bakery-ia/infrastructure/kubernetes/base/components/databases/redis.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: redis
    app.kubernetes.io/component: cache
    app.kubernetes.io/part-of: bakery-ia
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: redis
      app.kubernetes.io/component: cache
  template:
    metadata:
      labels:
        app.kubernetes.io/name: redis
        app.kubernetes.io/component: cache
    spec:
      securityContext:
        fsGroup: 999  # redis group
      initContainers:
      - name: fix-tls-permissions
        image: busybox:latest
        securityContext:
          runAsUser: 0
        command: ['sh', '-c']
        args:
        - |
          cp /tls-source/* /tls/
          chmod 600 /tls/redis-key.pem
          chmod 644 /tls/redis-cert.pem /tls/ca-cert.pem
          chown 999:999 /tls/*
          ls -la /tls/
        volumeMounts:
        - name: tls-certs-source
          mountPath: /tls-source
          readOnly: true
        - name: tls-certs-writable
          mountPath: /tls
      containers:
      - name: redis
        image: redis:7.4-alpine
        ports:
        - containerPort: 6379
          name: redis
        env:
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              name: redis-secrets
              key: REDIS_PASSWORD
        command:
        - redis-server
        - --appendonly
        - "yes"
        - --requirepass
        - $(REDIS_PASSWORD)
        - --maxmemory
        - "512mb"
        - --databases
        - "16"
        - --tls-port
        - "6379"
        - --port
        - "0"
        - --tls-cert-file
        - /tls/redis-cert.pem
        - --tls-key-file
        - /tls/redis-key.pem
        - --tls-ca-cert-file
        - /tls/ca-cert.pem
        - --tls-auth-clients
        - "no"
        volumeMounts:
        - name: redis-data
          mountPath: /data
        - name: tls-certs-writable
          mountPath: /tls
        resources:
          requests:
            memory: "256Mi"
            cpu: "100m"
          limits:
            memory: "512Mi"
            cpu: "500m"
        livenessProbe:
          exec:
            command:
            - redis-cli
            - --tls
            - --cert
            - /tls/redis-cert.pem
            - --key
            - /tls/redis-key.pem
            - --cacert
            - /tls/ca-cert.pem
            - -a
            - $(REDIS_PASSWORD)
            - ping
          initialDelaySeconds: 30
          timeoutSeconds: 5
          periodSeconds: 10
          failureThreshold: 3
        readinessProbe:
          exec:
            command:
            - redis-cli
            - --tls
            - --cert
            - /tls/redis-cert.pem
            - --key
            - /tls/redis-key.pem
            - --cacert
            - /tls/ca-cert.pem
            - -a
            - $(REDIS_PASSWORD)
            - ping
          initialDelaySeconds: 5
          timeoutSeconds: 1
          periodSeconds: 5
          failureThreshold: 3
      volumes:
      - name: redis-data
        persistentVolumeClaim:
          claimName: redis-pvc
      - name: tls-certs-source
        secret:
          secretName: redis-tls
      - name: tls-certs-writable
        emptyDir: {}

---
apiVersion: v1
kind: Service
metadata:
  name: redis-service
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: redis
    app.kubernetes.io/component: cache
spec:
  type: ClusterIP
  ports:
  - port: 6379
    targetPort: 6379
    protocol: TCP
    name: redis
  selector:
    app.kubernetes.io/name: redis
    app.kubernetes.io/component: cache

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: redis-pvc
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: redis
    app.kubernetes.io/component: cache
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: redis`
			`namespace: bakery-ia`
			`labels:`
			`app.kubernetes.io/name: redis`
			`app.kubernetes.io/component: cache`
			`app.kubernetes.io/part-of: bakery-ia`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app.kubernetes.io/name: redis`
			`app.kubernetes.io/component: cache`
			`template:`
			`metadata:`
			`labels:`
			`app.kubernetes.io/name: redis`
			`app.kubernetes.io/component: cache`
			`spec:`
Improve teh securty of teh DB 2025-10-19 19:22:37 +02:00			`securityContext:`
			`fsGroup: 999 # redis group`
			`initContainers:`
			`- name: fix-tls-permissions`
			`image: busybox:latest`
			`securityContext:`
			`runAsUser: 0`
			`command: ['sh', '-c']`
			`args:`
			`- \|`
			`cp /tls-source/* /tls/`
			`chmod 600 /tls/redis-key.pem`
			`chmod 644 /tls/redis-cert.pem /tls/ca-cert.pem`
			`chown 999:999 /tls/*`
			`ls -la /tls/`
			`volumeMounts:`
			`- name: tls-certs-source`
			`mountPath: /tls-source`
			`readOnly: true`
			`- name: tls-certs-writable`
			`mountPath: /tls`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`containers:`
			`- name: redis`
Update requirements and insfra versions 2025-10-17 23:09:40 +02:00			`image: redis:7.4-alpine`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`ports:`
			`- containerPort: 6379`
			`name: redis`
			`env:`
			`- name: REDIS_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: redis-secrets`
			`key: REDIS_PASSWORD`
			`command:`
			`- redis-server`
			`- --appendonly`
			`- "yes"`
			`- --requirepass`
			`- $(REDIS_PASSWORD)`
			`- --maxmemory`
			`- "512mb"`
			`- --databases`
			`- "16"`
Improve teh securty of teh DB 2025-10-19 19:22:37 +02:00			`- --tls-port`
			`- "6379"`
			`- --port`
			`- "0"`
			`- --tls-cert-file`
			`- /tls/redis-cert.pem`
			`- --tls-key-file`
			`- /tls/redis-key.pem`
			`- --tls-ca-cert-file`
			`- /tls/ca-cert.pem`
			`- --tls-auth-clients`
			`- "no"`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`volumeMounts:`
			`- name: redis-data`
			`mountPath: /data`
Improve teh securty of teh DB 2025-10-19 19:22:37 +02:00			`- name: tls-certs-writable`
			`mountPath: /tls`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`resources:`
			`requests:`
			`memory: "256Mi"`
			`cpu: "100m"`
			`limits:`
			`memory: "512Mi"`
			`cpu: "500m"`
			`livenessProbe:`
			`exec:`
			`command:`
			`- redis-cli`
Improve teh securty of teh DB 2025-10-19 19:22:37 +02:00			`- --tls`
			`- --cert`
			`- /tls/redis-cert.pem`
			`- --key`
			`- /tls/redis-key.pem`
			`- --cacert`
			`- /tls/ca-cert.pem`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`- -a`
			`- $(REDIS_PASSWORD)`
			`- ping`
			`initialDelaySeconds: 30`
			`timeoutSeconds: 5`
			`periodSeconds: 10`
			`failureThreshold: 3`
			`readinessProbe:`
			`exec:`
			`command:`
			`- redis-cli`
Improve teh securty of teh DB 2025-10-19 19:22:37 +02:00			`- --tls`
			`- --cert`
			`- /tls/redis-cert.pem`
			`- --key`
			`- /tls/redis-key.pem`
			`- --cacert`
			`- /tls/ca-cert.pem`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`- -a`
			`- $(REDIS_PASSWORD)`
			`- ping`
			`initialDelaySeconds: 5`
			`timeoutSeconds: 1`
			`periodSeconds: 5`
			`failureThreshold: 3`
			`volumes:`
			`- name: redis-data`
			`persistentVolumeClaim:`
			`claimName: redis-pvc`
Improve teh securty of teh DB 2025-10-19 19:22:37 +02:00			`- name: tls-certs-source`
			`secret:`
			`secretName: redis-tls`
			`- name: tls-certs-writable`
			`emptyDir: {}`
Add base kubernetes support 2025-09-27 11:18:13 +02:00
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: redis-service`
			`namespace: bakery-ia`
			`labels:`
			`app.kubernetes.io/name: redis`
			`app.kubernetes.io/component: cache`
			`spec:`
			`type: ClusterIP`
			`ports:`
			`- port: 6379`
			`targetPort: 6379`
			`protocol: TCP`
			`name: redis`
			`selector:`
			`app.kubernetes.io/name: redis`
			`app.kubernetes.io/component: cache`

			`---`
			`apiVersion: v1`
			`kind: PersistentVolumeClaim`
			`metadata:`
			`name: redis-pvc`
			`namespace: bakery-ia`
			`labels:`
			`app.kubernetes.io/name: redis`
			`app.kubernetes.io/component: cache`
			`spec:`
			`accessModes:`
			`- ReadWriteOnce`
			`resources:`
			`requests:`
			`storage: 1Gi`