fix(valkey): harden failover safety, node/sentinel identity, and secret handling#664
Conversation
📝 WalkthroughWalkthroughSentinel-mode Valkey chart templates move bootstrap, probe, and shutdown logic from inline StatefulSet command/args into mounted ConfigMap scripts (node-entrypoint.sh, node-prestop.sh, sentinel-entrypoint.sh). New probe helpers and Sentinel failover values/schema fields are added, tests are re-targeted to assert generated script content, and documentation is updated. ChangesSentinel scripted bootstrap and failover
Estimated code review effort: 4 (Complex) | ~60 minutes Sequence Diagram(s)sequenceDiagram
participant Kubelet
participant InitContainer as Init Container
participant NodeEntrypoint as node-entrypoint.sh
participant Sentinel
participant MainContainer as Node Container
Kubelet->>InitContainer: run node-entrypoint.sh --wait-only
InitContainer->>Sentinel: sentinel get-master-addr-by-name
Sentinel-->>InitContainer: master address (or none)
InitContainer-->>Kubelet: exit when master discovered
Kubelet->>MainContainer: run node-entrypoint.sh
MainContainer->>Sentinel: discover role / master
MainContainer->>MainContainer: write /data/.valkey-runtime.conf
MainContainer->>MainContainer: exec valkey-server
sequenceDiagram
participant Kubelet
participant MainContainer as Node Container
participant PreStop as node-prestop.sh
participant Sentinel
Kubelet->>PreStop: preStop hook (pod terminating)
PreStop->>MainContainer: check master role and replicas
alt is master with replicas
PreStop->>Sentinel: request failover
Sentinel-->>PreStop: new master elected
end
PreStop-->>Kubelet: allow shutdown
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e96adb3260
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@charts/valkey/templates/service.yaml`:
- Around line 160-164: The Sentinel service configuration is using
publishNotReadyAddresses on a ClusterIP service, which will not expose per-pod
DNS records for bootstrap. Update the service definition used by
valkey.sentinelServiceName so it is headless, or move publishNotReadyAddresses
to the governing headless service instead. Use the service template and the
valkey.sentinelServiceName configuration to locate the correct place to apply
the change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 2469b026-0b49-424d-bce2-9366ec2f8361
📒 Files selected for processing (2)
charts/valkey/templates/configmap.yamlcharts/valkey/templates/service.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
- charts/valkey/templates/configmap.yaml
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 185924a580
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
Ready for merge @mberlofa 😉 |
2495b82 to
c62670c
Compare
|
merged @mreho |
Summary
Validation
Site PR: helmforgedev/site#365
Issue: #633
Notes
fix(valkey): revert sentinel publish-not-ready bootstrap change.Summary by CodeRabbit
New Features
Bug Fixes
Documentation