add helm charts

2025-11-09 13:22:40 +03:30
parent 282c3e52d0
commit 38e4d749ad
1352 changed files with 190457 additions and 0 deletions
--- a/backing-services/gitea/charts/valkey/templates/scripts-configmap.yaml
+++ b/backing-services/gitea/charts/valkey/templates/scripts-configmap.yaml
@@ -0,0 +1,792 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: valkey
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
+  start-node.sh: |
+    #!/bin/bash
+
+    . /opt/bitnami/scripts/libos.sh
+    . /opt/bitnami/scripts/liblog.sh
+    . /opt/bitnami/scripts/libvalidations.sh
+
+    get_port() {
+        hostname="$1"
+        type="$2"
+
+        port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
+        port=${!port_var}
+
+        if [ -z "$port" ]; then
+            case $type in
+                "SENTINEL")
+                    echo {{ .Values.sentinel.containerPorts.sentinel }}
+                    ;;
+                "VALKEY")
+                    echo {{ .Values.primary.containerPorts.valkey }}
+                    ;;
+            esac
+        else
+            echo $port
+        fi
+    }
+
+    get_full_hostname() {
+        hostname="$1"
+
+        {{- if .Values.useExternalDNS.enabled }}
+        full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}"
+        {{- else if eq .Values.sentinel.service.type "NodePort" }}
+        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        {{- else }}
+        full_hostname="${hostname}.${HEADLESS_SERVICE}"
+        {{- end }}
+
+        {{- if .Values.useHostnames }}
+        echo "${full_hostname}"
+        {{- else }}
+        retry_count=0
+        until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do 
+            if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then
+                sleep {{ .Values.nameResolutionTimeout }}
+            else
+                error "IP address for ${full_hostname} not found"
+                exit 1
+            fi
+            ((retry_count++))
+        done
+        {{- end }}
+    }
+
+    VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY")
+
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+
+    if [ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]; then
+        VALKEY_SERVICE="$VALKEY_EXTERNAL_PRIMARY_HOST"
+    else
+        VALKEY_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    fi
+
+    SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL")
+    validate_quorum() {
+        if is_boolean_yes "$VALKEY_TLS_ENABLED"; then
+            quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel primary {{ .Values.sentinel.primarySet }}"
+        else
+            quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel primary {{ .Values.sentinel.primarySet }}"
+        fi
+        info "about to run the command: $quorum_info_command"
+        eval $quorum_info_command | grep -Fq "s_down"
+    }
+
+    trigger_manual_failover() {
+        if is_boolean_yes "$VALKEY_TLS_ENABLED"; then
+            failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.primarySet }}"
+        else
+            failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.primarySet }}"
+        fi
+
+        info "about to run the command: $failover_command"
+        eval $failover_command
+    }
+
+    get_sentinel_primary_info() {
+        if is_boolean_yes "$VALKEY_TLS_ENABLED"; then
+            sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}"
+        else
+            sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}"
+        fi
+
+        info "about to run the command: $sentinel_info_command"
+        retry_while "eval $sentinel_info_command" 2 5
+    }
+
+    {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }}
+    useradd valkey
+    chown -R valkey {{ .Values.replica.persistence.path }}
+    {{- end }}
+
+    [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")"
+    [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")"
+
+    # check if there is a primary
+    primary_in_persisted_conf="$(get_full_hostname "$HOSTNAME")"
+    primary_port_in_persisted_conf="$VALKEY_PRIMARY_PORT_NUMBER"
+    primary_in_sentinel="$(get_sentinel_primary_info)"
+    valkeyRetVal=$?
+
+    if [[ -f /opt/bitnami/valkey-sentinel/etc/sentinel.conf ]]; then
+        primary_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)"
+        primary_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)"
+        info "Found previous primary ${primary_in_persisted_conf}:${primary_port_in_persisted_conf} in /opt/bitnami/valkey-sentinel/etc/sentinel.conf"
+        debug "$(cat /opt/bitnami/valkey-sentinel/etc/sentinel.conf | grep monitor)"
+    fi
+
+    if [[ $valkeyRetVal -ne 0 ]]; then
+        if [[ "$primary_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then
+            # Case 1: No active sentinel and in previous sentinel.conf we were the primary --> PRIMARY
+            info "Configuring the node as primary"
+            export VALKEY_REPLICATION_MODE="primary"
+        else
+            # Case 2: No active sentinel and in previous sentinel.conf we were not primary --> REPLICA
+            info "Configuring the node as replica"
+            export VALKEY_REPLICATION_MODE="replica"
+            VALKEY_PRIMARY_HOST=${primary_in_persisted_conf}
+            VALKEY_PRIMARY_PORT_NUMBER=${primary_port_in_persisted_conf}
+        fi
+    else
+        # Fetches current primary's host and port
+        VALKEY_SENTINEL_INFO=($(get_sentinel_primary_info))
+        info "Current primary: VALKEY_SENTINEL_INFO=(${VALKEY_SENTINEL_INFO[0]},${VALKEY_SENTINEL_INFO[1]})"
+        VALKEY_PRIMARY_HOST=${VALKEY_SENTINEL_INFO[0]}
+        VALKEY_PRIMARY_PORT_NUMBER=${VALKEY_SENTINEL_INFO[1]}
+
+        if [[ "$VALKEY_PRIMARY_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then
+            # Case 3: Active sentinel and primary it is this node --> PRIMARY
+            info "Configuring the node as primary"
+            export VALKEY_REPLICATION_MODE="primary"
+        else
+            # Case 4: Active sentinel and primary is not this node --> REPLICA
+            info "Configuring the node as replica"
+            export VALKEY_REPLICATION_MODE="replica"
+
+            {{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }}
+            retry_count=1
+            while validate_quorum
+            do
+                info "sleeping, waiting for Valkey primary to come up"
+                sleep 1s
+                if ! ((retry_count % 11)); then
+                    info "Trying to manually failover"
+                    failover_result=$(trigger_manual_failover)
+
+                    debug "Failover result: $failover_result"
+                fi
+
+                ((retry_count+=1))
+            done
+            info "Valkey primary is up now"
+            {{- end }}
+        fi
+    fi
+
+    if [[ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]]; then
+      VALKEY_PRIMARY_HOST="$VALKEY_EXTERNAL_PRIMARY_HOST"
+      VALKEY_PRIMARY_PORT_NUMBER="${VALKEY_EXTERNAL_PRIMARY_PORT}"
+    fi
+
+    if [[ -f /opt/bitnami/valkey/mounted-etc/replica.conf ]];then
+        cp /opt/bitnami/valkey/mounted-etc/replica.conf /opt/bitnami/valkey/etc/replica.conf
+    fi
+
+    if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then
+        cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf
+    fi
+
+    echo "" >> /opt/bitnami/valkey/etc/replica.conf
+    echo "replica-announce-port $VALKEYPORT" >> /opt/bitnami/valkey/etc/replica.conf
+    echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey/etc/replica.conf
+
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${VALKEY_TLS_PORT}")
+    ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}")
+    ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}")
+    ARGS+=("--tls-replication" "yes")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- else }}
+    ARGS=("--port" "${VALKEY_PORT}")
+    {{- end }}
+
+    if [[ "$VALKEY_REPLICATION_MODE" = "replica" ]]; then
+        ARGS+=("--replicaof" "${VALKEY_PRIMARY_HOST}" "${VALKEY_PRIMARY_PORT_NUMBER}")
+    fi
+
+    {{- if .Values.auth.enabled }}
+    ARGS+=("--requirepass" "${VALKEY_PASSWORD}")
+    ARGS+=("--primaryauth" "${VALKEY_PRIMARY_PASSWORD}")
+    {{- else }}
+    ARGS+=("--protected-mode" "no")
+    {{- end }}
+    ARGS+=("--include" "/opt/bitnami/valkey/etc/replica.conf")
+    ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf")
+    {{- if .Values.replica.extraFlags }}
+    {{- range .Values.replica.extraFlags }}
+    ARGS+=({{ . | quote }})
+    {{- end }}
+    {{- end }}
+
+    {{- if .Values.replica.preExecCmds }}
+    {{- .Values.replica.preExecCmds | nindent 4 }}
+    {{- end }}
+
+    {{- if .Values.replica.command }}
+    exec {{ .Values.replica.command }} "${ARGS[@]}"
+    {{- else }}
+    exec valkey-server "${ARGS[@]}"
+    {{- end }}
+
+  start-sentinel.sh: |
+    #!/bin/bash
+
+    . /opt/bitnami/scripts/libos.sh
+    . /opt/bitnami/scripts/libvalidations.sh
+    . /opt/bitnami/scripts/libfile.sh
+
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    VALKEY_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+
+    get_port() {
+        hostname="$1"
+        type="$2"
+
+        port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
+        port=${!port_var}
+
+        if [ -z "$port" ]; then
+            case $type in
+                "SENTINEL")
+                    echo {{ .Values.sentinel.containerPorts.sentinel }}
+                    ;;
+                "VALKEY")
+                    echo {{ .Values.primary.containerPorts.valkey }}
+                    ;;
+            esac
+        else
+            echo $port
+        fi
+    }
+
+    get_full_hostname() {
+        hostname="$1"
+
+        {{- if .Values.useExternalDNS.enabled }}
+        full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}"
+        {{- else if eq .Values.sentinel.service.type "NodePort" }}
+        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        {{- else }}
+        full_hostname="${hostname}.${HEADLESS_SERVICE}"
+        {{- end }}
+
+        {{- if .Values.useHostnames }}
+        echo "${full_hostname}"
+        {{- else }}
+        retry_count=0
+        until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do 
+            if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then
+                sleep {{ .Values.nameResolutionTimeout }}
+            else
+                error "IP address for ${full_hostname} not found"
+                exit 1
+            fi
+            ((retry_count++))
+        done
+        {{- end }}
+    }
+
+    SERVPORT=$(get_port "$HOSTNAME" "SENTINEL")
+    VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY")
+    SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL")
+
+    sentinel_conf_set() {
+        local -r key="${1:?missing key}"
+        local value="${2:-}"
+
+        # Sanitize inputs
+        value="${value//\\/\\\\}"
+        value="${value//&/\\&}"
+        value="${value//\?/\\?}"
+        [[ "$value" = "" ]] && value="\"$value\""
+
+        replace_in_file "/opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
+    }
+    sentinel_conf_add() {
+        echo $'\n'"$@" >> "/opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf"
+    }
+    host_id() {
+        echo "$1" | openssl sha1 | awk '{print $2}'
+    }
+    get_sentinel_primary_info() {
+        if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then
+            sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_SENTINEL_TLS_CERT_FILE} --key ${VALKEY_SENTINEL_TLS_KEY_FILE} --cacert ${VALKEY_SENTINEL_TLS_CA_FILE} sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}"
+        else
+            sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}"
+        fi
+        info "about to run the command: $sentinel_info_command"
+        retry_while "eval $sentinel_info_command" 2 5
+    }
+
+    [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")"
+
+    primary_in_persisted_conf="$(get_full_hostname "$HOSTNAME")"
+
+    if [[ -f /opt/bitnami/valkey-sentinel/etc/sentinel.conf ]]; then
+        primary_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)"
+        info "Found previous primary $primary_in_persisted_conf in /opt/bitnami/valkey-sentinel/etc/sentinel.conf"
+        debug "$(cat /opt/bitnami/valkey-sentinel/etc/sentinel.conf | grep monitor)"
+    fi
+    VALKEY_SENTINEL_INFO=($(get_sentinel_primary_info))
+    if [ "$?" -eq "0" ]; then
+        # current primary's host and port obtained from other Sentinel
+        info "printing VALKEY_SENTINEL_INFO=(${VALKEY_SENTINEL_INFO[0]},${VALKEY_SENTINEL_INFO[1]})"
+        VALKEY_PRIMARY_HOST=${VALKEY_SENTINEL_INFO[0]}
+        VALKEY_PRIMARY_PORT_NUMBER=${VALKEY_SENTINEL_INFO[1]}
+    else
+        VALKEY_PRIMARY_HOST="$primary_in_persisted_conf"
+        VALKEY_PRIMARY_PORT_NUMBER="$VALKEYPORT"
+    fi
+    if [[ "$VALKEY_PRIMARY_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then
+        export VALKEY_REPLICATION_MODE="primary"
+    else
+        export VALKEY_REPLICATION_MODE="replica"
+    fi
+
+    {{- if .Values.sentinel.service.createPrimary }}
+    if [[ "${VALKEY_REPLICATION_MODE}" == "primary" ]]; then
+        # Add isPrimary label to primary node for primary service
+        echo "${VALKEY_PRIMARY_HOST/.*}" > /etc/shared/current
+    fi
+    {{- end }}
+
+    if [[ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]]; then
+      VALKEY_PRIMARY_HOST="$VALKEY_EXTERNAL_PRIMARY_HOST"
+      VALKEY_PRIMARY_PORT_NUMBER="${VALKEY_EXTERNAL_PRIMARY_PORT}"
+    fi
+
+    # To prevent incomplete configuration and as the valkey container accesses /opt/bitnami/valkey-sentinel/etc/sentinel.conf 
+    # as well, prepare the new config in `prepare-sentinel.conf` and move it atomically to the ultimate destination when it is complete.
+    cp /opt/bitnami/valkey-sentinel/mounted-etc/sentinel.conf /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- if .Values.auth.enabled }}
+    printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.primarySet }}" "$VALKEY_PASSWORD" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- if and .Values.auth.enabled .Values.auth.sentinel }}
+    printf "\nrequirepass %s" "$VALKEY_PASSWORD" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- end }}
+    {{- end }}
+    printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+
+    if [[ -z "$VALKEY_PRIMARY_HOST" ]] || [[ -z "$VALKEY_PRIMARY_PORT_NUMBER" ]]
+    then
+        # Prevent incorrect configuration to be written to sentinel.conf
+        error "Valkey primary host is configured incorrectly (host: $VALKEY_PRIMARY_HOST, port: $VALKEY_PRIMARY_PORT_NUMBER)"
+        exit 1
+    fi
+
+    sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.primarySet }} "$VALKEY_PRIMARY_HOST" "$VALKEY_PRIMARY_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
+
+    add_known_sentinel() {
+        hostname="$1"
+        ip="$2"
+
+        if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then
+            sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.primarySet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")"
+        fi
+    }
+    add_known_replica() {
+        hostname="$1"
+        ip="$2"
+
+        if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$VALKEY_PRIMARY_HOST" ]]; then
+            sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.primarySet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "VALKEY")"
+        fi
+    }
+
+    # Add available hosts on the network as known replicas & sentinels
+    for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do
+        hostname="{{ template "common.names.fullname" . }}-node-$node"
+        ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')"
+        add_known_sentinel "$hostname" "$ip"
+        add_known_replica "$hostname" "$ip"
+    done
+
+    echo "" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- if not (contains "sentinel announce-hostnames" .Values.sentinel.configuration) }}
+    echo "sentinel announce-hostnames yes" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- end }}
+    {{- if not (contains "sentinel resolve-hostnames" .Values.sentinel.configuration) }}
+    echo "sentinel resolve-hostnames yes" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- end }}
+    {{- if not (contains "sentinel announce-port" .Values.sentinel.configuration) }}
+    echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- end }}
+    {{- if not (contains "sentinel announce-ip" .Values.sentinel.configuration) }}
+    echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf
+    {{- end }}
+
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${VALKEY_SENTINEL_TLS_PORT_NUMBER}")
+    ARGS+=("--tls-cert-file" "${VALKEY_SENTINEL_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${VALKEY_SENTINEL_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${VALKEY_SENTINEL_TLS_CA_FILE}")
+    ARGS+=("--tls-replication" "yes")
+    ARGS+=("--tls-auth-clients" "${VALKEY_SENTINEL_TLS_AUTH_CLIENTS}")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${VALKEY_SENTINEL_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- end }}
+    {{- if .Values.sentinel.preExecCmds }}
+    {{ .Values.sentinel.preExecCmds | nindent 4 }}
+    {{- end }}
+    mv /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf /opt/bitnami/valkey-sentinel/etc/sentinel.conf
+    exec valkey-server /opt/bitnami/valkey-sentinel/etc/sentinel.conf {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }} --sentinel
+  prestop-sentinel.sh: |
+    #!/bin/bash
+
+    . /opt/bitnami/scripts/libvalidations.sh
+    . /opt/bitnami/scripts/libos.sh
+
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+
+    get_full_hostname() {
+        hostname="$1"
+
+        {{- if .Values.useExternalDNS.enabled }}
+        full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}"
+        {{- else if eq .Values.sentinel.service.type "NodePort" }}
+        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        {{- else }}
+        full_hostname="${hostname}.${HEADLESS_SERVICE}"
+        {{- end }}
+
+        {{- if .Values.useHostnames }}
+        echo "${full_hostname}"
+        {{- else }}
+        retry_count=0
+        until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do 
+            if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then
+                sleep {{ .Values.nameResolutionTimeout }}
+            else
+                error "IP address for ${full_hostname} not found"
+                exit 1
+            fi
+            ((retry_count++))
+        done
+        {{- end }}
+    }
+
+    run_sentinel_command() {
+        if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then
+            valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" --key "$VALKEY_SENTINEL_TLS_KEY_FILE" --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" sentinel "$@"
+        else
+            valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_PORT" sentinel "$@"
+        fi
+    }
+    sentinel_failover_finished() {
+      VALKEY_SENTINEL_INFO=($(run_sentinel_command get-primary-addr-by-name "{{ .Values.sentinel.primarySet }}"))
+      VALKEY_PRIMARY_HOST="${VALKEY_SENTINEL_INFO[0]}"
+      [[ "$VALKEY_PRIMARY_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
+    }
+
+    VALKEY_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+
+    {{ if .Values.auth.sentinel -}}
+    # valkey-cli automatically consumes credentials from the REDISCLI_AUTH variable
+    [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD"
+    [[ -f "$VALKEY_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${VALKEY_PASSWORD_FILE}")"
+    {{- end }}
+
+    if ! sentinel_failover_finished; then
+        echo "I am the primary pod and you are stopping me. Starting sentinel failover"
+        if retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then
+            echo "Primary has been successfuly failed over to a different pod."
+            exit 0
+        else
+            echo "Primary failover failed"
+            exit 1
+        fi
+    else
+        exit 0
+    fi
+  prestop-valkey.sh: |
+    #!/bin/bash
+
+    . /opt/bitnami/scripts/libvalidations.sh
+    . /opt/bitnami/scripts/libos.sh
+
+    run_valkey_command() {
+        if is_boolean_yes "$VALKEY_TLS_ENABLED"; then
+            valkey-cli -h 127.0.0.1 -p "$VALKEY_TLS_PORT" --tls --cert "$VALKEY_TLS_CERT_FILE" --key "$VALKEY_TLS_KEY_FILE" --cacert "$VALKEY_TLS_CA_FILE" "$@"
+        else
+            valkey-cli -h 127.0.0.1 -p "$VALKEY_PORT" "$@"
+        fi
+    }
+    is_primary() {
+        VALKEY_ROLE=$(run_valkey_command role | head -1)
+        [[ "$VALKEY_ROLE" == "master" ]]
+    }
+
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+
+    get_full_hostname() {
+        hostname="$1"
+
+        {{- if .Values.useExternalDNS.enabled }}
+        full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}"
+        {{- else if eq .Values.sentinel.service.type "NodePort" }}
+        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        {{- else }}
+        full_hostname="${hostname}.${HEADLESS_SERVICE}"
+        {{- end }}
+
+        {{- if .Values.useHostnames }}
+        echo "${full_hostname}"
+        {{- else }}
+        retry_count=0
+        until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do 
+            if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then
+                sleep {{ .Values.nameResolutionTimeout }}
+            else
+                error "IP address for ${full_hostname} not found"
+                exit 1
+            fi
+            ((retry_count++))
+        done
+        {{- end }}
+    }
+
+    run_sentinel_command() {
+        if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then
+            {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" --key "$VALKEY_SENTINEL_TLS_KEY_FILE" --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" sentinel "$@"
+        else
+            {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_PORT" sentinel "$@"
+        fi
+    }
+    sentinel_failover_finished() {
+        VALKEY_SENTINEL_INFO=($(run_sentinel_command get-primary-addr-by-name "{{ .Values.sentinel.primarySet }}"))
+        VALKEY_PRIMARY_HOST="${VALKEY_SENTINEL_INFO[0]}"
+        [[ "$VALKEY_PRIMARY_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
+    }
+
+    VALKEY_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+
+    # valkey-cli automatically consumes credentials from the REDISCLI_AUTH variable
+    [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD"
+    [[ -f "$VALKEY_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${VALKEY_PASSWORD_FILE}")"
+
+
+    if is_primary && ! sentinel_failover_finished; then
+        echo "I am the primary pod and you are stopping me. Pausing client connections."
+        # Pausing client write connections to avoid data loss
+        run_valkey_command CLIENT PAUSE "{{ mul (add 2 (sub .Values.sentinel.terminationGracePeriodSeconds 10)) 1000 }}" WRITE
+
+        echo "Issuing failover"
+        # if I am the primary, issue a command to failover once
+        run_sentinel_command failover "{{ .Values.sentinel.primarySet }}"
+
+        {{- if .Values.sentinel.valkeyShutdownWaitFailover }}
+        echo "Waiting for sentinel to complete failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s"
+        retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1
+        {{- end }}
+    else
+        exit 0
+    fi
+
+  {{- if .Values.sentinel.service.createPrimary}}
+  push-primary-label.sh: |
+    #!/bin/bash
+    # https://download.valkey.io/valkey-stable/sentinel.conf
+
+    echo "${6/.*}" > /etc/shared/current
+    echo "${4/.*}" > /etc/shared/previous
+  {{- end }}
+{{- else }}
+  start-primary.sh: |
+    #!/bin/bash
+
+    [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")"
+    {{- if and .Values.primary.containerSecurityContext.runAsUser (eq (.Values.primary.containerSecurityContext.runAsUser | int) 0) }}
+    useradd valkey
+    chown -R valkey {{ .Values.primary.persistence.path }}
+    {{- end }}
+    if [[ -f /opt/bitnami/valkey/mounted-etc/primary.conf ]];then
+        cp /opt/bitnami/valkey/mounted-etc/primary.conf /opt/bitnami/valkey/etc/primary.conf
+    fi
+    if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then
+        cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf
+    fi
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${VALKEY_TLS_PORT}")
+    ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}")
+    ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- else }}
+    ARGS=("--port" "${VALKEY_PORT}")
+    {{- end }}
+    {{- if .Values.auth.enabled }}
+    ARGS+=("--requirepass" "${VALKEY_PASSWORD}")
+    ARGS+=("--primaryauth" "${VALKEY_PASSWORD}")
+    {{- else }}
+    ARGS+=("--protected-mode" "no")
+    {{- end }}
+    ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf")
+    ARGS+=("--include" "/opt/bitnami/valkey/etc/primary.conf")
+    {{- if .Values.primary.extraFlags }}
+    {{- range .Values.primary.extraFlags }}
+    ARGS+=({{ . | quote }})
+    {{- end }}
+    {{- end }}
+    {{- if .Values.primary.preExecCmds }}
+    {{ .Values.primary.preExecCmds | nindent 4 }}
+    {{- end }}
+    {{- if .Values.primary.command }}
+    exec {{ .Values.primary.command }} "${ARGS[@]}"
+    {{- else }}
+    exec valkey-server "${ARGS[@]}"
+    {{- end }}
+  {{- if eq .Values.architecture "replication" }}
+  start-replica.sh: |
+    #!/bin/bash
+
+    get_port() {
+        hostname="$1"
+        type="$2"
+
+        port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
+        port=${!port_var}
+
+        if [ -z "$port" ]; then
+            case $type in
+                "SENTINEL")
+                    echo {{ .Values.sentinel.containerPorts.sentinel }}
+                    ;;
+                "VALKEY")
+                    echo {{ .Values.primary.containerPorts.valkey }}
+                    ;;
+            esac
+        else
+            echo $port
+        fi
+    }
+
+    get_full_hostname() {
+        hostname="$1"
+
+        {{- if .Values.useExternalDNS.enabled }}
+        full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}"
+        {{- else if eq .Values.sentinel.service.type "NodePort" }}
+        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        {{- else }}
+        full_hostname="${hostname}.${HEADLESS_SERVICE}"
+        {{- end }}
+
+        {{- if .Values.useHostnames }}
+        echo "${full_hostname}"
+        {{- else }}
+        retry_count=0
+        until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do 
+            if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then
+                sleep {{ .Values.nameResolutionTimeout }}
+            else
+                error "IP address for ${full_hostname} not found"
+                exit 1
+            fi
+            ((retry_count++))
+        done
+        {{- end }}
+    }
+
+    VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY")
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+
+    [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")"
+    [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")"
+    {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }}
+    useradd valkey
+    chown -R valkey {{ .Values.replica.persistence.path }}
+    {{- end }}
+    if [[ -f /opt/bitnami/valkey/mounted-etc/replica.conf ]];then
+        cp /opt/bitnami/valkey/mounted-etc/replica.conf /opt/bitnami/valkey/etc/replica.conf
+    fi
+    if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then
+        cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf
+    fi
+
+    echo "" >> /opt/bitnami/valkey/etc/replica.conf
+    echo "replica-announce-port $VALKEYPORT" >> /opt/bitnami/valkey/etc/replica.conf
+    echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey/etc/replica.conf
+
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${VALKEY_TLS_PORT}")
+    ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}")
+    ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}")
+    ARGS+=("--tls-replication" "yes")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- else }}
+    ARGS=("--port" "${VALKEY_PORT}")
+    {{- end }}
+    ARGS+=("--replicaof" "${VALKEY_PRIMARY_HOST}" "${VALKEY_PRIMARY_PORT_NUMBER}")
+    {{- if .Values.auth.enabled }}
+    ARGS+=("--requirepass" "${VALKEY_PASSWORD}")
+    ARGS+=("--primaryauth" "${VALKEY_PRIMARY_PASSWORD}")
+    {{- else }}
+    ARGS+=("--protected-mode" "no")
+    {{- end }}
+    ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf")
+    ARGS+=("--include" "/opt/bitnami/valkey/etc/replica.conf")
+    {{- if .Values.replica.extraFlags }}
+    {{- range .Values.replica.extraFlags }}
+    ARGS+=({{ . | quote }})
+    {{- end }}
+    {{- end }}
+    {{- if .Values.replica.preExecCmds }}
+    {{ .Values.replica.preExecCmds | nindent 4 }}
+    {{- end }}
+    {{- if .Values.replica.command }}
+    exec {{ .Values.replica.command }} "${ARGS[@]}"
+    {{- else }}
+    exec valkey-server "${ARGS[@]}"
+    {{- end }}
+  {{- end }}
+{{- end }}
+---
+{{- if .Values.sentinel.service.createPrimary}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  update-primary-label.sh: |
+    #!/bin/bash
+    while true; do
+        while [ ! -f "/etc/shared/current" ]; do
+            sleep 1
+        done
+        echo "new primary elected, updating label(s)..."
+        kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" isPrimary="true" --overwrite
+        if [ -f /etc/shared/previous ]; then
+            kubectl label pod --field-selector metadata.name="$(< "/etc/shared/previous")" isPrimary="false" --overwrite
+        fi
+        rm "/etc/shared/current" "/etc/shared/previous"
+    done
+{{- end }}