cscott/amplify-fusion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Conan Scott
2026-01-21 17:37:42 +11:00
commit bd1ed71ac4
142 changed files with 18994 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
templates/valkey/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
Thank you for installing the {{ .Chart.Name }} chart for the Amplify Integration Platform.
Your release is named {{ .Release.Name }}.
To learn more about the release, try:
$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}

185
templates/valkey/_helpers.tpl Normal file
View File

@@ -0,0 +1,185 @@
{{- define "valkey.name" -}}
{{- default "valkey" .Values.valkey.internal.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "valkey.fullname" -}}
{{- if .Values.valkey.internal.fullnameOverride }}
{{- .Values.valkey.internal.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default "valkey" .Values.valkey.internal.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "valkey.labels" -}}
{{ include "dataplane.labels" . }}
{{ include "valkey.selectorLabels" . }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "valkey.selectorLabels" -}}
app.kubernetes.io/name: {{ include "valkey.name" . }}
app: {{ include "valkey.appName" . }}
dplane: "valkey"
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "valkey.serviceAccountName" -}}
{{- if .Values.valkey.internal.serviceAccount.enabled }}
{{- default (include "valkey.fullname" .) .Values.valkey.internal.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.valkey.internal.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Custom templates start here
*/}}
{{- define "valkey.appName" -}}
{{- if .Values.valkey.internal.nameOverride -}}
{{- .Values.valkey.internal.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "valkey" -}}
{{- end -}}
{{- end }}
{{/*
Image name
*/}}
{{- define "image.finalname" -}}
{{- printf "%s/%s:%s" .Values.valkey.internal.image.server "valkey" .Chart.AppVersion }}
{{- end }}
{{/*
clusterRefId
*/}}
{{- define "valkey.clusterRefId" -}}
{{- printf "%s" (.Values.global.clusterKey | b64dec | fromJson).clusterRefId }}
{{- end }}
{{/*
Check if Valkey internal is enabled
*/}}
{{- define "valkey.internal.enabled" -}}
{{- and .Values.valkey.enabled .Values.valkey.internal.enabled -}}
{{- end -}}
{{/*
Check if Valkey PDB is enabled
*/}}
{{- define "valkey.internal.pdb.enabled" -}}
{{- and (include "valkey.internal.enabled" .) .Values.valkey.internal.podDisruptionBudget.enabled -}}
{{- end -}}
{{/*
Check if Valkey service account is enabled
*/}}
{{- define "valkey.internal.sa.enabled" -}}
{{- and (include "valkey.internal.enabled" .) .Values.valkey.internal.serviceAccount.enabled -}}
{{- end -}}
{{/*
Check if Valkey external is enabled
*/}}
{{- define "valkey.external.enabled" -}}
{{- and .Values.valkey.enabled .Values.valkey.external.enabled -}}
{{- end -}}
{{/*
Calculate maxmemory based on resources.limits.memory with tiered approach
resources.limits.memory not set -> default to 64MB
resource.limits.memory set -> calculate maxmemory based on tiers
Tier 1: Small (2GB) - 75% - 64MB
Tier 2: Medium (2-8GB) - 85% - 128MB
Tier 3: Large (8-32GB) - 90% - 256MB
Tier 4: XLarge (>32GB) - 92% - 512MB
Minimum result: 64MB
Formula Explained:
1) Determine the memory limit in bytes.
2) Convert bytes to GB for tier classification
3) Apply the percentage based on the tier.
4) Subtract the fixed overhead based on the tier.
5) Ensure the final maxmemory is at least 64MB.
*/}}
{{- define "valkey.maxmemory" -}}
{{- $mem := .Values.valkey.internal.resources.limits.memory | default "" -}}
{{- $Mi := 1048576 -}}
{{- $Gi := 1073741824 -}}
{{- if not $mem -}}
{{- mul 64 $Mi -}}
{{- else -}}
{{- $bytes := 0 -}}
{{- if hasSuffix "Ki" $mem -}}
{{- $bytes = int (mulf (trimSuffix "Ki" $mem | float64) 1024) -}}
{{- else if hasSuffix "Mi" $mem -}}
{{- $bytes = int (mulf (trimSuffix "Mi" $mem | float64) $Mi) -}}
{{- else if hasSuffix "Gi" $mem -}}
{{- $bytes = int (mulf (trimSuffix "Gi" $mem | float64) $Gi) -}}
{{- else if hasSuffix "Ti" $mem -}}
{{- $bytes = int (mulf (trimSuffix "Ti" $mem | float64) 1099511627776) -}}
{{- else -}}
{{- $bytes = $mem | int -}}
{{- end -}}
{{- $t1 := mul 2 $Gi -}}
{{- $t2 := mul 8 $Gi -}}
{{- $t3 := mul 32 $Gi -}}
{{- $max := 0 -}}
{{- if le $bytes $t1 -}}
{{- $max = sub (div (mul $bytes 75) 100) (mul 64 $Mi) -}}
{{- else if le $bytes $t2 -}}
{{- $max = sub (div (mul $bytes 85) 100) (mul 128 $Mi) -}}
{{- else if le $bytes $t3 -}}
{{- $max = sub (div (mul $bytes 90) 100) (mul 256 $Mi) -}}
{{- else -}}
{{- $max = sub (div (mul $bytes 92) 100) (mul 512 $Mi) -}}
{{- end -}}
{{- if lt $max (mul 64 $Mi) -}}
{{- $max = mul 64 $Mi -}}
{{- end -}}
{{- $max -}}
{{- end -}}
{{- end -}}
{{/*
Generate Valkey save configuration from rdbSnapshots array
*/}}
{{- define "valkey.saveConfig" -}}
{{- if .Values.valkey.internal.persistence.rdbSnapshots -}}
{{- $saveConfig := list -}}
{{- range .Values.valkey.internal.persistence.rdbSnapshots -}}
{{- $saveConfig = append $saveConfig (printf "%d %d" (int .seconds) (int .keyChanges)) -}}
{{- end -}}
{{- if $saveConfig -}}
save {{ join " " $saveConfig }}
{{- else -}}
save ""
{{- end -}}
{{- else -}}
save ""
{{- end -}}
{{- end -}}

52
templates/valkey/calico.netpol.yaml Normal file
View File

@@ -0,0 +1,52 @@
{{- if .Values.valkey.internal.calicoNetpol.enabled }}
apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
name: {{ template "valkey.appName" . }}
namespace: {{ .Release.Namespace }}
spec:
order: 10
selector: dplane == 'valkey'
types:
- Ingress
- Egress
ingress:
### traffic from inbound-worker, orchestrator, valkey, sink agent, pep server and migrator job ###
- action: Allow
protocol: TCP
source:
selector: dplane == 'orchestrator' || dplane == 'inbound-worker' || dplane == 'valkey' || dplane == 'sink-agent' || dplane == 'pep-server' || dplane == 'migrator-job'
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
destination:
ports:
- 8080
- 6379
- 16379
egress:
# allow to communicate to DNS pods
- action: Allow
protocol: UDP
destination:
namespaceSelector: projectcalico.org/name == 'kube-system'
ports:
- 53
- action: Allow
protocol: TCP
destination:
namespaceSelector: projectcalico.org/name == 'kube-system'
ports:
- 53
# allow to communicate with itself for clustering
- action: Allow
destination:
selector: dplane == 'valkey'
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
protocol: TCP
# allow to communicate with k8s api server
- action: Allow
destination:
services:
name: kubernetes
namespace: default
protocol: TCP
{{- end }}

59
templates/valkey/configmap-config.yaml Normal file
View File

@@ -0,0 +1,59 @@
{{- if and (include "valkey.internal.enabled" .) (not .Values.common.externalConfigMaps) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "valkey.appName" . }}-config
namespace: {{ .Release.Namespace }}
data:
valkey.conf: |-
# Core cluster settings
port 6379
cluster-enabled yes
cluster-config-file "nodes.conf"
cluster-node-timeout {{ .Values.valkey.internal.clusterNodeTimeout }}
cluster-require-full-coverage no
notify-keyspace-events KEA
# Network
bind 0.0.0.0
cluster-announce-port 6379
cluster-announce-bus-port 16379
# Security
protected-mode no
requirepass insertpass
primaryauth insertpass
# Storage
dir {{ .Values.valkey.internal.valkeyDir }}
{{- if eq .Values.valkey.internal.persistence.appendonly "yes" }}
appendonly {{ .Values.valkey.internal.persistence.appendonly }}
appendfsync everysec
no-appendfsync-on-rewrite yes
{{- end }}
{{ include "valkey.saveConfig" . }}
# Memory
{{- if not .Values.valkey.internal.resources.limits.memory }}
# WARNING: resources.limits.memory is not set!
# Valkey maxmemory is set to minimal 64MB default.
# Consider setting resources.limits.memory to suit your use case.
{{- end }}
maxmemory {{ include "valkey.maxmemory" . }}
maxmemory-policy {{ .Values.valkey.internal.maxMemoryPolicy }}
# Process
daemonize no
loglevel {{ .Values.valkey.internal.logLevel }}
{{- if and .Values.valkey.internal.logFile (ne .Values.valkey.internal.logFile "") }}
logfile "{{ .Values.valkey.internal.valkeyDir }}/logs/{{ .Values.valkey.internal.logFile }}"
{{- else }}
logfile ""
{{- end }}
# Replica
replica-serve-stale-data yes
replica-read-only yes
{{- end }}

14
templates/valkey/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if eq (include "valkey.internal.pdb.enabled" .) "true" }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "valkey.appName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "valkey.labels" . | nindent 4 }}
spec:
maxUnavailable: {{ .Values.valkey.internal.podDisruptionBudget.maxUnavailable }}
selector:
matchLabels:
{{ include "valkey.selectorLabels" . | nindent 6 }}
{{- end }}

7
templates/valkey/role.yaml Normal file
View File

@@ -0,0 +1,7 @@
{{- if and (eq (include "valkey.internal.sa.enabled" .) "true") (not .Values.valkey.internal.serviceAccount.preexisting) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "valkey.name" . }}-role
rules: []
{{- end }}

14
templates/valkey/roleBinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if and (eq (include "valkey.internal.sa.enabled" .) "true") (not .Values.valkey.internal.serviceAccount.preexisting) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "valkey.name" . }}-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "valkey.name" . }}-role
subjects:
- kind: ServiceAccount
name: {{ .Values.valkey.internal.serviceAccount.enabled | ternary .Values.valkey.internal.serviceAccount.name "default" }}
namespace: {{ .Release.Namespace }}
{{- end }}

23
templates/valkey/service-headless.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if eq (include "valkey.internal.enabled" .) "true" }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "valkey.appName" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{ include "valkey.labels" . | nindent 4 }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: valkey-client
port: 6379
targetPort: valkey-client
protocol: TCP
- name: valkey-cluster
port: 16379
targetPort: valkey-cluster
protocol: TCP
selector:
{{ include "valkey.selectorLabels" . | nindent 4 }}
{{- end }}

18
templates/valkey/service.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if eq (include "valkey.internal.enabled" .) "true" }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "valkey.appName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "valkey.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: valkey-client
port: 6379
targetPort: valkey-client
protocol: TCP
selector:
{{ include "valkey.selectorLabels" . | nindent 4 }}
{{- end }}

13
templates/valkey/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if and (eq (include "valkey.internal.sa.enabled" .) "true") (not .Values.valkey.internal.serviceAccount.preexisting) }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "valkey.serviceAccountName" . }}
labels:
{{- include "valkey.labels" . | nindent 4 }}
{{- with .Values.valkey.internal.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.valkey.internal.serviceAccount.automountServiceAccountToken }}
{{- end }}

175
templates/valkey/statefulset.yaml Normal file
View File

@@ -0,0 +1,175 @@
{{- if eq (include "valkey.internal.enabled" .) "true" }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "valkey.appName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "valkey.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.valkey.internal.clusterSize }}
serviceName: {{ template "valkey.appName" . }}-headless
selector:
matchLabels:
{{ include "valkey.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.valkey.internal.podAnnotations }}
annotations:
{{ toYaml . | nindent 8 }}
{{- end }}
labels:
{{ include "valkey.selectorLabels" . | nindent 8 }}
dplane: valkey
spec:
terminationGracePeriodSeconds: {{ .Values.valkey.internal.terminationGracePeriodSeconds }}
{{- with .Values.global.image.imagePullSecrets }}
imagePullSecrets:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.valkey.internal.serviceAccount.enabled }}
serviceAccountName: {{ include "valkey.serviceAccountName" . }}
{{- end }}
{{- if .Values.valkey.internal.podSecurityContextEnabled }}
securityContext: {{ toYaml .Values.valkey.internal.podSecurityContext | nindent 8 }}
{{- end }}
dnsConfig:
options:
- name: use-vc
containers:
- name: {{ template "valkey.appName" . }}
securityContext:
{{ toYaml .Values.valkey.internal.securityContext | nindent 12 }}
image: "{{ default .Values.global.image.repository .Values.valkey.internal.image.repository }}/{{ .Values.valkey.internal.image.name }}:{{ .Values.valkey.internal.image.buildTag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
- name: valkey-client
containerPort: 6379
- name: valkey-cluster
containerPort: 16379
lifecycle:
preStop:
exec:
command:
- "/bin/sh"
- "-c"
- >
timeout 40 /scripts/pre-stop.sh || echo 'preStop timeout reached - continuing with shutdown'
{{- if .Values.valkey.internal.startupProbe.enabled }}
startupProbe:
initialDelaySeconds: {{ .Values.valkey.internal.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.valkey.internal.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.valkey.internal.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.valkey.internal.startupProbe.successThreshold }}
failureThreshold: {{ .Values.valkey.internal.startupProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /scripts/health-check.sh startup {{ .Values.valkey.internal.startupProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.valkey.internal.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.valkey.internal.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.valkey.internal.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.valkey.internal.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.valkey.internal.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.valkey.internal.livenessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /scripts/health-check.sh liveness {{ .Values.valkey.internal.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.valkey.internal.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.valkey.internal.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.valkey.internal.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.valkey.internal.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.valkey.internal.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.valkey.internal.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /scripts/health-check.sh readiness {{ .Values.valkey.internal.readinessProbe.timeoutSeconds }}
{{- end }}
command:
- "/bin/sh"
- "-c"
- >
/scripts/start-valkey.sh
env:
- name: VALKEY_DIR
value: "{{ .Values.valkey.internal.valkeyDir }}"
- name: REDISCLI_AUTH
valueFrom:
secretKeyRef:
name: {{ .Values.common.datagridCredentials.name }}
key: datagrid_password
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CLUSTER_SIZE
value: "{{ .Values.valkey.internal.clusterSize }}"
- name: REPLICAS_PER_MASTER
value: "{{ .Values.valkey.internal.replicasPerMaster }}"
- name: VALKEY_PORT
value: "6379"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
resources:
{{- toYaml .Values.valkey.internal.resources | nindent 12 }}
volumeMounts:
- name: {{ .Values.valkey.internal.persistence.claimTemplateName }}
mountPath: {{ .Values.valkey.internal.valkeyDir }}
- name: config
mountPath: /config
envFrom:
{{- if .Values.common.email_authentication }}
- secretRef:
name: {{ .Values.common.fromMail.name }}
{{- end }}
- secretRef:
name: {{ .Values.common.datagridCredentials.name }}
volumes:
- name: config
configMap:
name: {{ template "valkey.appName" . }}-config
{{- with .Values.valkey.internal.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.valkey.internal.affinity }}
affinity:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.valkey.internal.tolerations }}
tolerations:
{{ toYaml . | nindent 8 }}
{{- end }}
volumeClaimTemplates:
- metadata:
name: {{ .Values.valkey.internal.persistence.claimTemplateName }}
labels:
{{ include "valkey.selectorLabels" . | nindent 10 }}
spec:
accessModes:
- {{ .Values.valkey.internal.persistence.claimTemplateAccessModes }}
resources:
requests:
storage: {{ .Values.valkey.internal.persistence.claimTemplateRequestStorage }}
{{- if .Values.valkey.internal.persistence.claimTemplateStorageClass }}
storageClassName: {{ .Values.valkey.internal.persistence.claimTemplateStorageClass }}
{{- end }}
{{- end }}

14
templates/valkey/valkey-secret.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.valkey.enabled }}
{{- if .Values.common.datagridCredentials.existingSecret -}}
{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace .Values.common.datagridCredentials.name ).metadata | required "Secret .Values.common.datagridCredentials.name is required. Create it external to helm chart or set existingSecret to false" }}
{{- else }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.common.datagridCredentials.name }}
type: "Opaque"
data:
datagrid_password: {{ required "Value datagridPassword is required for the database secret" .Values.common.datagridCredentials.password }}
{{- end }}
{{- end }}