From f75d4c4efd2a2d3149a593c385993c006b74dfab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geir=20Arne=20Waagb=C3=B8?= <79845894+geir-waagboe@users.noreply.github.com> Date: Mon, 18 Nov 2024 13:08:59 +0100 Subject: [PATCH] IS-2765: Bruke felles Aiven-cache (#544) --- .github/workflows/redis.yaml | 30 ------------------------------ .nais/naiserator-dev.yaml | 7 +++---- .nais/naiserator-prod.yaml | 7 +++---- .nais/redis/redis.yaml | 32 -------------------------------- .nais/redis/redisexporter.yaml | 34 ---------------------------------- README.md | 4 +--- server/config.ts | 10 ++++------ server/session.ts | 21 +++++++++++---------- 8 files changed, 22 insertions(+), 123 deletions(-) delete mode 100644 .github/workflows/redis.yaml delete mode 100644 .nais/redis/redis.yaml delete mode 100644 .nais/redis/redisexporter.yaml diff --git a/.github/workflows/redis.yaml b/.github/workflows/redis.yaml deleted file mode 100644 index 2319513a..00000000 --- a/.github/workflows/redis.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: redis - -on: - push: - branches: - - master - paths: - - '.github/workflows/redis.yaml' - - '.nais/redis/redis.yaml' - - '.nais/redis/redisexporter.yaml' - -jobs: - apply-redis-cache: - permissions: - id-token: write - name: Apply Redis instance for caching - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: deploy to dev - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: dev-gcp - RESOURCE: ".nais/redis/redis.yaml,.nais/redis/redisexporter.yaml" - - name: deploy to prod - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: prod-gcp - RESOURCE: ".nais/redis/redis.yaml,.nais/redis/redisexporter.yaml" diff --git a/.nais/naiserator-dev.yaml b/.nais/naiserator-dev.yaml index 82add4b3..94d73516 100644 --- a/.nais/naiserator-dev.yaml +++ b/.nais/naiserator-dev.yaml @@ -43,9 +43,11 @@ spec: claims: extra: - "NAVident" + redis: + - instance: cache + access: readwrite envFrom: - secret: syfooversikt-session-key - - secret: syfooversikt-redis-password - secret: syfooversikt-unleash-api-token accessPolicy: outbound: @@ -57,7 +59,6 @@ spec: - application: syfooversiktsrv - application: syfoperson - application: syfoveileder - - application: syfooversikt-redis - application: flexjar-backend namespace: flex - application: modiacontextholder @@ -72,8 +73,6 @@ spec: value: 'production' - name: AUTH_REDIRECT_URI value: "https://syfooversikt.intern.dev.nav.no/oauth2/callback" - - name: REDIS_HOST - value: "syfooversikt-redis" - name: EREG_HOST value: "https://ereg-services-q1.dev-fss-pub.nais.io" - name: SYFOOVERSIKTSRV_AAD_APP_CLIENT_ID diff --git a/.nais/naiserator-prod.yaml b/.nais/naiserator-prod.yaml index 4412da5c..72370f40 100644 --- a/.nais/naiserator-prod.yaml +++ b/.nais/naiserator-prod.yaml @@ -43,9 +43,11 @@ spec: claims: extra: - "NAVident" + redis: + - instance: cache + access: readwrite envFrom: - secret: syfooversikt-session-key - - secret: syfooversikt-redis-password - secret: syfooversikt-unleash-api-token accessPolicy: outbound: @@ -57,7 +59,6 @@ spec: - application: syfooversiktsrv - application: syfoperson - application: syfoveileder - - application: syfooversikt-redis - application: flexjar-backend namespace: flex - application: modiacontextholder @@ -71,8 +72,6 @@ spec: value: 'production' - name: AUTH_REDIRECT_URI value: "https://syfooversikt.intern.nav.no/oauth2/callback" - - name: REDIS_HOST - value: "syfooversikt-redis" - name: EREG_HOST value: "https://ereg-services.prod-fss-pub.nais.io" - name: SYFOOVERSIKTSRV_AAD_APP_CLIENT_ID diff --git a/.nais/redis/redis.yaml b/.nais/redis/redis.yaml deleted file mode 100644 index 37295324..00000000 --- a/.nais/redis/redis.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: "nais.io/v1alpha1" -kind: "Application" -metadata: - labels: - team: teamsykefravr - annotations: - "nais.io/run-as-group": "0" - "nais.io/read-only-file-system": "false" - namespace: teamsykefravr - name: syfooversikt-redis -spec: - image: bitnami/redis:6.0.12 - port: 6379 - replicas: - min: 1 - max: 1 - resources: - limits: - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - service: - port: 6379 - protocol: redis - accessPolicy: - inbound: - rules: - - application: syfooversikt - - application: syfooversikt-redisexporter - envFrom: - - secret: syfooversikt-redis-password diff --git a/.nais/redis/redisexporter.yaml b/.nais/redis/redisexporter.yaml deleted file mode 100644 index b4f2d214..00000000 --- a/.nais/redis/redisexporter.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: "nais.io/v1alpha1" -kind: "Application" -metadata: - labels: - team: teamsykefravr - name: syfooversikt-redisexporter - namespace: teamsykefravr -spec: - image: oliver006/redis_exporter:v1.20.0 - port: 9121 - prometheus: - enabled: true - replicas: - min: 1 - max: 1 - resources: - limits: - memory: 100Mi - requests: - cpu: 100m - memory: 100Mi - liveness: - path: /health - accessPolicy: # for GCP - outbound: - rules: - - application: syfooversikt-redis - env: - - name: REDIS_ADDR - value: syfooversikt-redis:6379 - - name: REDIS_EXPORTER_LOG_FORMAT - value: json - envFrom: - - secret: syfooversikt-redis-password diff --git a/README.md b/README.md index 8d23906b..c779aca4 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,4 @@ Se denne siden for [testdata](https://confluence.adeo.no/pages/viewpage.action?p ## Redis Cache -Brukes for å cache bruker-sessions. Nais-oppsettet ligger i `.nais/redis.yaml`. -Redis pod deployes automatisk ved endringer i workflow eller config i master, -men kan også deployes manuelt til NAIS ved å kjøre følgdende kommando: `kubectl apply -f .nais/redis.yaml`. +Bruker teamsykefravr sin felles Redis-cache på Aiven for å cache bruker-sessions. diff --git a/server/config.ts b/server/config.ts index 68ffca7f..ef692225 100644 --- a/server/config.ts +++ b/server/config.ts @@ -169,10 +169,8 @@ export const unleash: { serverApiUrl: string; serverApiToken: string } = { }; export const redis = { - host: envVar({ name: 'REDIS_HOST', defaultValue: '' }), - port: Number.parseInt(envVar({ name: 'REDIS_PORT', defaultValue: '6379' })), - password: envVar({ - name: 'REDIS_PASSWORD', - defaultValue: { dev: '', prod: '' }, - }), + uri: envVar({ name: 'REDIS_URI_CACHE', defaultValue: '' }), + username: envVar({ name: 'REDIS_USERNAME_CACHE', defaultValue: '' }), + password: envVar({ name: 'REDIS_PASSWORD_CACHE', defaultValue: '' }), + database: 20, }; diff --git a/server/session.ts b/server/session.ts index 2036db9c..4c9585d0 100644 --- a/server/session.ts +++ b/server/session.ts @@ -9,20 +9,21 @@ const SESSION_MAX_AGE_MILLIS = 12 * 60 * 60 * 1000; const SESSION_MAX_AGE_SECONDS = SESSION_MAX_AGE_MILLIS / 1000; -const getRedisStore = () => { - if (Config.isDev) return undefined; - - const RedisStore = connectRedis(session); - +const getRedisClient = () => { const redisClient = redis.createClient({ - host: Config.redis.host, - port: Config.redis.port, - password: Config.redis.password, + url: Config.redis.uri, + no_ready_check: true, }); - redisClient.unref(); + redisClient.auth(Config.redis.password, Config.redis.username); + redisClient.select(Config.redis.database); + return redisClient; +}; +const getRedisStore = () => { + if (Config.isDev) return undefined; + const RedisStore = connectRedis(session); return new RedisStore({ - client: redisClient, + client: getRedisClient(), ttl: SESSION_MAX_AGE_SECONDS, disableTouch: true, });