From 4ea22efdaad4c83a5920e89950936928b6a53c68 Mon Sep 17 00:00:00 2001
From: Pieter van der Giessen <pieter@pionative.com>
Date: Tue, 9 Apr 2024 21:16:38 +0200
Subject: [PATCH 1/4] Improve wait-for-redis logic

Signed-off-by: Pieter van der Giessen <pieter@pionative.com>
---
 helm/oauth2-proxy/scripts/check-redis.sh      | 52 +++++++++++++++++++
 .../templates/configmap-wait-for-redis.yaml   | 13 +++++
 helm/oauth2-proxy/templates/deployment.yaml   | 31 ++++++++---
 helm/oauth2-proxy/values.yaml                 |  3 +-
 4 files changed, 91 insertions(+), 8 deletions(-)
 create mode 100644 helm/oauth2-proxy/scripts/check-redis.sh
 create mode 100644 helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml

diff --git a/helm/oauth2-proxy/scripts/check-redis.sh b/helm/oauth2-proxy/scripts/check-redis.sh
new file mode 100644
index 0000000..29cd2d8
--- /dev/null
+++ b/helm/oauth2-proxy/scripts/check-redis.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+RETRY_INTERVAL=5  # Interval between retries in seconds
+elapsed=0  # Elapsed time
+
+check_redis() {
+    host=$1
+    port=$2
+    while [ $elapsed -lt $TOTAL_RETRY_TIME ]; do
+        echo "Checking Redis at $host:$port... Elapsed time: ${elapsed}s"
+        if nc -z -w1 $TIMEOUT $host $port > /dev/null 2>&1; then
+            echo "Redis is up at $host:$port!"
+            return 0
+        else
+            echo "Redis is down at $host:$port. Retrying in $RETRY_INTERVAL seconds."
+            sleep $RETRY_INTERVAL
+            elapsed=$((elapsed + RETRY_INTERVAL))
+        fi
+    done
+    echo "Failed to connect to Redis at $host:$port after $TOTAL_RETRY_TIME seconds."
+    return 1
+}
+
+# For parsing and checking connections
+parse_and_check() {
+    url=$1
+    clean_url=${url#redis://}
+    host=$(echo $clean_url | cut -d':' -f1)
+    port=$(echo $clean_url | cut -d':' -f2)
+    check_redis $host $port
+}
+
+# Main
+if [ "$OAUTH2_PROXY_REDIS_USE_CLUSTER" = "true" ]; then
+    echo "Checking Redis in cluster mode..."
+    echo "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ "$OAUTH2_PROXY_REDIS_USE_SENTINEL" = "true" ]; then
+    echo "Checking Redis in sentinel mode..."
+    echo "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ -n "$OAUTH2_PROXY_REDIS_CONNECTION_URL" ]; then
+    echo "Checking standalone Redis..."
+    parse_and_check "$OAUTH2_PROXY_REDIS_CONNECTION_URL" || exit 1
+else
+    echo "Redis configuration not specified."
+    exit 1
+fi
+
+echo "Redis check completed."
\ No newline at end of file
diff --git a/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml b/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml
new file mode 100644
index 0000000..e4ffa62
--- /dev/null
+++ b/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  check-redis.sh: |
+{{ .Files.Get "scripts/check-redis.sh" | indent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
index 218bef4..f09b657 100644
--- a/helm/oauth2-proxy/templates/deployment.yaml
+++ b/helm/oauth2-proxy/templates/deployment.yaml
@@ -62,13 +62,22 @@ spec:
       {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
       initContainers:
       - name: wait-for-redis
-        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ include "kubectl.version" . }}"
+        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}"
         imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }}
-        args:
-          - wait
-          - pod/{{ include "oauth2-proxy.redis.fullname" . }}-master-0
-          - --for=condition=ready
-          - --timeout={{ .Values.initContainers.waitForRedis.timeout }}s
+        command: ["/bin/sh", "-c", "/scripts/check-redis.sh"]    
+        env:
+        - name: TOTAL_RETRY_TIME
+          value: "{{ .Values.initContainers.waitForRedis.timeout }}"
+        {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
+        - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
+          value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
+        - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
+          value: {{ .Values.sessionStorage.redis.cluster.connectionUrls }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
+        - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
+          value: {{ .Values.sessionStorage.redis.sentinel.connectionUrls }}
+        {{- end }}
       {{- if .Values.initContainers.waitForRedis.securityContext.enabled }}
       {{- $securityContext := unset .Values.initContainers.waitForRedis.securityContext "enabled" }}
         securityContext:
@@ -76,6 +85,9 @@ spec:
       {{- end }}
         resources:
           {{- toYaml .Values.initContainers.waitForRedis.resources | nindent 10 }}
+        volumeMounts:
+        - name: redis-script
+          mountPath: /scripts
       {{- end }}
       {{- if .Values.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
@@ -319,7 +331,12 @@ spec:
           secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist
 {{- end }}
 {{- end }}
-
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+      - name: redis-script
+        configMap:
+          name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+          defaultMode: 0775
+{{- end }}
 {{- if or .Values.config.existingConfig .Values.config.configFile }}
       - configMap:
           defaultMode: 420
diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
index 219f45a..9cc294a 100644
--- a/helm/oauth2-proxy/values.yaml
+++ b/helm/oauth2-proxy/values.yaml
@@ -279,7 +279,8 @@ initContainers:
   waitForRedis:
     enabled: true
     image:
-      repository: "docker.io/bitnami/kubectl"
+      repository: "alpine"
+      tag: "latest"
       pullPolicy: "IfNotPresent"
     # uses the kubernetes version of the cluster
     # the chart is deployed on, if not set

From 0ebfc2e7865eeaaa8b3dad66688cf19c73997c7f Mon Sep 17 00:00:00 2001
From: Pierluigi Lenoci <pierluigi.lenoci@sap.com>
Date: Wed, 10 Apr 2024 12:16:15 +0200
Subject: [PATCH 2/4] Update check-redis.sh

---
 helm/oauth2-proxy/scripts/check-redis.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/oauth2-proxy/scripts/check-redis.sh b/helm/oauth2-proxy/scripts/check-redis.sh
index 29cd2d8..1785190 100644
--- a/helm/oauth2-proxy/scripts/check-redis.sh
+++ b/helm/oauth2-proxy/scripts/check-redis.sh
@@ -49,4 +49,4 @@ else
     exit 1
 fi
 
-echo "Redis check completed."
\ No newline at end of file
+echo "Redis check completed."

From 0c9b3dd0abf5d8be7580376be186b7505885deee Mon Sep 17 00:00:00 2001
From: Pierluigi Lenoci <pierluigi.lenoci@sap.com>
Date: Wed, 10 Apr 2024 12:16:35 +0200
Subject: [PATCH 3/4] Update configmap-wait-for-redis.yaml

---
 helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml b/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml
index e4ffa62..721048d 100644
--- a/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml
+++ b/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml
@@ -10,4 +10,4 @@ metadata:
 data:
   check-redis.sh: |
 {{ .Files.Get "scripts/check-redis.sh" | indent 4 }}
-{{- end }}
\ No newline at end of file
+{{- end }}

From 3a5ffa202b47f4f568ed34050345197e9f5aa91b Mon Sep 17 00:00:00 2001
From: Pieter van der Giessen <pieter@pionative.com>
Date: Tue, 30 Apr 2024 11:41:54 +0200
Subject: [PATCH 4/4] Version bump

Signed-off-by: Pieter van der Giessen <pieter@pionative.com>
---
 helm/oauth2-proxy/Chart.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
index 7d1108f..771dcb6 100644
--- a/helm/oauth2-proxy/Chart.yaml
+++ b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 7.4.1
+version: 7.5.0
 apiVersion: v2
 appVersion: 7.6.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/
@@ -35,7 +35,7 @@ kubeVersion: ">=1.9.0-0"
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: Fix link in readme to existingSecret needed fields
+      description: Improved the readiness check for Redis to support all types
       links:
         - name: Github PR
-          url: https://github.com/oauth2-proxy/manifests/pull/193
+          url: https://github.com/oauth2-proxy/manifests/pull/197