Add Redis Sentinel support for Sidekiq high availability (#457)

* Initial plan * Add Redis Sentinel support for Sidekiq configuration Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Add documentation for Redis Sentinel configuration Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Improve Sentinel host parsing with better validation and error handling Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Add port validation to prevent invalid Sentinel configurations Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Linter * Add Sentinel authentication credentials to fix NOAUTH error - Add sentinel_username (defaults to "default") - Add sentinel_password (uses REDIS_PASSWORD) - Update documentation for sentinel auth configuration Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Add CHANGELOG.md for Helm chart documenting Redis Sentinel support Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Set REDIS_URL alongside in Sentinel mode also --------- Signed-off-by: Juan José Mata <juanjo.mata@gmail.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
2026-04-19 20:14:08 +00:00 · 2026-01-10 20:18:03 +01:00
parent dddc2182a4
commit a135866dbf
6 changed files with 137 additions and 4 deletions
--- a/charts/sure/CHANGELOG.md
+++ b/charts/sure/CHANGELOG.md
@@ -1,8 +1,15 @@
-### 0.0.0
+# Changelog
+
+All notable changes to the Sure Helm chart will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [0.0.0]

 - First (nightly/test) releases via <https://we-promise.github.io/sure/index.yaml>

-### 0.6.5
+### [0.6.5]

 - First version/release that aligns versions with monorepo
 - CNPG: render `Cluster.spec.backup` from `cnpg.cluster.backup`.
@@ -10,3 +17,19 @@
  - For snapshot backups, `backup.volumeSnapshot.className` is required (template fails early if missing).
  - Example-only keys like `backup.ttl` and `backup.volumeSnapshot.enabled` are stripped to avoid CRD warnings.
 - CNPG: render `Cluster.spec.plugins` from `cnpg.cluster.plugins` (enables barman-cloud plugin / WAL archiver configuration).
+
+## [0.6.7-alpha] - 2026-01-10
+
+### Added
+- **Redis Sentinel support for Sidekiq high availability**: Application now automatically detects and configures Sidekiq to use Redis Sentinel when `redisOperator.mode=sentinel` and `redisOperator.sentinel.enabled=true`
+  - New Helm template helpers (`sure.redisSentinelEnabled`, `sure.redisSentinelHosts`, `sure.redisSentinelMaster`) for Sentinel configuration detection
+  - Automatic injection of `REDIS_SENTINEL_HOSTS` and `REDIS_SENTINEL_MASTER` environment variables when Sentinel mode is enabled
+  - Sidekiq configuration supports Sentinel authentication with `sentinel_username` (defaults to "default") and `sentinel_password`
+  - Robust validation of Sentinel endpoints with port range checking (1-65535) and graceful fallback to direct Redis URL on invalid configuration
+  - Production-ready HA timeouts: 200ms connect, 1s read/write, 3 reconnection attempts
+  - Backward compatible with existing `REDIS_URL` deployments
+
+## Notes
+- Chart version and application version are kept in sync
+- Requires Kubernetes >= 1.25.0
+- When upgrading from pre-Sentinel configurations, existing deployments using `REDIS_URL` continue to work unchanged
--- a/charts/sure/README.md
+++ b/charts/sure/README.md
@@ -246,7 +246,11 @@ redisOperator:
        cpu: 100m
        memory: 256Mi
  managed:
-    enabled: true            # render a RedisSentinel CR
+    enabled: true            # render Redis CRs for in-cluster Redis
+  mode: sentinel             # enables RedisSentinel CR in addition to RedisReplication
+  sentinel:
+    enabled: true            # must be true when mode=sentinel
+    masterGroupName: mymaster
  name: ""                   # defaults to <fullname>-redis
  replicas: 3
  auth:
@@ -258,9 +262,14 @@ redisOperator:
 ```

 Notes:
+- When `redisOperator.mode=sentinel` and `redisOperator.sentinel.enabled=true`, the chart automatically configures Sidekiq to use Redis Sentinel for high availability.
+- The application receives `REDIS_SENTINEL_HOSTS` (comma-separated list of Sentinel endpoints) and `REDIS_SENTINEL_MASTER` (master group name) environment variables instead of `REDIS_URL`.
+- Sidekiq will connect to Sentinel nodes for automatic master discovery and failover support.
+- Both the Redis master and Sentinel nodes use the same password from `REDIS_PASSWORD` (via `redisOperator.auth.existingSecret`).
+- Sentinel authentication uses username "default" by default (configurable via `REDIS_SENTINEL_USERNAME`).
 - The operator master service is `<name>-redis-master.<ns>.svc.cluster.local:6379`.
 - The CR references your existing password secret via `kubernetesConfig.redisSecret { name, key }`.
- Provider precedence for auto-wiring is: explicit `rails.extraEnv.REDIS_URL` → `redisOperator.managed` → `redisSimple`.
+- Provider precedence for auto-wiring is: explicit `rails.extraEnv.REDIS_URL` → `redisOperator.managed` (with Sentinel if configured) → `redisSimple`.
 - Only one in-cluster Redis provider should be enabled at a time to avoid ambiguity.

 ### HA scheduling and topology spreading
--- a/charts/sure/templates/_env.tpl
+++ b/charts/sure/templates/_env.tpl
@@ -68,6 +68,13 @@ The helper always injects:
      key: {{ include "sure.redisPasswordKey" $ctx }}
 - name: REDIS_URL
  value: {{ $redis | quote }}
+{{- $sentinelHosts := include "sure.redisSentinelHosts" $ctx -}}
+{{- if $sentinelHosts }}
+- name: REDIS_SENTINEL_HOSTS
+  value: {{ $sentinelHosts | quote }}
+- name: REDIS_SENTINEL_MASTER
+  value: {{ include "sure.redisSentinelMaster" $ctx | quote }}
+{{- end }}
 {{- end }}
 {{- end }}
 {{- range $k, $v := $ctx.Values.rails.settings }}
--- a/charts/sure/templates/_helpers.tpl
+++ b/charts/sure/templates/_helpers.tpl
@@ -76,6 +76,38 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- end -}}

+{{/* Check if Redis Sentinel is enabled and configured */}}
+{{- define "sure.redisSentinelEnabled" -}}
+{{- if and .Values.redisOperator.managed.enabled .Values.redisOperator.sentinel.enabled (eq (.Values.redisOperator.mode | default "replication") "sentinel") -}}
+true
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Compute Redis Sentinel hosts (comma-separated list of host:port) */}}
+{{- define "sure.redisSentinelHosts" -}}
+{{- if eq (include "sure.redisSentinelEnabled" .) "true" -}}
+  {{- $name := .Values.redisOperator.name | default (printf "%s-redis" (include "sure.fullname" .)) -}}
+  {{- $replicas := .Values.redisOperator.replicas | default 3 -}}
+  {{- $port := .Values.redisOperator.probes.sentinel.port | default 26379 -}}
+  {{- $hosts := list -}}
+  {{- range $i := until (int $replicas) -}}
+    {{- $host := printf "%s-sentinel-%d.%s-sentinel-headless.%s.svc.cluster.local:%d" $name $i $name $.Release.Namespace (int $port) -}}
+    {{- $hosts = append $hosts $host -}}
+  {{- end -}}
+  {{- join "," $hosts -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Get Redis Sentinel master group name */}}
+{{- define "sure.redisSentinelMaster" -}}
+{{- if eq (include "sure.redisSentinelEnabled" .) "true" -}}
+  {{- .Values.redisOperator.sentinel.masterGroupName | default "mymaster" -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+

 {{/* Common secret name helpers to avoid complex inline conditionals in env blocks */}}
 {{- define "sure.appSecretName" -}}