenario --- zammad/ci/full-values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/zammad/ci/full-values.yaml b/zammad/ci/full-values.yaml index 2ed70457..db3ef2dc 100755 --- a/zammad/ci/full-values.yaml +++ b/zammad/ci/full-values.yaml @@ -15,6 +15,10 @@ secrets: useExisting: true secretKey: redis-password secretName: redis-existing-secret + sentinel: + useExisting: true + secretKey: redis-password + secretName: redis-existing-secret autoWizard: enabled: true @@ -30,6 +34,7 @@ minio: auth: existingSecret: minio-existing-secret +# Use existing Redis secrets and run in Redis Sentinel mode. redis: auth: existingSecret: redis-existing-secret