refactor: refactor postgre and redis config template

Author: mason

charts/csghub/charts/csgship/charts/agentic/templates/deployment.yaml

@@ -66,7 +66,7 @@ spec:
             {{- if .Values.global.redis.enabled }}
             - name: REDIS_URL
               value: {{ printf ":@%s" $redisConfig.host }}
-{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" (include "csghub.redis.host" .) }}*/}}
+{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" $redisConfig.host }}*/}}
             {{- end }}
             {{- with .Values.environments }}
             {{- range $key, $value := . }}

charts/csghub/charts/csgship/charts/billing/templates/deployment.yaml

@@ -4,6 +4,7 @@ SPDX-License-Identifier: APACHE-2.0
 */}}
 
 {{- if .Values.enabled }}
+{{- $redisConfig := include "csghub.redis.config" (dict "service" .Values "global" .) | fromYaml }}
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
@@ -71,8 +72,8 @@ spec:
               value: nats://$(NATS_USERNAME):$(NATS_PASSWORD)@csghub-nats:4222
             {{- if .Values.global.redis.enabled }}
             - name: REDIS_URL
-              value: {{ printf ":@%s" (include "csghub.redis.host" .) }}
-{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" (include "csghub.redis.host" .) }}*/}}
+              value: {{ printf ":@%s" $redisConfig.host }}
+{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" $redisConfig.host }}*/}}
             {{- end }}
             {{- with .Values.environments }}
             {{- range $key, $value := . }}

charts/csghub/charts/csgship/charts/web/templates/statefulset.yaml

@@ -74,7 +74,7 @@ spec:
             {{- if .Values.global.redis.enabled }}
             - name: REDIS_URL
               value: {{ printf ":@%s" $redisConfig.host }}
-{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" (include "csghub.redis.host" .) }}*/}}
+{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" $redisConfig.host }}*/}}
             {{- end }}
             - name: NATS_URL
               value: "nats://$(NATS_USERNAME):$(NATS_PASSWORD)@{{ include "nats.internal.domain" . }}:{{ include "nats.internal.ports.api" . }}"

charts/csghub/charts/csgship/charts/worker/templates/deployment.yaml

@@ -3,6 +3,7 @@ Copyright OpenCSG, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
+{{- $redisConfig := include "csghub.redis.config" (dict "service" .Values "global" .) | fromYaml }}
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
@@ -60,8 +61,8 @@ spec:
           env:
             {{- if .Values.global.redis.enabled }}
             - name: REDIS_URL
-{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" (include "csghub.redis.host" .) }}*/}}
-              value: {{ printf ":@%s" (include "csghub.redis.host" .) }}
+              value: {{ printf ":@%s" $redisConfig.host }}
+{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" $redisConfig.host }}*/}}
             {{- end }}
             {{- with .Values.environments }}
             {{- range $key, $value := . }}
@@ -94,8 +95,8 @@ spec:
           env:
             {{- if .Values.global.redis.enabled }}
             - name: REDIS_URL
-              value: {{ printf ":@%s" (include "csghub.redis.host" .) }}
-{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" (include "csghub.redis.host" .) }}*/}}
+              value: {{ printf ":@%s" $redisConfig.host }}
+{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" $redisConfig.host }}*/}}
             {{- end }}
             {{- with .Values.environments }}
             {{- range $key, $value := . }}
@@ -128,8 +129,8 @@ spec:
           env:
             {{- if .Values.global.redis.enabled }}
             - name: REDIS_URL
-              value: {{ printf ":@%s" (include "csghub.redis.host" .) }}
-{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" (include "csghub.redis.host" .) }}*/}}
+              value: {{ printf ":@%s" $redisConfig.host }}
+{{/*              value: {{ printf ":$(REDIS_PASSWD)@%s" $redisConfig.host }}*/}}
             {{- end }}
             {{- with .Values.environments }}
             {{- range $key, $value := . }}

charts/csghub/charts/redis/templates/secret.yaml

@@ -14,7 +14,7 @@ metadata:
     helm.sh/resource-policy: keep
 type: Opaque
 data:
-{{- $password := include "csghub.redis.password" . | b64enc }}
+{{- $password := include "common.randomPassword" "redis" | b64enc }}
 {{- $secretData := (lookup "v1" "Secret" .Release.Namespace (include "common.names.custom" .)).data }}
 {{- if $secretData }}
 {{- $secretPass := index $secretData "REDIS_PASSWD" }}

charts/csghub/templates/helpers/_database.tpl

@@ -22,6 +22,11 @@ Get the port number by service name
       "portal"       8090
       "loki"         3100
       "mirror-lfs"   8092
+      "redis"        6379
+      "postgresql"   5432
+      "mongo"        27017
+      "label-studio" 8002
+      "dataflow"     8000
   -}}
 
   {{- if not (hasKey $portMap $serviceType) -}}

charts/csghub/templates/helpers/_ports.tpl

@@ -0,0 +1,98 @@
+{{- /*
+Copyright OpenCSG, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/ -}}
+
+{{/*
+Generate PostgreSQL Connection Configuration
+*/}}
+{{- define "csghub.postgresql.config" -}}
+{{- $service := .service -}}
+{{- $global := .global -}}
+
+{{- /* Configuration priority: internal PostgreSQL (if enabled) > service-level external > global external */ -}}
+
+{{- /* Default configuration for internal PostgreSQL */ -}}
+{{- $postgresqlName := include "common.names.custom" (list $global "postgresql") -}}
+{{- $postgresqlConfig := dict
+  "host" $postgresqlName
+  "port" (include "csghub.svc.port" "postgresql")
+  "user" ($service.postgresql.user | default "postgres")
+  "password" (include "common.randomPassword" "postgresql")
+  "database" ($service.postgresql.database | default "postgres")
+  "timezone" "Etc/UTC"
+  "sslmode" "disable"
+-}}
+
+{{- /* If internal PostgreSQL is enabled and secret exists, use existing password */ -}}
+{{- if $global.Values.global.postgresql.enabled -}}
+  {{- $secret := (lookup "v1" "Secret" $global.Release.Namespace $postgresqlName) -}}
+  {{- if and $secret (index $secret.data $postgresqlConfig.user) -}}
+    {{- $_ := set $postgresqlConfig "password" (index $secret.data $postgresqlConfig.user | b64dec) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- /* Override with external PostgreSQL configuration if internal is disabled */ -}}
+{{- if not $global.Values.global.postgresql.enabled -}}
+  {{- /* Global external PostgreSQL configuration */ -}}
+  {{- with $global.Values.global.postgresql.external -}}
+    {{- $postgresqlConfig = merge (dict
+      "host" (.host | default $postgresqlConfig.host)
+      "port" (.port | default $postgresqlConfig.port)
+      "user" (.user | default $postgresqlConfig.user)
+      "password" (.password | default $postgresqlConfig.password)
+      "database" (.database | default $postgresqlConfig.database)
+      "timezone" (.timezone | default $postgresqlConfig.timezone)
+      "sslmode" (.sslmode | default $postgresqlConfig.sslmode)
+    ) $postgresqlConfig -}}
+  {{- end -}}
+
+  {{- /* Service-level external PostgreSQL configuration (higher priority) */ -}}
+  {{- with $service.postgresql -}}
+    {{- $postgresqlConfig = merge (dict
+      "host" (.host | default $postgresqlConfig.host)
+      "port" (.port | default $postgresqlConfig.port)
+      "user" (.user | default $postgresqlConfig.user)
+      "password" (.password | default $postgresqlConfig.password)
+      "database" (.database | default $postgresqlConfig.database)
+      "timezone" (.timezone | default $postgresqlConfig.timezone)
+      "sslmode" (.sslmode | default $postgresqlConfig.sslmode)
+    ) $postgresqlConfig -}}
+  {{- end -}}
+{{- end -}}
+
+{{- /* Validate required configurations */ -}}
+{{- if not $postgresqlConfig.password -}}
+  {{- fail "PostgreSQL password must be set" -}}
+{{- end -}}
+
+{{- if not $postgresqlConfig.host -}}
+  {{- fail "PostgreSQL host must be set" -}}
+{{- end -}}
+
+{{- if not $postgresqlConfig.database -}}
+  {{- fail "PostgreSQL database name must be set" -}}
+{{- end -}}
+
+{{- $postgresqlConfig | toYaml -}}
+{{- end -}}
+
+{{/*
+Generate PostgreSQL Database DSN
+*/}}
+{{- define "csghub.postgresql.dsn" -}}
+{{- $service := .service -}}
+{{- $global := .global -}}
+{{- $config := include "csghub.postgresql.config" (dict "service" $service "global" $global) | fromYaml -}}
+{{- printf "host=%s port=%s user=%s password=%s dbname=%s sslmode=%s" $config.host $config.port $config.user $config.password $config.database $config.sslmode -}}
+{{- end }}
+
+{{/*
+Generate PostgreSQL Database URL
+*/}}
+{{- define "csghub.postgresql.url" -}}
+{{- $service := .service -}}
+{{- $global := .global -}}
+{{- $config := include "csghub.postgresql.config" (dict "service" $service "global" $global) | fromYaml -}}
+{{- printf "postgresql://%s:%s@%s:%s/%s?sslmode=%s&timezone=%s" $config.user $config.password $config.host $config.port $config.database $config.sslmode $config.timezone -}}
+{{- end }}

charts/csghub/templates/helpers/_postgres.tpl

@@ -0,0 +1,26 @@
+{{- /*
+Copyright OpenCSG, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/ -}}
+
+{{/*
+Generate a 32-bit random password
+*/}}
+{{- define "common.randomPassword" -}}
+  {{- $input := . -}}
+  {{- $minuteSeed := now | date "200601021504" -}}
+  {{- $base1 := printf "%s-%s-a" $input $minuteSeed | sha256sum | b64enc | replace "=" "" -}}
+  {{- $base2 := printf "%s-%s-b" $input $minuteSeed | sha256sum | b64enc | replace "=" "" -}}
+  {{- $base3 := printf "%s-%s-c" $input $minuteSeed | sha256sum | b64enc | replace "=" "" -}}
+
+  {{- $combined := print $base1 $base2 $base3 -}}
+  {{- $chars := splitList "" $combined -}}
+
+  {{- $result := "" -}}
+  {{- range $i := until 32 -}}
+    {{- $index := mod (add (mul $i 13) (len $minuteSeed)) (len $chars) -}}
+    {{- $result = printf "%s%s" $result (index $chars $index) -}}
+  {{- end -}}
+
+  {{- $result -}}
+{{- end -}}