From 6cc10d504a9159ae09aa137c3dd148170bc7c0ed Mon Sep 17 00:00:00 2001
From: David Kirwan <davidkirwanirl@gmail.com>
Date: Thu, 1 May 2025 17:59:50 +0100
Subject: [PATCH] forgejo: wip valkey deploy

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
---
 .../forgejo/tasks/deploy-valkey.yml           | 74 +++++++++++++++++++
 roles/openshift-apps/forgejo/tasks/main.yml   |  1 +
 .../forgejo/templates/postgres-secret.yaml.j2 |  2 +-
 .../templates/valkey-configmap.yaml.j2        | 29 ++++++++
 .../templates/valkey-sentinel-service.yaml.j2 | 14 ++++
 .../valkey-sentinel-statefulset.yaml.j2       | 44 +++++++++++
 .../forgejo/templates/valkey-service.yaml.j2  | 14 ++++
 .../templates/valkey-statefulset.yaml.j2      | 43 +++++++++++
 8 files changed, 220 insertions(+), 1 deletion(-)
 create mode 100644 roles/openshift-apps/forgejo/tasks/deploy-valkey.yml
 create mode 100644 roles/openshift-apps/forgejo/templates/valkey-configmap.yaml.j2
 create mode 100644 roles/openshift-apps/forgejo/templates/valkey-sentinel-service.yaml.j2
 create mode 100644 roles/openshift-apps/forgejo/templates/valkey-sentinel-statefulset.yaml.j2
 create mode 100644 roles/openshift-apps/forgejo/templates/valkey-service.yaml.j2
 create mode 100644 roles/openshift-apps/forgejo/templates/valkey-statefulset.yaml.j2

diff --git a/roles/openshift-apps/forgejo/tasks/deploy-valkey.yml b/roles/openshift-apps/forgejo/tasks/deploy-valkey.yml
new file mode 100644
index 0000000000..78aa301482
--- /dev/null
+++ b/roles/openshift-apps/forgejo/tasks/deploy-valkey.yml
@@ -0,0 +1,74 @@
+---
+# generate the templates for project to be created
+- name: Create the configmap template
+  ansible.builtin.template:
+    src: "valkey-configmap.yaml.j2"
+    dest: "/root/ocp4/openshift-apps/forgejo/valkey-configmap.yaml"
+    mode: "0770"
+
+# apply created openshift resources
+- name: Oc apply resources
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/forgejo/valkey-configmap.yaml"
+  retries: 3
+  delay: 5
+  register: deployment_result
+  until: deployment_result.rc == 0
+
+- name: Create the valkey service template
+  ansible.builtin.template:
+    src: "valkey-service.yaml.j2"
+    dest: "/root/ocp4/openshift-apps/forgejo/valkey-service.yaml"
+    mode: "0770"
+
+# apply created openshift resources
+- name: Oc apply resources
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/forgejo/valkey-service.yaml"
+  retries: 3
+  delay: 5
+  register: deployment_result
+  until: deployment_result.rc == 0
+
+
+- name: Create the valkey sentinel service template
+  ansible.builtin.template:
+    src: "valkey-sentinel-service.yaml.j2"
+    dest: "/root/ocp4/openshift-apps/forgejo/valkey-sentinel-service.yaml"
+    mode: "0770"
+
+# apply created openshift resources
+- name: Oc apply resources
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/forgejo/valkey-sentinel-service.yaml"
+  retries: 3
+  delay: 5
+  register: deployment_result
+  until: deployment_result.rc == 0
+
+
+- name: Create the valkey statefulset template
+  ansible.builtin.template:
+    src: "valkey-statefulset.yaml.j2"
+    dest: "/root/ocp4/openshift-apps/forgejo/valkey-statefulset.yaml"
+    mode: "0770"
+
+# apply created openshift resources
+- name: Oc apply resources
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/forgejo/valkey-statefulset.yaml"
+  retries: 3
+  delay: 5
+  register: deployment_result
+  until: deployment_result.rc == 0
+
+
+- name: Create the valkey sentinel statefulset template
+  ansible.builtin.template:
+    src: "valkey-sentinel-statefulset.yaml.j2"
+    dest: "/root/ocp4/openshift-apps/forgejo/valkey-sentinel-statefulset.yaml"
+    mode: "0770"
+
+# apply created openshift resources
+- name: Oc apply resources
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/forgejo/valkey-sentinel-statefulset.yaml"
+  retries: 3
+  delay: 5
+  register: deployment_result
+  until: deployment_result.rc == 0
diff --git a/roles/openshift-apps/forgejo/tasks/main.yml b/roles/openshift-apps/forgejo/tasks/main.yml
index d4b756e12f..a691886b98 100644
--- a/roles/openshift-apps/forgejo/tasks/main.yml
+++ b/roles/openshift-apps/forgejo/tasks/main.yml
@@ -5,4 +5,5 @@
     state: directory
 
 - include_tasks: create-postgres-operator-config.yml
+- include_tasks: deploy-valkey.yml
 - include_tasks: call-helm.yml
diff --git a/roles/openshift-apps/forgejo/templates/postgres-secret.yaml.j2 b/roles/openshift-apps/forgejo/templates/postgres-secret.yaml.j2
index 23a658a423..cc406b89fd 100644
--- a/roles/openshift-apps/forgejo/templates/postgres-secret.yaml.j2
+++ b/roles/openshift-apps/forgejo/templates/postgres-secret.yaml.j2
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: hippo-pguser-rhino
+  name: forgejo-pguser
   namespace: forgejo
   labels:
     postgres-operator.crunchydata.com/cluster: forgejo-ha
diff --git a/roles/openshift-apps/forgejo/templates/valkey-configmap.yaml.j2 b/roles/openshift-apps/forgejo/templates/valkey-configmap.yaml.j2
new file mode 100644
index 0000000000..ac196239c2
--- /dev/null
+++ b/roles/openshift-apps/forgejo/templates/valkey-configmap.yaml.j2
@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: valkey-config
+  namespace: forgejo
+data:
+  valkey.conf: |
+    bind 0.0.0.0
+    port 6379
+    requirepass valkeypassword
+    masterauth valkeypassword
+    protected-mode no
+    dir /data
+    dbfilename dump.rdb
+    save 900 1
+    save 300 10
+    save 60 10000
+    logfile /data/valkey.log
+  sentinel.conf: |
+    port 26379
+    dir /data
+    logfile /data/sentinel.log
+    protected-mode no
+    sentinel monitor mymaster valkey-0.valkey-headless.default.svc.cluster.local 6379 2
+    sentinel auth-pass mymaster valkeypassword
+    sentinel down-after-milliseconds mymaster 5000
+    sentinel parallel-syncs mymaster 1
+    sentinel failover-timeout mymaster 180000
diff --git a/roles/openshift-apps/forgejo/templates/valkey-sentinel-service.yaml.j2 b/roles/openshift-apps/forgejo/templates/valkey-sentinel-service.yaml.j2
new file mode 100644
index 0000000000..6a57deaf0f
--- /dev/null
+++ b/roles/openshift-apps/forgejo/templates/valkey-sentinel-service.yaml.j2
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sentinel-headless
+  namespace: forgejo
+spec:
+  clusterIP: None # Headless Service
+  selector:
+    app: sentinel
+  ports:
+    - name: sentinel
+      port: 26379
+      targetPort: 26379
diff --git a/roles/openshift-apps/forgejo/templates/valkey-sentinel-statefulset.yaml.j2 b/roles/openshift-apps/forgejo/templates/valkey-sentinel-statefulset.yaml.j2
new file mode 100644
index 0000000000..9096e7430d
--- /dev/null
+++ b/roles/openshift-apps/forgejo/templates/valkey-sentinel-statefulset.yaml.j2
@@ -0,0 +1,44 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: sentinel
+  namespace: forgejo
+spec:
+  serviceName: sentinel-headless
+  replicas: 3
+  selector:
+    matchLabels:
+      app: sentinel
+  template:
+    metadata:
+      labels:
+        app: sentinel
+    spec:
+      containers:
+        - name: sentinel
+          image: valkey/valkey:7.2.5
+          command: ["valkey-sentinel"]
+          args: ["/etc/valkey/sentinel.conf"]
+          ports:
+            - containerPort: 26379
+              name: sentinel
+          volumeMounts:
+            - name: config
+              mountPath: /etc/valkey/sentinel.conf
+              subPath: sentinel.conf
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: config
+          configMap:
+            name: valkey-config
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: standard
+        resources:
+          requests:
+            storage: 100Mi
diff --git a/roles/openshift-apps/forgejo/templates/valkey-service.yaml.j2 b/roles/openshift-apps/forgejo/templates/valkey-service.yaml.j2
new file mode 100644
index 0000000000..279e4b516e
--- /dev/null
+++ b/roles/openshift-apps/forgejo/templates/valkey-service.yaml.j2
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: valkey-headless
+  namespace: forgejo
+spec:
+  clusterIP: None # Headless Service
+  selector:
+    app: valkey
+  ports:
+    - name: valkey
+      port: 6379
+      targetPort: 6379
diff --git a/roles/openshift-apps/forgejo/templates/valkey-statefulset.yaml.j2 b/roles/openshift-apps/forgejo/templates/valkey-statefulset.yaml.j2
new file mode 100644
index 0000000000..d68b9fcdc5
--- /dev/null
+++ b/roles/openshift-apps/forgejo/templates/valkey-statefulset.yaml.j2
@@ -0,0 +1,43 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: valkey
+  namespace: forgejo
+spec:
+  serviceName: valkey-headless
+  replicas: 3
+  selector:
+    matchLabels:
+      app: valkey
+  template:
+    metadata:
+      labels:
+        app: valkey
+    spec:
+      containers:
+        - name: valkey
+          image: valkey/valkey:7.2.5
+          args: ["/etc/valkey/valkey.conf"]
+          ports:
+            - containerPort: 6379
+              name: valkey
+          volumeMounts:
+            - name: config
+              mountPath: /etc/valkey/valkey.conf
+              subPath: valkey.conf
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: config
+          configMap:
+            name: valkey-config
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: standard
+        resources:
+          requests:
+            storage: 1Gi