add ACL authentication support with auto-generated and existing secret options

[rawkode]

This adds support for generating passwords or using a pre-existing secret, as well as test coverage for all changes.

[Copilot]

Pull Request Overview

This PR adds ACL authentication support to the Valkey Helm chart with three different configuration methods: auto-generated secrets, existing secrets, and inline configuration. It includes comprehensive validation logic and extensive test coverage to ensure only one authentication method is used at a time.

• Adds three authentication methods with priority-based selection and mutual exclusion validation
• Implements auto-generation of passwords and ACL configurations via Kubernetes secrets
• Provides comprehensive test coverage for all authentication scenarios and edge cases

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
valkey/values.yaml	Added authentication configuration options with detailed comments
valkey/templates/secret.yaml	New template for generating authentication secrets
valkey/templates/init_config.yaml	Updated to handle different authentication methods
valkey/templates/deploy_valkey.yaml	Added auth volume mounts and validation
valkey/templates/_helpers.tpl	Added authentication configuration validation logic
valkey/templates/tests/auth.yaml	New test pods for authentication verification
valkey/tests/*.yaml	Comprehensive test suites for all components
Justfile	Development task automation
.github/workflows/test.yml	CI/CD pipeline for testing
valkey/.helmignore	Updated ignore patterns

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The random password generation using randAlphaNum will create a new password on every template rendering, which could cause authentication failures during upgrades. Consider using a lookup function to preserve existing passwords or add a note about this behavior in the documentation.

Suggested change

	{{- $password = randAlphaNum 32 }}
	{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" (include "valkey.fullname" .))) }}
	{{- if and $existingSecret $existingSecret.data $existingSecret.data.password }}
	{{- $password = ($existingSecret.data.password | b64dec) }}
	{{- else }}
	{{- $password = randAlphaNum 32 }}
	{{- end }}

[mk-raven]

The random password generation using randAlphaNum will create a new password on every template rendering, which could cause authentication failures during upgrades.

[Copilot]

The nested loop for checking ACL content could be inefficient for large configurations. Consider using a regex-based approach or caching the result to avoid repeated processing during template rendering.

Suggested change

	{{- $hasContent := false }}
	{{- range $line := splitList "\n" $trimmed }}
	{{- $line = trim $line }}
	{{- if and $line (not (hasPrefix "#" $line)) }}
	{{- $hasContent = true }}
	{{- end }}
	{{- end }}
	{{- /* Use regex to check for any non-empty, non-comment line */}}
	{{- $hasContent := regexMatch "(?m)^(\\s*[^#\\s].*)$" $trimmed }}

[Copilot]

The USERNAME variable is referenced but never defined in this context. This will always default to 'default' since USERNAME is not set anywhere in the test script.

[mk-raven]

Need to check it firstly