feat(k8s): update valkey-cluster references and add SSA annotations for secrets

flux/clusters/dev-cm/infra-data-post/reflector-secret-annotations.yaml

@@ -11,6 +11,7 @@ metadata:
   namespace: infra-data
   annotations:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    kustomize.toolkit.fluxcd.io/ssa: Merge
     reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
     reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "apps,infra-net"
     reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
@@ -23,6 +24,7 @@ metadata:
   namespace: infra-data
   annotations:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    kustomize.toolkit.fluxcd.io/ssa: Merge
     reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
     reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "infra-gitops,infra-monitor"
     reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
@@ -35,6 +37,7 @@ metadata:
   namespace: infra-data
   annotations:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    kustomize.toolkit.fluxcd.io/ssa: Merge
     reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
     reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "infra-gitops"
     reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"

flux/clusters/dev-cm/patches/infra-data.yaml

@@ -52,14 +52,15 @@ spec:
                 effect: "NoSchedule"
     - target:
         kind: HelmRelease
-        name: valkey-cluster-sh
+        name: valkey-cluster
       patch: |
         apiVersion: helm.toolkit.fluxcd.io/v2
         kind: HelmRelease
         metadata:
-          name: valkey-cluster-sh
+          name: valkey-cluster
         spec:
           values:
+            fullnameOverride: valkey-cluster-sh
             valkey:
               nodeAffinityPreset:
                 type: hard

flux/clusters/dev-cm/patches/infra-gitops.yaml

@@ -24,6 +24,17 @@ spec:
                     secretKeyRef:
                       name: cnpg17-cluster-sh-app
                       key: password
+                - name: REDIS_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: valkey-cluster-sh
+                      key: valkey-password
+                - name: GITEA__SESSION__PROVIDER_CONFIG
+                  value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-sh-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
+                - name: GITEA__CACHE__HOST
+                  value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-sh-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
+                - name: GITEA__QUEUE__CONN_STR
+                  value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-sh-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
             affinity:
               podAffinity:
                 preferredDuringSchedulingIgnoredDuringExecution:

flux/infrastructure/infra-data/helmrelease-valkey-cluster.yaml

@@ -1,7 +1,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: valkey-cluster-sh
+  name: valkey-cluster
   namespace: infra-data
 spec:
   interval: 30m

flux/infrastructure/infra-data/post/reflector-secret-annotations.yaml

@@ -2,7 +2,7 @@
 # 通过SSA force合并注解到已有secrets 使其自动复制到消费方命名空间
 #
 # cnpg17-cluster-app → apps (halo), infra-net (crowdsec), infra-gitops (gitea), infra-monitor (grafana)
-# valkey-cluster-sh → infra-gitops (gitea)
+# valkey-cluster → infra-gitops (gitea)
 apiVersion: v1
 kind: Secret
 metadata:
@@ -10,6 +10,7 @@ metadata:
   namespace: infra-data
   annotations:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    kustomize.toolkit.fluxcd.io/ssa: Merge
     reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
     reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "apps,infra-net,infra-gitops,infra-monitor"
     reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
@@ -18,10 +19,11 @@ metadata:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: valkey-cluster-sh
+  name: valkey-cluster
   namespace: infra-data
   annotations:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    kustomize.toolkit.fluxcd.io/ssa: Merge
     reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
     reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "infra-gitops"
     reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"

flux/infrastructure/infra-gitops/helmrelease-gitea.yaml

@@ -89,14 +89,14 @@ spec:
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: valkey-cluster-sh
+              name: valkey-cluster
               key: valkey-password
         - name: GITEA__SESSION__PROVIDER_CONFIG
-          value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-sh-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
+          value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
         - name: GITEA__CACHE__HOST
-          value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-sh-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
+          value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
         - name: GITEA__QUEUE__CONN_STR
-          value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-sh-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
+          value: "redis://:$(REDIS_PASSWORD)@valkey-cluster-headless.infra-data:6379/0?pool_size=100&idle_timeout=180s"
     valkey-cluster:
       enabled: false
     extraVolumes: