builder

package
v1.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package builder provides functions for constructing Kubernetes resources for Valkey operator managed instances.

Index

Constants

View Source 
const (
	// TLSVolumeName is the name of the volume for TLS certificates.
	TLSVolumeName = "tls"

	// TLSMountPath is the mount path for TLS certificates inside containers.
	TLSMountPath = "/tls"

	// TLSPort is the TLS-enabled Valkey port.
	TLSPort = 16379

	// CertManagerAPIVersion is the API version for cert-manager Certificate resources.
	CertManagerAPIVersion = "cert-manager.io/v1"

	// CertManagerCertificateKind is the kind for cert-manager Certificate resources.
	CertManagerCertificateKind = "Certificate"
)
View Source 
const (
	// ValkeyPort is the default Valkey server port.
	ValkeyPort = 6379

	// ValkeyConfigKey is the key used in the ConfigMap for the valkey configuration.
	ValkeyConfigKey = "valkey.conf"

	// DataDir is the directory where Valkey stores its data.
	DataDir = "/data"
)
View Source 
const (
	// SentinelPort is the default Sentinel port.
	SentinelPort = 26379

	// SentinelConfigKey is the key used in the ConfigMap for sentinel configuration.
	SentinelConfigKey = "sentinel.conf"

	// SentinelContainerName is the name of the Sentinel container.
	SentinelContainerName = "sentinel"

	// SentinelConfigVolumeName is the name of the writable sentinel config volume.
	SentinelConfigVolumeName = "sentinel-config"

	// SentinelConfigMountPath is the mount path for the sentinel configuration.
	SentinelConfigMountPath = "/etc/sentinel"

	// SentinelDataDir is the working directory for Sentinel.
	SentinelDataDir = "/data"

	// SentinelQuorum is the default number of Sentinels that need to agree for failover.
	SentinelQuorum = 2

	// SentinelDownAfterMilliseconds is the default time before a master is considered down.
	SentinelDownAfterMilliseconds = 5000

	// SentinelFailoverTimeout is the default failover timeout.
	SentinelFailoverTimeout = 60000

	// SentinelParallelSyncs is the number of replicas that can sync simultaneously after failover.
	SentinelParallelSyncs = 1
)
View Source 
const (
	// ValkeyContainerName is the name of the main Valkey container.
	ValkeyContainerName = "valkey"

	// SidecarContainerName is the name of the sidecar container that manages role labels.
	SidecarContainerName = "sidecar"

	// SidecarHealthPort is the port on which the sidecar readiness endpoint listens.
	SidecarHealthPort = 8082

	// ConfigVolumeName is the name of the volume for the master Valkey configuration (readonly).
	ConfigVolumeName = "config"

	// ReplicaConfigVolumeName is the name of the volume for the replica configuration (readonly, HA mode).
	ReplicaConfigVolumeName = "replica-config"

	// WritableConfigVolumeName is the name of the writable config volume (HA mode, populated by init container).
	WritableConfigVolumeName = "writable-config"

	// DataVolumeName is the name of the volume for persistent data.
	DataVolumeName = "data"

	// ConfigMountPath is the mount path for the master Valkey configuration (readonly).
	ConfigMountPath = "/etc/valkey"

	// ReplicaConfigMountPath is the mount path for the replica configuration (readonly, HA mode).
	ReplicaConfigMountPath = "/etc/valkey-replica"

	// WritableConfigMountPath is the mount path for the writable config (HA mode).
	WritableConfigMountPath = "/etc/valkey-active"

	// AuthSecretEnvName is the environment variable name used to inject the Valkey password.
	AuthSecretEnvName = "VALKEY_PASSWORD"
)

Variables

This section is empty.

Functions

func AllServiceName added in v1.1.0 

func AllServiceName(v *vkov1.Valkey) string

AllServiceName returns the name for the all-pods Service (<name>-all). This service load-balances across all Valkey pods regardless of role.

func BuildAllService added in v1.1.0 

func BuildAllService(v *vkov1.Valkey) *corev1.Service

BuildAllService builds the all-pods Service that load-balances across all Valkey pods. Useful for read-heavy workloads where reads from replicas are acceptable.

func BuildConfigMap 

func BuildConfigMap(v *vkov1.Valkey) *corev1.ConfigMap

BuildConfigMap builds the ConfigMap for Valkey configuration. In standalone mode or for the master in HA mode, isReplica should be false.

func BuildHeadlessService 

func BuildHeadlessService(v *vkov1.Valkey) *corev1.Service

BuildHeadlessService builds the headless Service for StatefulSet DNS resolution.

func BuildRWService added in v1.1.0 

func BuildRWService(v *vkov1.Valkey) *corev1.Service

BuildRWService builds the read-write Service that routes only to the master pod. The selector requires instanceRole=master, which is managed by the sidecar container.

func BuildReadOnlyService added in v1.1.0 

func BuildReadOnlyService(v *vkov1.Valkey) *corev1.Service

BuildReadOnlyService builds a read-only Service that routes only to replica pods. The selector requires instanceRole=replica, managed by the sidecar container. Only created in multi-replica mode.

func BuildReplicaConfigMap 

func BuildReplicaConfigMap(v *vkov1.Valkey) *corev1.ConfigMap

BuildReplicaConfigMap builds the ConfigMap for Valkey replica configuration (HA mode). It includes the `replicaof` directive pointing to the master.

func BuildSentinelCertificate 

func BuildSentinelCertificate(v *vkov1.Valkey) *unstructured.Unstructured

BuildSentinelCertificate builds the cert-manager Certificate resource for Sentinel pods.

func BuildSentinelConfigMap 

func BuildSentinelConfigMap(v *vkov1.Valkey) *corev1.ConfigMap

BuildSentinelConfigMap builds the ConfigMap for Sentinel configuration.

func BuildSentinelHeadlessService 

func BuildSentinelHeadlessService(v *vkov1.Valkey) *corev1.Service

BuildSentinelHeadlessService builds the headless Service for Sentinel StatefulSet DNS resolution.

func BuildSentinelNetworkPolicy 

func BuildSentinelNetworkPolicy(v *vkov1.Valkey, operatorNamespace string) *networkingv1.NetworkPolicy

BuildSentinelNetworkPolicy builds the NetworkPolicy that allows Valkey→Sentinel and Sentinel↔Sentinel traffic. It restricts ingress to the Sentinel port from Valkey and Sentinel pods, and (when operatorNamespace is non-empty) also from all pods in the operator namespace so the operator can reach Sentinel pods for health checks.

func BuildSentinelStatefulSet 

func BuildSentinelStatefulSet(v *vkov1.Valkey) *appsv1.StatefulSet

BuildSentinelStatefulSet builds the StatefulSet for Sentinel instances.

func BuildSidecarRole added in v1.1.0 

func BuildSidecarRole(v *vkov1.Valkey) *rbacv1.Role

BuildSidecarRole builds the namespaced Role for the sidecar container. The role grants patch access to pods owned by this Valkey instance so the sidecar can update the instanceRole label on its own pod.

func BuildSidecarRoleBinding added in v1.1.0 

func BuildSidecarRoleBinding(v *vkov1.Valkey) *rbacv1.RoleBinding

BuildSidecarRoleBinding builds the RoleBinding that binds the sidecar Role to its ServiceAccount.

func BuildSidecarServiceAccount added in v1.1.0 

func BuildSidecarServiceAccount(v *vkov1.Valkey) *corev1.ServiceAccount

BuildSidecarServiceAccount builds the ServiceAccount for the sidecar container. Each Valkey instance gets its own ServiceAccount to limit blast radius.

func BuildStatefulSet 

func BuildStatefulSet(v *vkov1.Valkey, operatorImage string) *appsv1.StatefulSet

BuildStatefulSet builds the StatefulSet for Valkey instances. operatorImage is the container image of the operator, used for the sidecar container.

func BuildValkeyCertificate 

func BuildValkeyCertificate(v *vkov1.Valkey) *unstructured.Unstructured

BuildValkeyCertificate builds the cert-manager Certificate resource for Valkey pods.

func BuildValkeyNetworkPolicy 

func BuildValkeyNetworkPolicy(v *vkov1.Valkey, operatorNamespace string) *networkingv1.NetworkPolicy

BuildValkeyNetworkPolicy builds the NetworkPolicy that allows Valkey↔Valkey and Sentinel→Valkey traffic within the cluster. It restricts ingress to the Valkey port from other Valkey pods, Sentinel pods, and (when operatorNamespace is non-empty) all pods in the operator namespace so the operator can reach Valkey pods for health checks (e.g. INFO replication). It unconditionally allows ingress on the sidecar health port from all sources so that kubelet readiness/liveness probes always succeed.

func CertificateOwnerRef 

func CertificateOwnerRef(v *vkov1.Valkey) metav1.OwnerReference

CertificateOwnerRef returns an OwnerReference for setting on Certificate resources.

func ConfigMapName 

func ConfigMapName(v *vkov1.Valkey) string

ConfigMapName returns the name for the Valkey ConfigMap.

func DesiredServicePort 

func DesiredServicePort(v *vkov1.Valkey) corev1.ServicePort

DesiredServicePort returns the port spec for Services, accounting for TLS.

func GenerateSentinelConf 

func GenerateSentinelConf(v *vkov1.Valkey) string

GenerateSentinelConf generates the sentinel.conf content based on the CRD spec.

func GenerateValkeyConf 

func GenerateValkeyConf(v *vkov1.Valkey, isReplica bool) string

GenerateValkeyConf generates the valkey.conf content based on the CRD spec. The isReplica parameter controls whether replicaof directives are included.

func MasterAddress 

func MasterAddress(v *vkov1.Valkey) string

MasterAddress returns the DNS address of the master pod (pod-0 of the StatefulSet). Used for `replicaof` configuration in replica pods.

func NetworkPolicyHasChanged 

func NetworkPolicyHasChanged(desired, current *networkingv1.NetworkPolicy) bool

NetworkPolicyHasChanged returns true if the desired NetworkPolicy differs from the current one. Uses reflect.DeepEqual for ingress rule comparison to correctly handle all peer types (PodSelector, NamespaceSelector, or combined peers).

func NetworkPolicyName 

func NetworkPolicyName(v *vkov1.Valkey) string

NetworkPolicyName returns the name for the Valkey NetworkPolicy.

func ProbeCommand 

func ProbeCommand(v *vkov1.Valkey) []string

ProbeCommand returns the probe command, accounting for TLS and auth. When auth is enabled, the probe uses a shell command to expand the VALKEY_PASSWORD environment variable for the -a flag.

func RWServiceName added in v1.1.0 

func RWServiceName(v *vkov1.Valkey) string

RWServiceName returns the name for the read-write Service (<name>-rw). This service routes only to the master pod.

func ReadOnlyServiceName added in v1.1.0 

func ReadOnlyServiceName(v *vkov1.Valkey) string

ReadOnlyServiceName returns the name for the read-only replica Service (<name>-r). This service routes only to replica pods.

func ReplicaConfigMapName 

func ReplicaConfigMapName(v *vkov1.Valkey) string

ReplicaConfigMapName returns the name for the replica Valkey ConfigMap (HA mode).

func SentinelCertificateName 

func SentinelCertificateName(v *vkov1.Valkey) string

SentinelCertificateName returns the name of the Certificate resource for Sentinel pods.

func SentinelConfigMapName 

func SentinelConfigMapName(v *vkov1.Valkey) string

SentinelConfigMapName returns the name for the Sentinel ConfigMap.

func SentinelMonitorName 

func SentinelMonitorName(v *vkov1.Valkey) string

SentinelMonitorName returns the name used for the `sentinel monitor` directive.

func SentinelNetworkPolicyName 

func SentinelNetworkPolicyName(v *vkov1.Valkey) string

SentinelNetworkPolicyName returns the name for the Sentinel NetworkPolicy.

func SentinelStatefulSetHasChanged 

func SentinelStatefulSetHasChanged(desired, current *appsv1.StatefulSet) bool

SentinelStatefulSetHasChanged returns true if the live Sentinel StatefulSet differs from desired.

func SentinelTLSSecretName 

func SentinelTLSSecretName(v *vkov1.Valkey) string

SentinelTLSSecretName returns the name of the Secret that holds TLS certs for Sentinel. When cert-manager is used, a separate Certificate is created for Sentinel. When a user-provided secret is used, the same secret is shared.

func ServicePort 

func ServicePort(v *vkov1.Valkey) int32

ServicePort returns the Valkey client port, accounting for TLS configuration.

func SidecarServiceAccountName added in v1.1.0 

func SidecarServiceAccountName(v *vkov1.Valkey) string

SidecarServiceAccountName returns the name of the ServiceAccount used by the sidecar container.

func StatefulSetHasChanged 

func StatefulSetHasChanged(desired, current *appsv1.StatefulSet) bool

StatefulSetHasChanged returns true if the live StatefulSet differs from the desired spec in ways that require an update (image, replicas, resources, config).

func ValkeyCertificateName 

func ValkeyCertificateName(v *vkov1.Valkey) string

ValkeyCertificateName returns the name of the Certificate resource for Valkey pods.

func ValkeyTLSSecretName 

func ValkeyTLSSecretName(v *vkov1.Valkey) string

ValkeyTLSSecretName returns the name of the Secret that holds TLS certs for Valkey. When cert-manager is used, this is the Secret created by the Certificate resource. When a user-provided secret is used, this returns the user's secret name.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.