{{/* Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} {{/* Return the proper Valkey image name */}} {{- define "valkey-cluster.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} {{- end -}} {{/* Return the proper image name (for the metrics image) */}} {{- define "valkey-cluster.metrics.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} {{- end -}} {{/* Return the proper image name (for the init container volume-permissions image) */}} {{- define "valkey-cluster.volumePermissions.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} {{- end -}} {{/* Return sysctl image */}} {{- define "valkey-cluster.sysctl.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.sysctlImage "global" .Values.global) }} {{- end -}} {{/* Return the proper Docker Image Registry Secret Names */}} {{- define "valkey-cluster.imagePullSecrets" -}} {{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} {{- end -}} {{/* Return true if a TLS secret object should be created */}} {{- define "valkey-cluster.createTlsSecret" -}} {{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} {{- true -}} {{- end -}} {{- end -}} {{/* Return the secret containing Valkey TLS certificates */}} {{- define "valkey-cluster.tlsSecretName" -}} {{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}} {{- if $secretName -}} {{- printf "%s" (tpl $secretName $) -}} {{- else -}} {{- printf "%s-crt" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} {{/* Return the path to the cert file. */}} {{- define "valkey-cluster.tlsCert" -}} {{- if (include "valkey-cluster.createTlsSecret" . ) -}} {{- printf "/opt/bitnami/valkey/certs/%s" "tls.crt" -}} {{- else -}} {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/valkey/certs/%s" -}} {{- end -}} {{- end -}} {{/* Return the path to the cert key file. */}} {{- define "valkey-cluster.tlsCertKey" -}} {{- if (include "valkey-cluster.createTlsSecret" . ) -}} {{- printf "/opt/bitnami/valkey/certs/%s" "tls.key" -}} {{- else -}} {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/valkey/certs/%s" -}} {{- end -}} {{- end -}} {{/* Return the path to the CA cert file. */}} {{- define "valkey-cluster.tlsCACert" -}} {{- if (include "valkey-cluster.createTlsSecret" . ) -}} {{- printf "/opt/bitnami/valkey/certs/%s" "ca.crt" -}} {{- else -}} {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/valkey/certs/%s" -}} {{- end -}} {{- end -}} {{/* Return the path to the DH params file. */}} {{- define "valkey-cluster.tlsDHParams" -}} {{- if .Values.tls.dhParamsFilename -}} {{- printf "/opt/bitnami/valkey/certs/%s" .Values.tls.dhParamsFilename -}} {{- end -}} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "valkey-cluster.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} {{/* Get the password secret. */}} {{- define "valkey-cluster.secretName" -}} {{- if .Values.existingSecret -}} {{- printf "%s" (tpl .Values.existingSecret $) -}} {{- else -}} {{- printf "%s" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} {{/* Get the password key to be retrieved from Valkey secret. */}} {{- define "valkey-cluster.secretPasswordKey" -}} {{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}} {{- printf "%s" .Values.existingSecretPasswordKey -}} {{- else -}} {{- printf "valkey-password" -}} {{- end -}} {{- end -}} {{/* Return Valkey password */}} {{- define "valkey-cluster.password" -}} {{- if not (empty .Values.global.valkey.password) }} {{- .Values.global.valkey.password -}} {{- else if not (empty .Values.password) -}} {{- .Values.password -}} {{- else -}} {{- randAlphaNum 10 -}} {{- end -}} {{- end -}} {{/* Determines whether or not to create the Statefulset */}} {{- define "valkey-cluster.createStatefulSet" -}} {{- if not .Values.cluster.externalAccess.enabled -}} {{- true -}} {{- end -}} {{- if and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP -}} {{- true -}} {{- end -}} {{- end -}} {{/* Check if there are rolling tags in the images */}} {{- define "valkey-cluster.checkRollingTags" -}} {{- include "common.warnings.rollingTag" .Values.image -}} {{- include "common.warnings.rollingTag" .Values.metrics.image -}} {{- end -}} {{/* Compile all warnings into a single message, and call fail. */}} {{- define "valkey-cluster.validateValues" -}} {{- $messages := list -}} {{- $messages := append $messages (include "valkey-cluster.validateValues.updateParameters" .) -}} {{- $messages := append $messages (include "valkey-cluster.validateValues.tlsParameters" .) -}} {{- $messages := append $messages (include "valkey-cluster.validateValues.tls" .) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} {{- if $message -}} {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} {{- end -}} {{- end -}} {{/* Validate values of Valkey Cluster - check update parameters */}} {{- define "valkey-cluster.validateValues.updateParameters" -}} {{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) -}} {{- if .Values.cluster.externalAccess.enabled }} {{- if not .Values.cluster.update.newExternalIPs -}} valkey-cluster: newExternalIPs You must provide the newExternalIPs to perform the cluster upgrade when using external access. {{- end -}} {{- else }} {{- if not .Values.cluster.update.currentNumberOfNodes -}} valkey-cluster: currentNumberOfNodes You must provide the currentNumberOfNodes to perform an upgrade when not using external access. {{- end -}} {{- if kindIs "invalid" .Values.cluster.update.currentNumberOfReplicas -}} valkey-cluster: currentNumberOfReplicas You must provide the currentNumberOfReplicas to perform an upgrade when not using external access. {{- end -}} {{- end -}} {{- end -}} {{- end -}} {{/* Validate values of Valkey Cluster - tls settings */}} {{- define "valkey-cluster.validateValues.tlsParameters" -}} {{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) }} {{- if and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) -}} valkey-cluster: TLSSecretMissingSecret A secret containing the certificates for the TLS traffic is required when TLS is enabled. Please set the tls.existingSecret value {{- end -}} {{- if not .Values.tls.certFilename -}} valkey-cluster: TLSSecretMissingCert A certificate filename is required when TLS is enabled. Please set the tls.certFilename value {{- end -}} {{- if not .Values.tls.certKeyFilename -}} valkey-cluster: TLSSecretMissingCertKey A certificate key filename is required when TLS is enabled. Please set the tls.certKeyFilename value {{- end -}} {{- if not .Values.tls.certCAFilename -}} valkey-cluster: TLSSecretMissingCertCA A certificate CA filename is required when TLS is enabled. Please set the tls.certCAFilename value {{- end -}} {{- end -}} {{- end -}} {{/* Validate values of Valkey - PodSecurityPolicy create */}} {{- define "valkey-cluster.validateValues.tls" -}} {{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} valkey-cluster: tls.enabled In order to enable TLS, you also need to provide an existing secret containing the TLS certificates or enable auto-generated certificates. {{- end -}} {{- end -}}