global: # The global image registry (this will override the registry of all container images defined in this chart) imageRegistry: "" # The global image pull secrets (list of secret names) imagePullSecrets: [] # Number of Valkey pods to run replicaCount: 1 image: # Image registry registry: "docker.io" # Valkey container image repository repository: valkey/valkey # Image pull policy (Always, IfNotPresent, Never) pullPolicy: IfNotPresent # Image tag (leave empty to use .Chart.AppVersion) tag: "" # List of image pull secrets (for private registries) imagePullSecrets: [] # Override the default name or full name of resources nameOverride: "" fullnameOverride: "" serviceAccount: # Create a service account for Valkey create: true # Whether to automount the service account token automount: false # Annotations to add to the service account annotations: {} # Name of an existing service account to use (if create: false) name: "" # Annotations and labels for the pods podAnnotations: {} podLabels: {} # Common labels to add to all resources (Deployment, Service, ConfigMap, etc.) commonLabels: {} # Security context for the pod (applies to all containers) podSecurityContext: fsGroup: 1000 runAsUser: 1000 runAsGroup: 1000 # Priority class name for pod scheduling (leave empty to use cluster's default) priorityClassName: "" # Security context for the Valkey containers securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 service: # Type of Kubernetes service (ClusterIP, NodePort, LoadBalancer) type: ClusterIP # Port on which Valkey will be exposed port: 6379 annotations: {} # NodePort value (if service.type is NodePort) nodePort: 0 # ClusterIP value clusterIP: "" # Network policy to control traffic to the pods # More info: https://kubernetes.io/docs/concepts/services-networking/network-policies/ networkPolicy: {} # Resource limits/requests for the main Valkey container resources: {} # Example: # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # Resource limits/requests for init containers initResources: {} # Example: # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # Additional init containers extraInitContainers: [] # Persistent storage configuration dataStorage: # Enable persistent volume claim creation enabled: true # Use existing PVC by name (skip dynamic provisioning if set) persistentVolumeClaimName: "" # Subpath inside PVC to mount subPath: "" # Name of the volume (referenced in deployment) volumeName: "valkey-data" # Request size (e.g. 5Gi) for dynamically provisioned volume requestedSize: "8Gi" # Name of the storage class to use className: openebs-3-replicas # Access modes for the PVC (e.g., ReadWriteOnce, ReadWriteMany) accessModes: - ReadWriteOnce # If true, keep the PVC on Helm uninstall keepPvc: false # Optional annotations to add to the PVC annotations: {} # Optional labels to add to the PVC labels: {} # Mount additional secrets into the Valkey container extraValkeySecrets: - name: valkey-pass mountPath: /run/secrets/valkey # Mount additional configMaps into the Valkey container extraValkeyConfigs: [] # Mount extra secrets as volume to init container (deprecated, use extraValkeySecrets) extraSecretValkeyConfigs: false # Mount additional emptyDir or hostPath volumes (advanced use) extraStorage: [] # Content for valkey.conf (will be mounted via ConfigMap) valkeyConfig: include /run/secrets/valkey/requirepass auth: # Enable ACL-based authentication enabled: false # Use an existing secret for user passwords. Key defaults to username. usersExistingSecret: "" # Map of users to create with ACL permissions. # If usersExistingSecret is set, passwords from the secret take priority over inline passwords. aclUsers: {} # Example: # default: # permissions: "~* &* +@all" # password: "secretpass" # Inline password (fallback if usersExistingSecret not set) # passwordKey: "admin-pwd" # Key in usersExistingSecret (defaults to username) # read-user: # permissions: "~* -@all +@read +ping +info" # Inline ACL configuration that will be appended after generated users. aclConfig: "" # Example: # aclConfig: | # user default on >secretpass ~* &* +@all tls: # Enable TLS enabled: false # Name of the Secret containing TLS keys (required) existingSecret: "" # Secret key name containing server public certificate serverPublicKey: server.crt # Secret key name containing server private key serverKey: server.key # Secret key name containing Certificate Authority public certificate caPublicKey: ca.crt # Secret key name containing DH parameters (optional) dhParamKey: "" # Require that clients authenticate with a certificate requireClientCertificate: false # Node selector for pod assignment nodeSelector: {} # Tolerations for pod assignment to tainted nodes tolerations: [] # Affinity rules for pod scheduling affinity: {} # Set Deployment strategy. See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy deploymentStrategy: RollingUpdate # See https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints topologySpreadConstraints: [] # Valkey logging level: debug, verbose, notice, warning valkeyLogLevel: "notice" # Environment variables to inject into Valkey container env: {} # Example: # LOG_LEVEL: info metrics: # Enable Prometheus exporter sidecar enabled: false # Exporter configuration exporter: # Command to run in the metrics exporter container (overrides args) command: [] # Arguments to pass to the metrics exporter container args: [] # Example: # - --redis.addr=redis:6379 # Port on which the metrics exporter will listen port: 9121 # Image configuration image: # Image registry registry: ghcr.io # Prometheus exporter container image repository repository: oliver006/redis_exporter # Image pull policy (Always, IfNotPresent, Never) pullPolicy: IfNotPresent # Image tag (leave empty to use latest) tag: "v1.79.0" resources: {} # Example: # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # Extra volume mounts for metrics exporter container extraVolumeMounts: [] # Environment variables to inject into the metrics exporter container extraEnvs: {} # Example: # LOG_LEVEL: info securityContext: {} # Example: # runAsNonRoot: true # runAsUser: 1000 # runAsGroup: 1000 # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # Service configuration for the metrics exporter service: # Enable a separate service for the metrics exporter enabled: true # Service type (ClusterIP, NodePort, LoadBalancer) type: ClusterIP # Port on which the metrics exporter service will be exposed ports: http: 9121 # Optional annotations for the metrics exporter service annotations: {} # Optional labels for the metrics exporter service extraLabels: {} # ServiceMonitor configuration for Prometheus Operator serviceMonitor: # Enable ServiceMonitor resource for scraping service metrics enabled: false # Port name or number to scrape metrics from port: metrics # Extra labels for the ServiceMonitor resource extraLabels: {} # Extra annotations for the ServiceMonitor resource annotations: {} # How often Prometheus should scrape metrics interval: 30s # Maximum duration allowed for a scrape request scrapeTimeout: "" # Relabeling rules applied before scraping metrics relabelings: [] # Relabeling rules applied before ingesting metrics metricRelabelings: [] # Set honorLabels to true to preserve original metric labels honorLabels: false # Extra labels to help Prometheus discover ServiceMonitor resources additionalLabels: {} # Pod labels to copy onto the generated metrics podTargetLabels: [] # Maximum number of samples to collect per Pod scrape sampleLimit: false # Maximum number of scrape targets allowed targetLimit: false podMonitor: # Enable PodMonitor resource for scraping pod metrics enabled: false # Port name or number to scrape metrics from port: metrics # Extra labels for the ServiceMonitor resource extraLabels: {} # Extra annotations for the ServiceMonitor resource annotations: {} # Frequency for Prometheus to scrape pod metrics interval: 30s # Time limit for each scrape operation scrapeTimeout: "" # Relabeling rules to apply before scraping pod metrics relabelings: [] # Relabeling rules to apply before ingesting pod metrics metricRelabelings: [] # If true, keeps original labels from the pod metrics honorLabels: false # Additional labels for Prometheus to find PodMonitor resources additionalLabels: {} # Pod labels to attach to the metrics podTargetLabels: [] # Maximum samples to scrape from each Pod sampleLimit: false # Maximum number of pods to scrape targetLimit: false # PrometheusRule configuration for alerting rules (used by kube-prometheus-stack) prometheusRule: # Enable creation of PrometheusRule resource enabled: false # Extra labels to add to the PrometheusRule resource extraLabels: {} # Extra annotations to add to the PrometheusRule resource extraAnnotations: {} # List of Prometheus alerting rules rules: [] # Example alerting rules: # - alert: ValkeyDown # annotations: # summary: Valkey instance {{ "{{ $labels.instance }}" }} down # description: Valkey instance {{ "{{ $labels.instance }}" }} is down. # expr: | # redis_up{service="{{ include "valkey.fullname" . }}-metrics"} == 0 # for: 2m # labels: # severity: error # - alert: ValkeyMemoryHigh # annotations: # summary: Valkey instance {{ "{{ $labels.instance }}" }} is using too much memory # description: | # Valkey instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. # expr: | # redis_memory_used_bytes{service="{{ include "valkey.fullname" . }}-metrics"} * 100 # / # redis_memory_max_bytes{service="{{ include "valkey.fullname" . }}-metrics"} # > 90 <= 100 # for: 2m # labels: # severity: error # - alert: ValkeyKeyEviction # annotations: # summary: Valkey instance {{ "{{ $labels.instance }}" }} has evicted keys # description: | # Valkey instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. # expr: | # increase(redis_evicted_keys_total{service="{{ include "valkey.fullname" . }}-metrics"}[5m]) > 0 # for: 1s # labels: # severity: error