From eddce0f971bada81ddbb708b4f67eeb9b5313536 Mon Sep 17 00:00:00 2001
From: ycz008 <yangchengzi@seethingx.com>
Date: Wed, 16 Aug 2023 11:55:28 +0800
Subject: [PATCH] add: redis-stack

---
 ... generated 2023-08-03, Mozilla Guidelin.pl | 38 ++++++++
 dev-upgrade/redis/redis-stack-dev.yaml        | 97 +++++++++++++++++++
 2 files changed, 135 insertions(+)
 create mode 100644 build-image/node/# generated 2023-08-03, Mozilla Guidelin.pl
 create mode 100644 dev-upgrade/redis/redis-stack-dev.yaml

diff --git a/build-image/node/# generated 2023-08-03, Mozilla Guidelin.pl b/build-image/node/# generated 2023-08-03, Mozilla Guidelin.pl
new file mode 100644
index 0000000..9402393
--- /dev/null
+++ b/build-image/node/# generated 2023-08-03, Mozilla Guidelin.pl	
@@ -0,0 +1,38 @@
+# generated 2023-08-03, Mozilla Guideline v5.7, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.7
+server {
+    listen 80 default_server;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_certificate ssl/api-chuiniu.seethingx.cn.pem;
+    ssl_certificate_key ssl/api-chuiniu.seethingx.cn.key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_tickets off;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    # OCSP stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # verify chain of trust of OCSP response using Root CA and Intermediate certs
+    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
+
+    # replace with the IP address of your resolver
+    resolver 127.0.0.1;
+}
\ No newline at end of file
diff --git a/dev-upgrade/redis/redis-stack-dev.yaml b/dev-upgrade/redis/redis-stack-dev.yaml
new file mode 100644
index 0000000..0d21efa
--- /dev/null
+++ b/dev-upgrade/redis/redis-stack-dev.yaml
@@ -0,0 +1,97 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: redis-stack-config
+  labels:
+    app: redis-stack
+data:
+  redis-stack.conf: |-
+    dir /srv
+    port 6379
+    bind 0.0.0.0
+    appendonly yes
+    daemonize no
+    requirepass beaconfire@123
+    pidfile /srv/redis-6379.pid
+    loadmodule /opt/redis-stack/lib/redisearch.so
+    loadmodule /opt/redis-stack/lib/redistimeseries.so
+    loadmodule /opt/redis-stack/lib/rejson.so
+    loadmodule /opt/redis-stack/lib/redisbloom.so
+    loadmodule /opt/redis-stack/lib/redisgears.so v8-plugin-path /opt/redis-stack/lib/libredisgears_v8_plugin.so
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+  labels:
+    app: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      initContainers:
+        - name: init
+          image: busybox
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/sh", "-c", "sysctl -w net.core.somaxconn=1024"]
+          securityContext:
+            privileged: true
+      containers:
+      - name: redis
+        image: redis/redis-stack-redis:7.2.0-v0
+        ports:
+        - containerPort: 6379
+        resources:
+          limits:
+            cpu: 1
+            memory: 1Gi
+          requests:
+            cpu: 50m
+            memory: 128Mi
+        livenessProbe:
+          tcpSocket:
+            port: 6379
+          initialDelaySeconds: 300
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          tcpSocket:
+            port: 6379
+          initialDelaySeconds: 5
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        volumeMounts:
+        - name: config
+          mountPath:  /etc/redis-stack.conf
+          subPath: redis-stack.conf
+      volumes:
+      - name: config
+        configMap:
+          name: redis-stack-config
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-stack
+spec:
+  ports:
+    - port: 6379
+      protocol: TCP
+      targetPort: 6379
+      nodePort: 30014
+  selector:
+    app: redis-stack
+  type: NodePort