diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 20bffcf..15ff739 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -18,7 +18,7 @@ jobs: matrix: type: [install, upgrade] flavor: [upstream, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 with: flavor: ${{ matrix.flavor }} type: ${{ matrix.type }} diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 5c48fd2..87bc445 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -15,4 +15,4 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index f0feae8..dd4ff92 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,5 +15,5 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 35dcd8c..d1c4df6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: exclude: - flavor: registry1 architecture: arm64 - uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 with: flavor: ${{ matrix.flavor }} runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-8-core' || 'uds-swf-ubuntu-big-boy-8-core' }} diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index da5cd89..8306dbc 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -18,5 +18,5 @@ jobs: packages: read # Allows reading the content of the repository's packages. id-token: write # Allows authentication to Chainguard via OIDC. pull-requests: write # Allows writing the scan results comment to the pull request. - uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 4f404cc..cef3577 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -32,5 +32,5 @@ jobs: security-events: write # Used to receive a badge. id-token: write - uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 secrets: inherit diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 59e3351..b971579 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: test-flavor - uses: defenseunicorns/uds-common/.github/actions/test-flavor@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/actions/test-flavor@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 id: test-flavor outputs: upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} @@ -41,7 +41,7 @@ jobs: matrix: type: [install, upgrade] flavor: [upstream, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0 + uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5 with: upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} flavor: ${{ matrix.flavor }} diff --git a/tasks.yaml b/tasks.yaml index 3525b1c..d1439f0 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -3,16 +3,16 @@ includes: - test: ./tasks/test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/publish.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/setup.yaml - - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/actions.yaml - - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/badge.yaml - - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/upgrade.yaml - - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/compliance.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/publish.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/setup.yaml + - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/actions.yaml + - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/badge.yaml + - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/upgrade.yaml + - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/compliance.yaml tasks: - name: default diff --git a/tests/valkey/test-job.yaml b/tests/valkey/test-job.yaml index d40730f..4f4281a 100644 --- a/tests/valkey/test-job.yaml +++ b/tests/valkey/test-job.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: valkey-test - image: bitnami/valkey:8.1.3-debian-12-r3 + image: valkey/valkey:8.1.3 envFrom: # Note: in production, do not store sensitive data (like passwords) in env vars. Mount in as a file instead. - secretRef: name: valkey-standalone @@ -68,7 +68,7 @@ spec: spec: containers: - name: valkey-test - image: bitnami/valkey:8.1.3-debian-12-r3 + image: valkey/valkey:8.1.3 envFrom: # Note: in production, do not store sensitive data (like passwords) in env vars. Mount in as a file instead. - secretRef: name: valkey-replicated-w-sentinel diff --git a/tests/zarf.yaml b/tests/zarf.yaml index 53760e2..1db0a0d 100644 --- a/tests/zarf.yaml +++ b/tests/zarf.yaml @@ -18,7 +18,7 @@ components: - valkey/uds-package.yaml - valkey/test-job.yaml images: - - bitnami/valkey:8.1.3-debian-12-r3 + - valkey/valkey:8.1.3 actions: onDeploy: before: @@ -27,4 +27,4 @@ components: after: - description: Watch test jobs and report their conditions cmd: ./tests/watch-jobs.sh - maxTotalSeconds: 120 + maxTotalSeconds: 240 diff --git a/values/unicorn-values.yaml b/values/unicorn-values.yaml index a3f2756..0143b41 100644 --- a/values/unicorn-values.yaml +++ b/values/unicorn-values.yaml @@ -7,10 +7,10 @@ image: tag: 8.1.3-jammy-fips-rfcurated sentinel: - image: # Unicorn flavor option DNE + image: registry: quay.io - repository: rfcurated/valkey-sentinel - tag: 8.1.3-jammy-bnt-fips-rfcurated + repository: rfcurated/valkey/valkey + tag: 8.1.3-jammy-fips-rfcurated metrics: image: diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml index 1ce9e84..98149a4 100644 --- a/values/upstream-values.yaml +++ b/values/upstream-values.yaml @@ -3,17 +3,17 @@ image: registry: docker.io - repository: bitnami/valkey - tag: 8.1.3-debian-12-r3 + repository: valkey/valkey + tag: 8.1.3 sentinel: image: registry: docker.io - repository: bitnami/valkey-sentinel - tag: 8.1.3-debian-12-r3 + repository: valkey/valkey + tag: 8.1.3 metrics: image: registry: docker.io - repository: bitnami/redis-exporter + repository: bitnamilegacy/redis-exporter tag: 1.76.0-debian-12-r0 diff --git a/values/values.yaml b/values/values.yaml index a7304f6..e017e79 100644 --- a/values/values.yaml +++ b/values/values.yaml @@ -12,3 +12,46 @@ metrics: sentinel: primarySet: mymaster + + # The valkey-sentinel container needs to be able to write to the sentinel.conf file. + # Copy the file to a writable directory and run valkey-server in the sentinel mode. + extraVolumes: + - name: sentinel-conf + emptyDir: {} + - name: valkey-secret + secret: + secretName: valkey-password + items: + - key: valkey-password + path: valkey-password + + extraVolumeMounts: + - name: sentinel-conf + mountPath: /opt/bitnami/valkey-sentinel/sentinel-conf + - name: valkey-secret + mountPath: /secrets/valkey-sentinel + + command: ["/bin/sh", "-c"] + args: + - | + PW_FILE="/secrets/valkey-sentinel/valkey-password" + PW="$(cat "$PW_FILE")" + + cp /opt/bitnami/valkey-sentinel/mounted-etc/sentinel.conf /opt/bitnami/valkey-sentinel/sentinel-conf/sentinel.conf && \ + chown 1001:1001 /opt/bitnami/valkey-sentinel/sentinel-conf/sentinel.conf && \ + + cat > /opt/bitnami/valkey-sentinel/sentinel-conf/sentinel.conf <