From d3cfaba274de71d0dde647469f09cdc76d11c2cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= <lukas@trkan.cz>
Date: Tue, 23 Sep 2025 10:48:40 +0200
Subject: [PATCH] feat(infrastructure): add redis sentinel cluster

---
 tofu/main.tf                        | 16 +++++--
 tofu/modules/argocd/main.tf         |  4 --
 tofu/modules/redis/main.tf          | 68 +++++++++++++++++++++++++++++
 tofu/modules/redis/redis-ui.yaml    | 14 ++++++
 tofu/modules/redis/replication.yaml | 28 ++++++++++++
 tofu/modules/redis/sentinel.yaml    | 22 ++++++++++
 tofu/modules/redis/variables.tf     |  5 +++
 7 files changed, 150 insertions(+), 7 deletions(-)
 create mode 100644 tofu/modules/redis/main.tf
 create mode 100644 tofu/modules/redis/redis-ui.yaml
 create mode 100644 tofu/modules/redis/replication.yaml
 create mode 100644 tofu/modules/redis/sentinel.yaml
 create mode 100644 tofu/modules/redis/variables.tf

diff --git a/tofu/main.tf b/tofu/main.tf
index 1edc241..bfaaac4 100644
--- a/tofu/main.tf
+++ b/tofu/main.tf
@@ -16,6 +16,10 @@ terraform {
       source  = "kbst/kustomization"
       version = "0.9.6"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.13.1"
+    }
   }
 }
 
@@ -80,7 +84,7 @@ module "database" {
   secondary_ip = var.metallb_secondary_ip
 
   phpmyadmin_enabled = var.phpmyadmin_enabled
-  cloudflare_domain = var.cloudflare_domain
+  cloudflare_domain  = var.cloudflare_domain
 }
 
 module "argocd" {
@@ -88,5 +92,11 @@ module "argocd" {
   depends_on = [module.storage, module.loadbalancer, module.cloudflare]
 
   argocd_admin_password = var.argocd_admin_password
-  cloudflare_domain    = var.cloudflare_domain
-}
\ No newline at end of file
+  cloudflare_domain     = var.cloudflare_domain
+}
+
+module "redis" {
+  source     = "${path.module}/modules/redis"
+  depends_on = [module.storage]
+  cloudflare_base_domain = var.cloudflare_domain
+}
diff --git a/tofu/modules/argocd/main.tf b/tofu/modules/argocd/main.tf
index 9a2dab5..2f45506 100644
--- a/tofu/modules/argocd/main.tf
+++ b/tofu/modules/argocd/main.tf
@@ -27,10 +27,6 @@ resource "helm_release" "argocd" {
   repository = "https://argoproj.github.io/argo-helm"
   chart      = "argo-cd"
   depends_on = [kubernetes_namespace.argocd]
-
-  set = [
-    { name = "configs.secret.argocdServerAdminPassword", value = bcrypt(var.argocd_admin_password) },
-  ]
 }
 
 resource "kubectl_manifest" "argocd-tunnel-bind" {
diff --git a/tofu/modules/redis/main.tf b/tofu/modules/redis/main.tf
new file mode 100644
index 0000000..0cf683b
--- /dev/null
+++ b/tofu/modules/redis/main.tf
@@ -0,0 +1,68 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = "1.19.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "3.0.2"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.38.0"
+    }
+    kustomization = {
+      source  = "kbst/kustomization"
+      version = "0.9.6"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.13.1"
+    }
+  }
+}
+
+resource "helm_release" "redis_operator" {
+  name             = "redis-operator"
+  repository       = "https://ot-container-kit.github.io/helm-charts/"
+  chart            = "redis-operator"
+  namespace        = "ot-operators"
+  create_namespace = true
+}
+
+resource "kubectl_manifest" "replication" {
+  yaml_body = templatefile("${path.module}/replication.yaml", {})
+  depends_on = [helm_release.redis_operator]
+}
+
+resource "kubectl_manifest" "sentinel" {
+  yaml_body = templatefile("${path.module}/sentinel.yaml", {})
+  depends_on = [kubectl_manifest.replication]
+}
+
+resource "helm_release" "redisinsight_gui" {
+  name             = "redisinsight-gui"
+  repository       = "https://mrnim94.github.io/redisinsight/"
+  chart            = "redisinsight"
+  namespace        = "ot-operators"
+  create_namespace = false
+  version          = "1.3.1"  # ověř verzi podle ArtifactHub / podle toho koho chceš použít
+
+  depends_on = [kubectl_manifest.sentinel]
+  # případně values
+  # values = [file("${path.module}/values-redisinsight.yaml")]
+
+  set = [{
+    #name = "persistence.storageClassName"
+    #value = "longhorn"
+    name = "persistence.enabled"
+    value = "false"
+  }]
+}
+
+resource "kubectl_manifest" "redis-ui" {
+  yaml_body = templatefile("${path.module}/redis-ui.yaml", {
+    base_domain = var.cloudflare_base_domain
+  })
+}
diff --git a/tofu/modules/redis/redis-ui.yaml b/tofu/modules/redis/redis-ui.yaml
new file mode 100644
index 0000000..15e2d18
--- /dev/null
+++ b/tofu/modules/redis/redis-ui.yaml
@@ -0,0 +1,14 @@
+apiVersion: networking.cfargotunnel.com/v1alpha1
+kind: TunnelBinding
+metadata:
+  name: argocd-tunnel-binding
+  namespace: ot-operators
+subjects:
+  - name: redis-gui
+    spec:
+      target: http://redisinsight-gui.ot-operators.svc.cluster.local:5540
+      fqdn: redis.${base_domain}
+      noTlsVerify: true
+tunnelRef:
+  kind: ClusterTunnel
+  name: cluster-tunnel
\ No newline at end of file
diff --git a/tofu/modules/redis/replication.yaml b/tofu/modules/redis/replication.yaml
new file mode 100644
index 0000000..f9548f4
--- /dev/null
+++ b/tofu/modules/redis/replication.yaml
@@ -0,0 +1,28 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name:  redis-replication
+  namespace: ot-operators
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v8.2.1
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 101m
+        memory: 128Mi
+      limits:
+        cpu: 101m
+        memory: 128Mi
+  storage:
+    volumeClaimTemplate:
+      spec:
+        storageClassName: longhorn
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 5Gi
diff --git a/tofu/modules/redis/sentinel.yaml b/tofu/modules/redis/sentinel.yaml
new file mode 100644
index 0000000..5ce69df
--- /dev/null
+++ b/tofu/modules/redis/sentinel.yaml
@@ -0,0 +1,22 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: redis-sentinel
+  namespace: ot-operators
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName : redis-replication
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v8.2.1
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 101m
+        memory: 128Mi
+      limits:
+        cpu: 101m
+        memory: 128Mi
\ No newline at end of file
diff --git a/tofu/modules/redis/variables.tf b/tofu/modules/redis/variables.tf
new file mode 100644
index 0000000..a203057
--- /dev/null
+++ b/tofu/modules/redis/variables.tf
@@ -0,0 +1,5 @@
+variable "cloudflare_base_domain" {
+  type        = string
+  description = "Base domain for Cloudflare DNS records"
+  nullable    = false
+}