valkey initial

2025-10-13 19:51:40 +02:00
parent 4c0ce11829
commit 937e0307bf
4 changed files with 346 additions and 0 deletions
--- a/valkey/kustomization.yaml
+++ b/valkey/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - main.yaml
--- a/valkey/main.yaml
+++ b/valkey/main.yaml
@@ -0,0 +1,168 @@
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: valkey
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: valkey
+    app.kubernetes.io/version: 8.1.3
+    helm.sh/chart: valkey-0.7.4
+  name: valkey
+---
+apiVersion: v1
+data:
+  init.sh: "#!/bin/bash\nset -euo pipefail\n\n# Default config paths\nVALKEY_CONFIG=${VALKEY_CONFIG_PATH:-/data/conf/valkey.conf}\n\nLOGFILE=\"/data/init.log\"\nDATA_DIR=\"/data/conf\"\n\n#
+    Logging function\nlog() {\n  echo \"$(date) $1\" | tee -a \"$LOGFILE\"\n}\n\n#
+    Clean old log if requested\nif [ \"${KEEP_OLD_LOGS:-false}\" != \"true\" ]; then\n
+    \ rm -f \"$LOGFILE\"\nfi\n\nif [ -f \"$LOGFILE\" ]; then\n  log \"Detected restart
+    of this instance ($HOSTNAME)\"\nfi\n\nlog \"Creating configuration in $DATA_DIR...\"\nmkdir
+    -p \"$DATA_DIR\"\nrm -f \"$VALKEY_CONFIG\" \n\n\n# Base valkey.conf\nlog \"Generating
+    base valkey.conf\"\n{\n  echo \"port 6379\"\n  echo \"protected-mode no\"\n  echo
+    \"bind 0.0.0.0\"\n  echo \"dir /data\"\n} >>\"$VALKEY_CONFIG\"\n\n# Append extra
+    configs if present\nif [ -f /usr/local/etc/valkey/valkey.conf ]; then\n  log \"Appending
+    /usr/local/etc/valkey/valkey.conf\"\n  cat /usr/local/etc/valkey/valkey.conf >>\"$VALKEY_CONFIG\"\nfi\nif
+    [ -d /extravalkeyconfigs ]; then\n  log \"Appending files in /extravalkeyconfigs/\"\n
+    \ cat /extravalkeyconfigs/* >>\"$VALKEY_CONFIG\"\nfi"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: valkey
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: valkey
+    app.kubernetes.io/version: 8.1.3
+    helm.sh/chart: valkey-0.7.4
+  name: valkey-init-scripts
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: valkey
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: valkey
+    app.kubernetes.io/version: 8.1.3
+    helm.sh/chart: valkey-0.7.4
+  name: valkey
+spec:
+  ports:
+  - name: tcp
+    port: 6379
+    protocol: TCP
+    targetPort: tcp
+  selector:
+    app.kubernetes.io/instance: valkey
+    app.kubernetes.io/name: valkey
+  type: ClusterIP
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/instance: valkey
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: valkey
+    app.kubernetes.io/version: 8.1.3
+    helm.sh/chart: valkey-0.7.4
+  name: valkey
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8
+  storageClassName: openebs-3-replicas
+  volumeMode: Filesystem
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: valkey
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: valkey
+    app.kubernetes.io/version: 8.1.3
+    helm.sh/chart: valkey-0.7.4
+  name: valkey
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: valkey
+      app.kubernetes.io/name: valkey
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: valkey
+        app.kubernetes.io/name: valkey
+        checksum/initconfig: 4ca0bfa021f2da0c4554a57544b03cfc
+    spec:
+      automountServiceAccountToken: false
+      containers:
+      - args:
+        - /data/conf/valkey.conf
+        command:
+        - valkey-server
+        env:
+        - name: VALKEY_LOGLEVEL
+          value: notice
+        image: docker.io/valkey/valkey:8.1.3
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - valkey-cli ping
+        name: valkey
+        ports:
+        - containerPort: 6379
+          name: tcp
+          protocol: TCP
+        resources: {}
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+        startupProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - valkey-cli ping
+        volumeMounts:
+        - mountPath: /data
+          name: valkey-data
+      initContainers:
+      - command:
+        - /scripts/init.sh
+        image: docker.io/valkey/valkey:8.1.3
+        imagePullPolicy: IfNotPresent
+        name: valkey-init
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+        volumeMounts:
+        - mountPath: /data
+          name: valkey-data
+        - mountPath: /scripts
+          name: scripts
+      securityContext:
+        fsGroup: 1000
+        runAsGroup: 1000
+        runAsUser: 1000
+      serviceAccountName: valkey
+      volumes:
+      - configMap:
+          defaultMode: 365
+          name: valkey-init-scripts
+        name: scripts
+      - name: valkey-data
+        persistentVolumeClaim:
+          claimName: valkey
--- a/valkey/src/kustomization.yaml
+++ b/valkey/src/kustomization.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+helmCharts:
+  - name: valkey
+    repo: https://valkey.io/valkey-helm/
+    version: 0.7.4
+    releaseName: valkey
+    includeCRDs: true
+    namespace: valkey
+    valuesFile: values.yaml
--- a/valkey/src/values.yaml
+++ b/valkey/src/values.yaml
@@ -0,0 +1,160 @@
+# Number of Valkey pods to run
+replicaCount: 1
+
+image:
+  # Valkey Docker image to use
+  repository: docker.io/valkey/valkey
+  # Image pull policy (Always, IfNotPresent, Never)
+  pullPolicy: IfNotPresent
+  # Image tag (leave empty to use .Chart.AppVersion)
+  tag: ""
+
+# List of image pull secrets (for private registries)
+imagePullSecrets: []
+
+# Override the default name or full name of resources
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Create a service account for Valkey
+  create: true
+  # Whether to automount the service account token
+  automount: false
+  # Annotations to add to the service account
+  annotations: {}
+  # Name of an existing service account to use (if create: false)
+  name: ""
+
+# Annotations and labels for the pods
+podAnnotations: {}
+podLabels: {}
+
+# Security context for the pod (applies to all containers)
+podSecurityContext:
+  fsGroup: 1000
+  runAsUser: 1000
+  runAsGroup: 1000
+
+# Security context for the Valkey containers
+securityContext:
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
+service:
+  # Type of Kubernetes service (ClusterIP, NodePort, LoadBalancer)
+  type: ClusterIP
+  # Port on which Valkey will be exposed
+  port: 6379
+
+# Network policy to control traffic to the pods
+# More info: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+networkPolicy: {}
+
+# Resource limits/requests for the main Valkey container
+resources: {}
+  # Example:
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# Resource limits/requests for init containers
+initResources: {}
+  # Example:
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# Persistent storage configuration
+dataStorage:
+  # Enable persistent volume claim creation
+  enabled: true
+
+  # Use existing PVC by name (skip dynamic provisioning if set)
+  persistentVolumeClaimName: ""
+
+  # Name of the volume (referenced in deployment)
+  volumeName: "valkey-data"
+
+  # Request size (e.g. 5Gi) for dynamically provisioned volume
+  requestedSize: "8"
+
+  # Name of the storage class to use
+  className: openebs-3-replicas
+
+  # Access modes for the PVC (e.g., ReadWriteOnce, ReadWriteMany)
+  accessModes:
+    - ReadWriteOnce
+
+  # If true, keep the PVC on Helm uninstall
+  keepPvc: false
+
+  # Optional annotations to add to the PVC
+  annotations: {}
+
+  # Optional labels to add to the PVC
+  labels: {}
+
+# Mount additional secrets into the Valkey container
+extraValkeySecrets: []
+
+# Mount additional configMaps into the Valkey container
+extraValkeyConfigs: []
+
+# Mount extra secrets as volume to init container (deprecated, use extraValkeySecrets)
+extraSecretValkeyConfigs: false
+
+# Mount additional emptyDir or hostPath volumes (advanced use)
+extraStorage: []
+
+# Content for valkey.conf (will be mounted via ConfigMap)
+valkeyConfig: ""
+
+auth:
+  # Enable ACL-based authentication
+  enabled: false
+
+  # Default ACL rules (used only if auth.enabled is true)
+  aclConfig: |
+    # Users and permissions can be defined here
+    # Example:
+    # user default off
+    # user default on >defaultpassword ~*  &* +@all 
+
+# Node selector for pod assignment
+nodeSelector: {}
+
+# Tolerations for pod assignment to tainted nodes
+tolerations: []
+
+# Affinity rules for pod scheduling
+affinity: {}
+
+# See https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints
+topologySpreadConstraints: {}
+
+# Valkey logging level: debug, verbose, notice, warning
+valkeyLogLevel: "notice"
+
+metrics:
+  # Enable Prometheus exporter sidecar
+  enabled: false
+
+  exporter:
+    # Additional secrets to mount for metrics exporter
+    extraExporterSecrets: []
+
+# Environment variables to inject into Valkey container
+env: {}
+  # Example:
+  # LOG_LEVEL: info