From 77e48c01a31ae1b086826e05dacdc09ea18b481b Mon Sep 17 00:00:00 2001
From: Pavel Fiala <fiala@metrans.cz>
Date: Tue, 1 Oct 2024 10:48:06 +0200
Subject: [PATCH] feat: add sentinel to helm template (#2312)

helm
---
 helm/oncall/templates/_env.tpl     | 63 +++++++++++++++++++++++++++++-
 helm/oncall/templates/secrets.yaml | 15 +++++++
 helm/oncall/values.yaml            | 10 +++++
 3 files changed, 87 insertions(+), 1 deletion(-)

diff --git a/helm/oncall/templates/_env.tpl b/helm/oncall/templates/_env.tpl
index 20a52493e0..92b046dbda 100644
--- a/helm/oncall/templates/_env.tpl
+++ b/helm/oncall/templates/_env.tpl
@@ -494,12 +494,16 @@
 
 {{- define "snippet.redis.host" -}}
 {{ if not .Values.redis.enabled -}}
-  {{ required "externalRedis.host is required if not redis.enabled" .Values.externalRedis.host | quote }}
+    {{ required "externalRedis.host is required if not redis.enabled" .Values.externalRedis.host | quote }}
 {{- else -}}
   {{ include "oncall.redis.fullname" . }}-master
 {{- end }}
 {{- end }}
 
+{{- define "snippet.redis.sentinel.master" -}}
+{{ default "mymaster" .Values.externalRedis.sentinel.master }}
+{{- end }}
+
 {{- define "snippet.redis.port" -}}
 {{ default 6379 .Values.externalRedis.port | quote }}
 {{- end }}
@@ -540,13 +544,70 @@
 {{- end }}
 {{- end }}
 
+{{- define "snippet.redis.sentinel.password.secret.name" -}}
+  {{ if .Values.externalRedis.sentinel.existingSecret -}}
+    {{ .Values.externalRedis.sentinel.existingSecret }}
+  {{- else -}}
+    {{ include "oncall.fullname" . }}-redis-sentinel-external
+  {{- end }}
+{{- end }}
+
+{{- define "snippet.redis.key_prefix" -}}
+{{ default "" .Values.externalRedis.key_prefix | quote }}
+{{- end }}
+
+{{- define "snippet.redis.sentinel.password.secret.key" -}}
+  {{ if .Values.externalRedis.sentinel.existingSecret -}}
+    {{ required "externalRedis.sentinel.passwordKey is required if externalRedis.sentinel.existingSecret is non-empty" .Values.externalRedis.sentinel.passwordKey }}
+  {{- else -}}
+    redis-sentinel-password
+  {{- end }}
+{{- end }}
+
+{{- define "snippet.redis.sentinel.hosts" -}}
+{{- if .Values.externalRedis.sentinel -}}
+{{- $hosts := .Values.externalRedis.sentinel.hosts -}}
+{{- if $hosts -}}
+  {{- range $index, $host := $hosts -}}
+    {{- if $host.host -}}
+      {{ if $index -}},{{- end }}{{ $host.host }}:{{ default 26379 $host.port }}
+    {{- else -}}
+      {{ required (printf "Host at index %d is required and cannot be empty." $index) $host.host }}
+    {{- end -}}
+  {{- end -}}
+{{- else -}}
+  {{ required "At least one host must be provided." .Values.externalRedis.sentinel.hosts }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "snippet.redis.sentinel" -}}
+- name: REDIS_SENTINELS
+  value: {{ include "snippet.redis.sentinel.hosts" . }}
+- name: REDIS_SENTINEL_MASTER_NAME
+  value: {{ include "snippet.redis.sentinel.master" . }}
+- name: REDIS_SENTINEL_USERNAME
+  value: {{ default "" .Values.externalRedis.sentinel.username | quote }}
+- name: REDIS_SENTINEL_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "snippet.redis.sentinel.password.secret.name" . }}
+      key: {{ include "snippet.redis.sentinel.password.secret.key" . | quote}}
+{{- end }}
+
 {{- define "snippet.redis.env" -}}
+{{- if and (.Values.externalRedis.sentinel) (not .Values.redis.enabled) }}
+{{- include "snippet.redis.sentinel" . }}
+{{- else -}}
 - name: REDIS_PROTOCOL
   value: {{ include "snippet.redis.protocol" . }}
 - name: REDIS_HOST
   value: {{ include "snippet.redis.host" . }}
 - name: REDIS_PORT
   value: {{ include "snippet.redis.port" . }}
+{{- end }}
+- name: REDIS_KEY_PREFIX
+  value: {{ include "snippet.redis.key_prefix" . }}
 - name: REDIS_DATABASE
   value: {{ include "snippet.redis.database" . }}
 - name: REDIS_USERNAME
diff --git a/helm/oncall/templates/secrets.yaml b/helm/oncall/templates/secrets.yaml
index a4c32845ff..c6e791f6a1 100644
--- a/helm/oncall/templates/secrets.yaml
+++ b/helm/oncall/templates/secrets.yaml
@@ -76,6 +76,21 @@ data:
   redis-password: {{ required "externalRedis.password is required if not redis.enabled and not externalRedis.existingSecret" .Values.externalRedis.password | b64enc | quote }}
 ---
 {{- end }}
+{{- if and (.Values.externalRedis.sentinel) (not .Values.redis.enabled) (not .Values.externalRedis.sentinel.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "oncall.fullname" . }}-redis-sentinel-external
+  {{- if .Values.migrate.useHook }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-weight": "-5"
+  {{- end }}
+type: Opaque
+data:
+  redis-sentinel-password: {{ required "externalRedis.sentinel.password is required if not redis.enabled and not externalRedis.sentinel.existingSecret" .Values.externalRedis.sentinel.password | b64enc | quote }}
+---
+{{- end }}
 {{- if and .Values.oncall.smtp.enabled .Values.oncall.smtp.password }}
 apiVersion: v1
 kind: Secret
diff --git a/helm/oncall/values.yaml b/helm/oncall/values.yaml
index 8ca59a2664..6ce22041d9 100644
--- a/helm/oncall/values.yaml
+++ b/helm/oncall/values.yaml
@@ -616,6 +616,16 @@ externalRedis:
   existingSecret:
   # The key in the secret containing the redis password
   passwordKey:
+  key_prefix:
+  sentinel:
+    hosts:
+     - host:
+       port:
+    master:
+    username:
+    password:
+    passwordKey:
+    existingSecret:
 
   # SSL options
   ssl_options: