Merge pull request 'develop' (#2) from develop into main

Reviewed-on: #2
This commit is contained in:
2025-07-24 16:22:58 +02:00
29 changed files with 1362 additions and 0 deletions

View File

@@ -0,0 +1,54 @@
name: Build and Push Image
on:
push:
tags:
- '*'
env:
REGISTRY: reg.cadoles.com
jobs:
build:
name: Build and push image
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Docker Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta base
id: metabase
uses: docker/metadata-action@v5
with:
images: |
reg.cadoles.com/cadoles/gotemplate
flavor: |
latest=auto
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,prefix=,suffix=
- name: Build and push
uses: docker/build-push-action@v6
with:
build-args: |
GOTEMPLATE_VERSION=3.12.0
context: ./misc/docker
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.metabase.outputs.tags }}
labels: ${{ steps.metabase.outputs.labels }}

View File

@@ -1,2 +1,3 @@
# varnish-kustom # varnish-kustom
Deploy a simple varnish server with kustomize

View File

@@ -0,0 +1,37 @@
{{- $hostname := env "HOSTNAME" }}
{{- $service := env "VALKEY_HEADLESS_SERVICE" }}
{{- $namespace := env "NAMESPACE" }}
{{- $port := env "VALKEY_PORT" }}
{{- $sentinel_port := env "VALKEY_SENTINEL_PORT" }}
{{- $replicas := env "VALKEY_REPLICAS" }}
{{- $domain := printf "%s.%s.svc.cluster.local" $service $namespace }}
{{- $fqdn := printf "%s.%s" $hostname $domain }}
{{- $hostid := sha1sum $hostname }}
{{- $datadir := env "VALKEY_DATA_DIR" }}
dir {{ $datadir }}
protected-mode no
loglevel {{ env "VALKEY_LOG_LEVEL" }}
appendonly yes
appendfilename "appendonly.aof"
appenddirname "appendonlydir"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
aof-timestamp-enabled no
save ""
replica-announce-port {{ $port }}
replica-announce-ip {{ $fqdn }}
# User-supplied replica configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""

View File

@@ -0,0 +1,119 @@
{{- $hostname := env "HOSTNAME" }}
{{- $service := env "VALKEY_HEADLESS_SERVICE" }}
{{- $namespace := env "NAMESPACE" }}
{{- $port := env "VALKEY_PORT" }}
{{- $sentinel_port := env "VALKEY_SENTINEL_PORT" }}
{{- $replicas := env "VALKEY_REPLICAS" }}
{{- $domain := printf "%s.%s.svc.cluster.local" $service $namespace }}
{{- $fqdn := printf "%s.%s" $hostname $domain }}
{{- $hostid := sha1sum $hostname }}
################################## INCLUDES ###################################
################################## MODULES #####################################
################################## NETWORK #####################################
bind * -::*
protected-mode no
port {{ $port }}
tcp-backlog 511
timeout 0
tcp-keepalive 300
################################# TLS/SSL #####################################
port {{ env "VALKEY_PORT" }}
################################### RDMA ######################################
################################# GENERAL #####################################
daemonize no
pidfile /opt/bitnami/valkey/tmp/valkey.pid
loglevel notice
logfile ""
databases 16
always-show-logo no
hide-user-data-from-log yes
set-proc-title yes
proc-title-template "{title} {listen-addr} {server-mode}"
locale-collate ""
################################ SNAPSHOTTING ################################
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
rdb-version-check strict
dbfilename dump.rdb
rdb-del-sync-files no
dir {{ env "VALKEY_DATA_DIR" }}
################################# REPLICATION #################################
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync yes
repl-diskless-sync-delay 5
repl-diskless-sync-max-replicas 0
repl-diskless-load disabled
dual-channel-replication-enabled no
repl-disable-tcp-nodelay no
replica-priority 100
replica-announce-port {{ $port }}
replica-announce-ip {{ $fqdn }}
############################### KEYS TRACKING #################################
################################## SECURITY ###################################
acllog-max-len 128
################################### CLIENTS ####################################
############################## MEMORY MANAGEMENT ################################
############################# LAZY FREEING ####################################
lazyfree-lazy-eviction yes
lazyfree-lazy-expire yes
lazyfree-lazy-server-del yes
replica-lazy-flush yes
lazyfree-lazy-user-del yes
lazyfree-lazy-user-flush yes
################################ THREADED I/O #################################
############################ KERNEL OOM CONTROL ##############################
oom-score-adj no
oom-score-adj-values 0 200 800
#################### KERNEL transparent hugepage CONTROL ######################
disable-thp yes
############################## APPEND ONLY MODE ###############################
appendonly no
appendfilename "appendonly.aof"
appenddirname "appendonlydir"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
aof-timestamp-enabled no
################################ SHUTDOWN #####################################
################ NON-DETERMINISTIC LONG BLOCKING COMMANDS #####################
################################ VALKEY CLUSTER ###############################
########################## CLUSTER DOCKER/NAT support ########################
################################## COMMAND LOG ###################################
commandlog-execution-slower-than 10000
commandlog-slow-execution-max-len 128
commandlog-request-larger-than 1048576
commandlog-large-request-max-len 128
commandlog-reply-larger-than 1048576
commandlog-large-reply-max-len 128
################################ LATENCY MONITOR ##############################
latency-monitor-threshold 0
################################ LATENCY TRACKING ##############################
############################# EVENT NOTIFICATION ##############################
notify-keyspace-events ""
############################### ADVANCED CONFIG ###############################
hash-max-listpack-entries 512
hash-max-listpack-value 64
list-max-listpack-size -2
list-compress-depth 0
set-max-intset-entries 512
set-max-listpack-entries 128
set-max-listpack-value 64
zset-max-listpack-entries 128
zset-max-listpack-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
########################### ACTIVE DEFRAGMENTATION #######################
jemalloc-bg-thread yes

View File

@@ -0,0 +1,49 @@
{{- $hostname := env "HOSTNAME" }}
{{- $service := env "VALKEY_HEADLESS_SERVICE" }}
{{- $namespace := env "NAMESPACE" }}
{{- $port := env "VALKEY_PORT" }}
{{- $name := env "VALKEY_NAME" }}
{{- $sentinel_port := env "VALKEY_SENTINEL_PORT" }}
{{- $replicas := env "VALKEY_REPLICAS" }}
{{- $domain := printf "%s.%s.svc.cluster.local" $service $namespace }}
{{- $fqdn := printf "%s.%s" $hostname $domain }}
{{- $hostid := sha1sum $hostname }}
{{- $quorum := env "VALKEY_QUORUM" }}
{{- $master_name := env "VALKEY_MASTER_NAME" }}
#-REPLICAS:{{ $replicas }}
dir "/tmp"
port {{ $sentinel_port }}
sentinel monitor {{ $master_name }} SENTINEL_MASTER {{ $port }} {{ $quorum }}
sentinel down-after-milliseconds {{ $master_name }} 60000
# User-supplied sentinel configuration:
# End of sentinel configuration
{{ printf "sentinel myid %s" $hostid }}
sentinel announce-hostnames yes
sentinel resolve-hostnames yes
sentinel announce-port {{ $sentinel_port }}
sentinel announce-ip {{ $fqdn }}
# Generated by CONFIG REWRITE
latency-tracking-info-percentiles 50 99 99.9
protected-mode no
# gotemplate-pause!
user default on nopass sanitize-payload ~* &* +@all
# gotemplate-resume!
sentinel config-epoch {{ $master_name }} 0
sentinel leader-epoch {{ $master_name }} 0
sentinel current-epoch 0
{{- range $i, $e := until ( int $replicas ) }}
{{- $masterName := printf "%s" $master_name}}
{{- $ndeHostname := printf "%s-%d" $name $i }}
{{- $ndeFQDN := printf "%s.%s" $ndeHostname $domain }}
{{- $nodeID := sha1sum $ndeHostname }}
{{- if (ne $fqdn $ndeFQDN) }}
sentinel {{ printf "known-sentinel %s %s %s %s" $masterName $ndeFQDN $sentinel_port $nodeID }}
sentinel {{ printf "known-replica %s %s %s" $masterName $ndeFQDN $port }}
{{- end}}
{{- end}}

View File

@@ -0,0 +1,103 @@
#!/bin/sh
pingSentinel() {
svc=${VALKEY_HEADLESS_SERVICE:-"localhost"}
resp=$(timeout -s 15 $1 \
valkey-cli \
-h ${svc} \
-p $VALKEY_SENTINEL_PORT \
ping)
ret=${?}
echo $resp
return ${ret}
}
getPrimaryInfo() {
masterName=${VALKEY_MASTER_NAME:-"mymaster"}
it="${1:-0}"
info=$(valkey-cli --csv -h ${VALKEY_HEADLESS_SERVICE} -p ${VALKEY_SENTINEL_PORT} sentinel get-primary-addr-by-name "${masterName}"| \
awk -F ',' '{ gsub(/"/,"",$0); print $1 " " $2 }')
if [ -z "${info}" ]; then
echo "Failed to get primary info for master '${masterName}'"
it=$((it + 1))
getPrimaryInfo ${it}
if [ ${it} -ge 10 ]; then
echo "Failed to get primary info after 5 attempts"
return 1
fi
fi
if [[ "${info}" =~ /^NULL/ ]]; then
it=$((it + 1))
getPrimaryInfo ${it}
if [ ${it} -ge 10 ]; then
echo "Failed to get primary info after 5 attempts"
return 1
fi
fi
echo "${info}"
return ${?}
}
getSentinelMasterName() {
getPrimaryInfo | awk -F ' ' '{print $1}'
}
getFailOverStatus() {
# Check if the failover is finished
local failoverStatus
primaryInfo=$(getPrimaryInfo)
primaryHost=$(echo ${primaryInfo} | awk -F ' ' '{print $1}')
currentHost=$(hostname -f)
if [[ "${primaryHost}" != "${currentHost}" ]]; then
echo "Failover finished"
return 0
else
echo "Failover in progress"
return 1
fi
}
waitForSentinel() {
tout=60
while true; do
response=$(pingSentinel 5)
if [ "${response}" = "PONG" ]; then
echo "Sentinel is responding"
break
return 0
fi
echo "Sentinel is not responding [${response}]"
sleep 1
tout=$((tout - 1))
if [ "${tout}" -le 0 ]; then
echo "Sentinel ping timed out"
return 124
fi
done
sleep 10
}
sentinelIsMaster() {
# Check if the sentinel is master
primaryInfo=$(getPrimaryInfo)
primaryHost=$(echo ${primaryInfo} | awk -F ' ' '{print $1}')
currentHost=$(hostname -f)
if [[ "${primaryHost}" != "${currentHost}" ]]; then
echo "Sentinel is not master"
return 1
else
echo "Sentinel is master"
return 0
fi
}
sentinelReset() {
# Reset the sentinel
valkey-cli -h ${VALKEY_HEADLESS_SERVICE} -p ${VALKEY_SENTINEL_PORT} sentinel reset "${1}"
return $?
}

View File

@@ -0,0 +1,27 @@
#!/bin/sh
ping_valkey() {
resp=$(timeout -s 15 $1 \
valkey-cli \
-h localhost \
-p $VALKEY_PORT \
ping)
ret=${?}
echo $resp
return ${ret}
}
response=$(ping_valkey 5)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
firstWord=$(echo $response | awk 'NR==1 {print $1;}')
if [ "$response" != "PONG" ] && [ "$firstWord" != "LOADING" ] && [ "$firstWord" != "MASTERDOWN" ]; then
echo "Valey is not alive [${response}]"
exit 1
fi
echo "$( date +'[%Y/%m/%d %H:%M:%S]') Valkey is alive"
exit 0

View File

@@ -0,0 +1,27 @@
#!/bin/sh
ping_sentinel() {
resp=$(timeout -s 15 $1 \
valkey-cli \
-h localhost \
-p $VALKEY_SENTINEL_PORT \
ping)
ret=${?}
echo $resp
return ${ret}
}
response=$(ping_sentinel 5)
if [ "${?}" -eq 124 ]; then
echo "Sentinel ping timed out"
exit 124
fi
if [ "${response}" != "PONG" ];
then
echo "Sentinel is not responding"
exit 1
fi
echo "$( date +'[%Y/%m/%d %H:%M:%S]') Sentinel is responding"
exit 0

View File

@@ -0,0 +1,32 @@
#!/bin/sh
source /opt/scripts/common.sh
tmout=120
while true ; do
echo "I'm the primary pod and you are stopping me. Starting sentinel failover"
echo "Waiting for failover to finish..."
fo=$(getFailOverStatus)
if [ $? -eq 0 ]; then
echo "Primary has been successfully failed over to a different pod."
break
fi
sleep 1
tmout=$((tmout - 1))
if [ "${tmout}" -le 0 ]; then
echo "Failover timed out"
exit 1
fi
done
echo "Primary has been successfuly failed over to a different pod."
echo "Removing myself from the sentinel configuration"
sentinelReset $(hostname -f)
if [ $? -ne 0 ]; then
echo "Failed to remove myself from the sentinel configuration"
exit 1
fi
exit 0

View File

@@ -0,0 +1,75 @@
#!/bin/sh
# Run Valkey command
vcli() {
valkey-cli -h 127.0.0.1 -p "${VALKEY_PORT}" "$@"
return $?
}
# Run Sentinel command
vcli-sentinel() {
valkey-cli -h "${VALKEY_HEADLESS_SERVICE}" -p "${VALKEY_SENTINEL_PORT}" sentinel "$@"
return $?
}
getFailOverStatus() {
# Check if the failover is finished
local failoverStatus
sentinelMasterName="${VALKEY_MASTER_NAME:-"mymaster"}"
primaryInfo=$(vcli-sentinel get-primary-addr-by-name "${sentinelMasterName}")
primaryHost=$(echo ${primaryInfo} | awk -F ' ' '{print $1}')
currentHost=$(hostname -f)
if [[ "${primaryHost}" != "${currentHost}" ]]; then
echo "Failover finished"
return 0
else
echo "Failover in progress"
return 1
fi
}
getRole() {
# Get the role of the current node
VALKEY_ROLE=$(vcli role | head -1)
echo "${VALKEY_ROLE}"
}
isPrimary() {
# Check if the current node is the primary
role=$(getRole)
if [ "${role}" = "master" ]; then
echo "I'm the master"
else
echo "I'm not the master, I'm a ${role}"
fi
}
if isPrimary && ! getFailOverStatus; then
sentinelMasterName="${VALKEY_MASTER_NAME}"
echo "I'm the primary and you are stopping me, pausing client connections"
#Pausing write connections to avoid data loss"
vcli CLIENT PAUSE "22000" WRITE
echo "Starting failover"
vcli-sentinel failover "${sentinelMasterName}"
echo "Waiting for sentinel to complete failover for up to 120s"
tmout=120
while true ; do
echo "I'm the primary pod and you are stopping me. Starting sentinel failover"
getFailOverStatus
if [ $? -eq 0 ]; then
echo "Primary has been successfully failed over to a different pod."
break
fi
echo "Waiting for failover to finish..."
sleep 1
tmout=$((tmout - 1))
if [ "${tmout}" -le 0 ]; then
echo "Failover timed out"
exit 1
fi
done
fi
exit 0

View File

@@ -0,0 +1,26 @@
#!/bin/sh
ping_valkey() {
resp=$(timeout -s 15 $1 \
valkey-cli \
-h localhost \
-p $VALKEY_PORT \
ping)
ret=${?}
echo $resp
return ${ret}
}
response=$(ping_valkey 5)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
if [ "$response" != "PONG" ]; then
echo "Valey is not ready [${response}]"
exit 1
fi
echo "$( date +'[%Y/%m/%d %H:%M:%S]') Valkey is ready"
exit 0

View File

@@ -0,0 +1,105 @@
#!/bin/sh
pingSentinel() {
resp=$(timeout -s 15 $1 \
valkey-cli \
-h ${VALKEY_HEADLESS_SERVICE} \
-p ${VALKEY_SENTINEL_PORT} \
ping)
ret=${?}
echo $resp
return ${ret}
}
getPrimaryInfo() {
sentinelMasterName="${VALKEY_MASTER_NAME:-"mymaster"}"
valkey-cli -t 15 --csv -h ${VALKEY_HEADLESS_SERVICE} -p ${VALKEY_SENTINEL_PORT} sentinel get-primary-addr-by-name "${sentinelMasterName}"| \
awk -F ',' '{ gsub(/"/,"",$0); print $1 " " $2 }'
return ${?}
}
waitForSentinel() {
tout=60
while true; do
response=$(pingSentinel 5)
if [ "${response}" = "PONG" ]; then
echo "Sentinel is responding"
break
return 0
fi
echo "Sentinel is not responding [${response}]"
sleep 1
tout=$((tout - 1))
if [ "${tout}" -le 0 ]; then
echo "Sentinel ping timed out"
return 124
fi
done
sleep 10
}
startValkey() {
# Start Valkey
echo "Running : [valkey-server ${@}]"
valkey-server ${@}
ret=${?}
if [ "${ret}" -ne 0 ]; then
echo "Failed to start Valkey"
exit ${ret}
fi
}
setupPrimary=0
primaryHost=""
primaryPort=""
#if [[ -f /etc/valkey/sentinel.conf ]]; then
# primaryHost="$(awk '/monitor/ {print $4}' /etc/valkey/sentinel.conf)"
# primaryPort="$(awk '/monitor/ {print $5}' /etc/valkey/sentinel.conf)"
# echo "Found previous primary ${primaryHost}:${primaryPort}"
#fi
if [[ ! -f /etc/valkey/replication.conf ]]; then
cp /etc/valkey/replication.conf.orig /etc/valkey/replication.conf
fi
waitForSentinel
ret=${?}
if [ "${ret}" -ne 0 ]; then
exit ${ret}
fi
primaryInfo=$(getPrimaryInfo)
if [ "${?}" -ne 0 ]; then
echo "No primary found, seting up node as primary"
startPrimary=1
else
primaryHost=$(echo ${primaryInfo} | awk -F ' ' '{print $1}')
primaryPort=$(echo ${primaryInfo} | awk -F ' ' '{print $2}')
echo "Primary host is : ${primaryHost}, port: ${primaryPort}"
currentHost=$(hostname -f)
echo "Current host is : ${currentHost}"
if [ "${primaryHost}" = "NULL" ]; then
echo "Not primary yet, starting as primary"
startPrimary=1
else
if [ "${primaryHost}" != "${currentHost}" ]; then
echo "Not the primary, setting up as replica"
startPrimary=0
else
echo "This is the primary"
startPrimary=1
fi
fi
fi
if [ "${startPrimary}" -eq 1 ]; then
echo "Starting Valkey as primary"
cat $1
startValkey ${@}
else
echo "Starting Valkey as replica"
startValkey ${@} "--replicaof" "${primaryHost}" "${primaryPort}"
fi

View File

@@ -0,0 +1,38 @@
#!/bin/sh
# Generate sentinel.conf file for Valkey Sentinel
source /opt/scripts/common.sh
PATH=${PATH}:/
SENTINEL_MASTER=""
updateSentinelMaster(){
cp /etc/valkey/sentinel.conf.orig /etc/valkey/sentinel.conf
hostname=$(hostname -f)
pingSentinel 1
if [ $? -ne 0 ]; then
SENTINEL_MASTER=$(hostname -f)
else
SENTINEL_MASTER=$(getSentinelMasterName)
fi
sed -i "s/SENTINEL_MASTER/${SENTINEL_MASTER}/g" /etc/valkey/sentinel.conf
}
if [ -f /etc/valkey/sentinel.conf ]; then
echo "Sentinel configuration file already exists, starting with this."
reps=$(awk -F ':' '/REPLICAS/ {print $2}' /etc/valkey/sentinel.conf)
if [ "${reps}" = "${VALKEY_REPLICAS}" ]; then
echo "Sentinel configuration file already has the correct number of replicas (${VALKEY_REPLICAS})."
else
echo "Updating Sentinel configuration file with the correct number of replicas (${VALKEY_REPLICAS})."
updateSentinelMaster
fi
else
updateSentinelMaster
fi
valkey-sentinel /etc/valkey/sentinel.conf

View File

@@ -0,0 +1,44 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- resources/sa.yaml
- resources/statefulset.yaml
- resources/svc.yaml
configMapGenerator:
#- name: valkey-env
# literals:
# - NAMESPACE="default"
# - VALKEY_ENV="base"
# - VALKEY_NAME="valkey-node"
# - VALKEY_SERVICE="valkey-node"
# - VALKEY_HEADLESS_SERVICE="valkey-node-headless"
# - VALKEY_MASTER_NAME="mymaster"
# - VALKEY_REPLICAS="4"
# - VALKEY_PORT="6379"
# - VALKEY_SENTINEL_PORT="26379"
# - ALLOW_EMPTY_PASSWORD="yes"
# - VALKEY_TLS_ENABLED="no"
# - VALKEY_SENTINEL_TLS_ENABLED="no"
# - VALKEY_DATA_DIR="/data"
# - VALKEY_LOG_LEVEL="warning"
# - VALKEY_QUORUM="2"
- name: valkey-config
files:
- files/conf/replication.conf.tpl
- files/conf/sentinel.conf.tpl
- name: valkey-scripts
files:
- files/scripts/common.sh
- files/scripts/startSentinel.sh
- files/scripts/pre-stop.sh
- files/scripts/pre-stop-sentinel.sh
- files/scripts/start-node.sh
- files/scripts/ping-sentinel.sh
- files/scripts/liveness-local.sh
- files/scripts/readiness-local.sh
replacements:
- path: replacements/service.yaml
- path: replacements/statefulset.yaml

View File

@@ -0,0 +1,17 @@
- source:
kind: ConfigMap
name: valkey-env
fieldPath: data.VALKEY_SERVICE
targets:
- select:
kind: Service
name: valkey-headless
fieldPaths:
- metadata.labels.app
- spec.selector.app
- select:
kind: Service
name: valkey
fieldPaths:
- metadata.labels.app
- spec.selector.app

View File

@@ -0,0 +1,12 @@
- source:
kind: ConfigMap
name: valkey-env
fieldPath: data.VALKEY_SERVICE
targets:
- select:
kind: StatefulSet
name: valkey-node
fieldPaths:
- metadata.labels.app
- spec.selector.matchLabels.app
- spec.template.metadata.labels.app

View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: valkey
app.kubernetes.io/part-of: valkey
app.kubernetes.io/version: 8.1.1
name: valkey

View File

@@ -0,0 +1,340 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: CHANGE_ME
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: valkey
app.kubernetes.io/part-of: valkey
app.kubernetes.io/version: 8.1.3
name: valkey-node
spec:
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
podManagementPolicy: OrderedReady
# DO NOT CHANGE THIS LINE HERE, USE THE VARIABLE VALKEY_REPLICAS INSTEAD
replicas: 4
# END OF DO NOT CHANGE THIS LINE
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
app: CHANGE_ME
serviceName: valkey-headless
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: CHANGE_ME
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: valkey
app.kubernetes.io/version: 8.1.3
helm.sh/chart: valkey-3.0.7
spec:
shareProcessNamespace: true
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
topologyKey: kubernetes.io/hostname
weight: 1
automountServiceAccountToken: false
initContainers:
- name: copy-config-templates
image: reg.cadoles.com/dh/library/busybox:1.37.0-musl
command:
- /bin/cp
args:
- -R
- /templates
- /tmp/
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /templates/replication.conf.orig
name: valkey-config
subPath: replication.conf.tpl
- mountPath: /templates/sentinel.conf.orig
name: valkey-config
subPath: sentinel.conf.tpl
- mountPath: /tmp
name: tmp
- mountPath: /data
name: valkey-data
- name: generate-config
image: reg.cadoles.com/cadoles/gotemplate:0.0.6-dev
imagePullPolicy: IfNotPresent
args:
- --source
- /tmp/templates
- --target
- /etc/valkey/
- --no-overwrite
- replication.conf.orig
- sentinel.conf.orig
envFrom:
- configMapRef:
name: valkey-env
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /etc/valkey/
name: valkey-etc
- mountPath: /tmp
name: tmp
- mountPath: /data
name: valkey-data
containers:
- name: valkey
image: reg.cadoles.com/dh/valkey/valkey:8.1.3-alpine3.22
command:
- /opt/scripts/start-node.sh
args:
- /etc/valkey/replication.conf
imagePullPolicy: IfNotPresent
env:
- name: VALKEY_ROLE
value: "replication"
envFrom:
- configMapRef:
name: valkey-env
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- /opt/scripts/pre-stop.sh
livenessProbe:
exec:
command:
- sh
- -c
- /opt/scripts/liveness-local.sh 5
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
ports:
- containerPort: 6379
name: valkey
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- /opt/scripts/readiness-local.sh 1
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 150m
memory: 192Mi
ephemeral-storage: 2Gi
requests:
cpu: 100m
memory: 128Mi
ephemeral-storage: 50Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
startupProbe:
exec:
command:
- sh
- -c
- /opt/scripts/liveness-local.sh 5
failureThreshold: 22
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/valkey/
name: valkey-etc
- mountPath: /opt/scripts
name: valkey-scripts
- mountPath: /data
name: valkey-data
- name: sentinel
image: reg.cadoles.com/dh/valkey/valkey:8.1.3-alpine3.22
imagePullPolicy: IfNotPresent
command:
- /opt/scripts/startSentinel.sh
env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: VALKEY_SENTINEL_TLS_ENABLED
value: "no"
envFrom:
- configMapRef:
name: valkey-env
lifecycle:
preStop:
exec:
command:
- /bin/bash
- -c
- /opt/scripts/pre-stop-sentinel.sh
livenessProbe:
exec:
command:
- sh
- -c
- /opt/scripts/ping-sentinel.sh 5
failureThreshold: 6
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
ports:
- containerPort: 26379
name: valkey-sentinel
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- /opt/scripts/ping-sentinel.sh 5
failureThreshold: 6
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
startupProbe:
exec:
command:
- sh
- -c
- /opt/scripts/ping-sentinel.sh 5
failureThreshold: 22
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/scripts
name: valkey-scripts
- mountPath: /etc/valkey/
name: valkey-etc
dnsPolicy: ClusterFirst
enableServiceLinks: true
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsUser: 1001
runAsNonRoot: true
runAsGroup: 1001
fsGroup: 1001
fsGroupChangePolicy: Always
#serviceAccount: valkey
#serviceAccountName: valkey
terminationGracePeriodSeconds: 30
volumes:
- name: valkey-scripts
configMap:
defaultMode: 493
name: valkey-scripts
- name: valkey-config
configMap:
defaultMode: 420
name: valkey-config
- emptyDir:
sizeLimit: 64Mi
medium: Memory
name: tmp
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
name: valkey-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
name: valkey-etc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 32Mi

View File

@@ -0,0 +1,56 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: CHANGE_ME
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: valkey
app.kubernetes.io/part-of: valkey
app.kubernetes.io/version: 8.1.1
name: valkey
spec:
ports:
- name: tcp-redis
port: 6379
protocol: TCP
targetPort: 6379
- name: tcp-sentinel
port: 26379
protocol: TCP
targetPort: 26379
selector:
app: CHANGE_ME
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey
---
apiVersion: v1
kind: Service
metadata:
labels:
app: CHANGE_ME
app.kubernetes.io/component: node
app.kubernetes.io/instance: valkey
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: valkey-headless
app.kubernetes.io/part-of: valkey
app.kubernetes.io/version: 8.1.1
name: valkey-headless
spec:
clusterIP: None
ports:
- name: tcp-redis
port: 6379
protocol: TCP
targetPort: redis
- name: tcp-sentinel
port: 26379
protocol: TCP
targetPort: valkey-sentinel
publishNotReadyAddresses: true
selector:
app: CHANGE_ME
app.kubernetes.io/instance: valkey
app.kubernetes.io/name: valkey

5
kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
components:
- resources/node

22
misc/docker/Dockerfile Normal file
View File

@@ -0,0 +1,22 @@
# Base image
FROM golang:tip-alpine3.22 AS builder
# Set directory to known value
WORKDIR /app
# Define the version as a build argument
ARG GOTEMPLATE_VERSION=3.12.0
RUN apk add valkey-cli git
# Git clone the repo for gotemplate, checkout the desired tag, and build the executable
RUN git clone https://github.com/coveooss/gotemplate.git . && \
git checkout v${GOTEMPLATE_VERSION} && \
CGO_ENABLED=0 go build
FROM alpine:3.22
#
COPY --from=builder /app/gotemplate /gotemplate
COPY --from=builder /usr/bin/valkey-cli /valkey-cli
ENTRYPOINT [ "/gotemplate" ]

View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources/namespace.yaml
- resources/vlone
- resources/vltwo

View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: vltest

View File

@@ -0,0 +1,25 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: vlone-
components:
- https://forge.cadoles.com/CadolesKube/valkey-kustom//components/node
configMapGenerator:
- name: valkey-env
literals:
- NAMESPACE="vltest"
- VALKEY_ENV="vltest"
- VALKEY_NAME="vlone-valkey-node"
- VALKEY_SERVICE="vlone-valkey"
- VALKEY_HEADLESS_SERVICE="vlone-valkey-headless"
- VALKEY_MASTER_NAME="mymaster"
- VALKEY_REPLICAS="6"
- VALKEY_PORT="6379"
- VALKEY_SENTINEL_PORT="26379"
- ALLOW_EMPTY_PASSWORD="yes"
- VALKEY_TLS_ENABLED="no"
- VALKEY_SENTINEL_TLS_ENABLED="no"
- VALKEY_DATA_DIR="/data"
- VALKEY_LOG_LEVEL="warning"
- VALKEY_QUORUM="2"

View File

@@ -0,0 +1,20 @@
- source:
kind: ConfigMap
name: vlone
fieldPath: data.VALKEY_HEADLESS_SERVICE
targets:
- select:
kind: Service
name: valkey-headless
fieldPaths:
- metadata.name
- source:
kind: ConfigMap
name: vlone
fieldPath: data.VALKEY_SERVICE
targets:
- select:
kind: Service
name: valkey
fieldPaths:
- metadata.name

View File

@@ -0,0 +1,31 @@
- source:
kind: ConfigMap
name: vlone
fieldPath: data.VALKEY_NAME
targets:
- select:
kind: StatefulSet
name: valkey-node
fieldPaths:
- metadata.name
- source:
kind: ConfigMap
name: vlone
fieldPath: data.VALKEY_ENV_NAME
targets:
- select:
kind: StatefulSet
name: valkey-node
fieldPaths:
- spec.template.spec.containers[*].envFrom[0].configMapRef.name
- spec.template.spec.initContainers[*].envFrom[0].configMapRef.name
- source:
kind: ConfigMap
name: vlone
fieldPath: data.VALKEY_CONF_NAME
targets:
- select:
kind: StatefulSet
name: valkey-node
fieldPaths:
- spec.template.spec.initContainers[*].volumeMounts[valkey-config].name

View File

@@ -0,0 +1,25 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: vltwo-
components:
- https://forge.cadoles.com/CadolesKube/valkey-kustom//components/node
configMapGenerator:
- name: valkey-env
literals:
- NAMESPACE="vltest"
- VALKEY_ENV="vltest"
- VALKEY_NAME="vltwo-valkey-node"
- VALKEY_SERVICE="vltwo-valkey"
- VALKEY_HEADLESS_SERVICE="vltwo-valkey-headless"
- VALKEY_MASTER_NAME="vltwomaster"
- VALKEY_REPLICAS="4"
- VALKEY_PORT="6379"
- VALKEY_SENTINEL_PORT="26379"
- ALLOW_EMPTY_PASSWORD="yes"
- VALKEY_TLS_ENABLED="no"
- VALKEY_SENTINEL_TLS_ENABLED="no"
- VALKEY_DATA_DIR="/data"
- VALKEY_LOG_LEVEL="warning"
- VALKEY_QUORUM="2"

View File

@@ -0,0 +1,20 @@
- source:
kind: ConfigMap
name: vltwo
fieldPath: data.VALKEY_HEADLESS_SERVICE
targets:
- select:
kind: Service
name: valkey-headless
fieldPaths:
- metadata.name
- source:
kind: ConfigMap
name: vltwo
fieldPath: data.VALKEY_SERVICE
targets:
- select:
kind: Service
name: valkey
fieldPaths:
- metadata.name

View File

@@ -0,0 +1,31 @@
- source:
kind: ConfigMap
name: vltwo
fieldPath: data.VALKEY_NAME
targets:
- select:
kind: StatefulSet
name: valkey-node
fieldPaths:
- metadata.name
- source:
kind: ConfigMap
name: vltwo
fieldPath: data.VALKEY_ENV_NAME
targets:
- select:
kind: StatefulSet
name: valkey-node
fieldPaths:
- spec.template.spec.containers[*].envFrom[0].configMapRef.name
- spec.template.spec.initContainers[*].envFrom[0].configMapRef.name
- source:
kind: ConfigMap
name: vltwo
fieldPath: data.VALKEY_CONF_NAME
targets:
- select:
kind: StatefulSet
name: valkey-node
fieldPaths:
- spec.template.spec.initContainers[*].volumeMounts[valkey-config].name