valkey-cluster
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
## @param global.valkey.password Valkey password (overrides `password`)
21
##
22
global:
23
imageRegistry: ""
24
## E.g.
25
## imagePullSecrets:
26
## - myRegistryKeySecretName
27
##
28
imagePullSecrets: []
29
defaultStorageClass: ""
30
storageClass: ""
31
## Security parameters
32
##
33
security:
34
## @param global.security.allowInsecureImages Allows skipping image verification
35
allowInsecureImages: false
36
valkey:
37
password: ""
38
## Compatibility adaptations for Kubernetes platforms
39
##
40
compatibility:
41
## Compatibility adaptations for Openshift
42
##
43
openshift:
44
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
45
##
46
adaptSecurityContext: auto
47
org: ""
48
## @section Valkey Cluster Common parameters
49
##
50
51
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
52
##
53
nameOverride: ""
54
## @param fullnameOverride String to fully override common.names.fullname template
55
##
56
fullnameOverride: ""
57
## @param clusterDomain Kubernetes Cluster Domain
58
##
59
clusterDomain: cluster.local
60
## @param commonAnnotations Annotations to add to all deployed objects
61
##
62
commonAnnotations: {}
63
## @param commonLabels Labels to add to all deployed objects
64
##
65
commonLabels: {}
66
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template)
67
##
68
extraDeploy: []
69
## Enable diagnostic mode in the deployment
70
##
71
diagnosticMode:
72
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
73
##
74
enabled: false
75
## @param diagnosticMode.command Command to override all containers in the deployment
76
##
77
command:
78
- sleep
79
## @param diagnosticMode.args Args to override all containers in the deployment
80
##
81
args:
82
- infinity
83
## Iamguarded Valkey image version
84
## @param image.registry [default: REGISTRY_NAME] Valkey cluster image registry
85
## @param image.repository [default: REPOSITORY_NAME/valkey-cluster] Valkey cluster image repository
86
## @skip image.tag Valkey cluster image tag (immutable tags are recommended)
87
## @param image.digest Valkey cluster image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
88
## @param image.pullPolicy Valkey cluster image pull policy
89
## @param image.pullSecrets Specify docker-registry secret names as an array
90
## @param image.debug Enable image debug mode
91
##
92
image:
93
registry: cgr.dev
94
repository: chainguard-private/valkey-cluster-iamguarded
95
tag: 9.0.3
96
digest: ""
97
## Specify a imagePullPolicy
98
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
99
##
100
pullPolicy: IfNotPresent
101
## Optionally specify an array of imagePullSecrets.
102
## Secrets must be manually created in the namespace.
103
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
104
## e.g:
105
## pullSecrets:
106
## - myRegistryKeySecretName
107
##
108
pullSecrets: []
109
## Enable debug mode
110
##
111
debug: false
112
## Network Policy configuration
113
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
114
##
115
networkPolicy:
116
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
117
##
118
enabled: true
119
## @param networkPolicy.allowExternal The Policy model to apply
120
## When set to false, only pods with the correct client label will have network access to the ports Valkey Cluster is
121
## listening on. When true, Valkey Cluster will accept connections from any source (with the correct destination port).
122
##
123
allowExternal: true
124
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
125
##
126
allowExternalEgress: true
127
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
128
## e.g:
129
## extraIngress:
130
## - ports:
131
## - port: 1234
132
## from:
133
## - podSelector:
134
## - matchLabels:
135
## - role: frontend
136
## - podSelector:
137
## - matchExpressions:
138
## - key: role
139
## operator: In
140
## values:
141
## - frontend
142
##
143
extraIngress: []
144
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
145
## e.g:
146
## extraEgress:
147
## - ports:
148
## - port: 1234
149
## to:
150
## - podSelector:
151
## - matchLabels:
152
## - role: frontend
153
## - podSelector:
154
## - matchExpressions:
155
## - key: role
156
## operator: In
157
## values:
158
## - frontend
159
##
160
extraEgress: []
161
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
162
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
163
##
164
ingressNSMatchLabels: {}
165
ingressNSPodMatchLabels: {}
166
serviceAccount:
167
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
168
##
169
create: true
170
## @param serviceAccount.name The name of the ServiceAccount to create
171
## If not set and create is true, a name is generated using the fullname template
172
##
173
name: ""
174
## @param serviceAccount.annotations Annotations for Cassandra Service Account
175
##
176
annotations: {}
177
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
178
##
179
automountServiceAccountToken: false
180
rbac:
181
## @param rbac.create Specifies whether RBAC resources should be created
182
##
183
create: false
184
role:
185
## @param rbac.role.rules Rules to create. It follows the role specification
186
## rules:
187
## - apiGroups:
188
## - extensions
189
## resources:
190
## - podsecuritypolicies
191
## verbs:
192
## - use
193
## resourceNames:
194
## - gce.unprivileged
195
##
196
rules: []
197
## Valkey pod Security Context
198
## @param podSecurityContext.enabled Enable Valkey pod Security Context
199
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
200
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
201
## @param podSecurityContext.fsGroup Group ID for the pods
202
## @param podSecurityContext.sysctls Set namespaced sysctls for the pods
203
##
204
podSecurityContext:
205
enabled: true
206
fsGroupChangePolicy: Always
207
supplementalGroups: []
208
fsGroup: 1001
209
## Uncomment the setting below to increase the net.core.somaxconn value
210
## e.g:
211
## sysctls:
212
## - name: net.core.somaxconn
213
## value: "10000"
214
##
215
sysctls: []
216
## @param podDisruptionBudget DEPRECATED please use pdb instead
217
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions
218
##
219
podDisruptionBudget: {}
220
## Pod Disruption Budget configuration
221
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
222
##
223
pdb:
224
## @param pdb.create Created a PodDisruptionBudget
225
##
226
create: true
227
## @param pdb.minAvailable Min number of pods that must still be available after the eviction.
228
## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0
229
##
230
minAvailable: ""
231
## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction.
232
## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0
233
##
234
maxUnavailable: ""
235
## Containers Security Context
236
## @param containerSecurityContext.enabled Enabled containers' Security Context
237
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
238
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
239
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
240
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
241
## @param containerSecurityContext.privileged Set container's Security Context privileged
242
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
243
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
244
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
245
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
246
##
247
containerSecurityContext:
248
enabled: true
249
seLinuxOptions: {}
250
runAsUser: 1001
251
runAsGroup: 1001
252
runAsNonRoot: true
253
privileged: false
254
readOnlyRootFilesystem: true
255
allowPrivilegeEscalation: false
256
capabilities:
257
drop: ["ALL"]
258
seccompProfile:
259
type: "RuntimeDefault"
260
## @param usePassword Use password authentication
261
##
262
usePassword: true
263
## @param password Valkey password (ignored if existingSecret set)
264
## Defaults to a random 10-character alphanumeric string if not set and usePassword is true
265
##
266
password: ""
267
## @param existingSecret Name of existing secret object (for password authentication)
268
##
269
existingSecret: ""
270
## @param existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret
271
##
272
existingSecretPasswordKey: ""
273
## @param usePasswordFiles Mount passwords as files instead of environment variables
274
##
275
usePasswordFiles: true
276
##
277
## TLS configuration
278
##
279
tls:
280
## @param tls.enabled Enable TLS support for replication traffic
281
##
282
enabled: false
283
## @param tls.authClients Require clients to authenticate or not
284
##
285
authClients: true
286
## @param tls.autoGenerated Generate automatically self-signed TLS certificates
287
##
288
autoGenerated: false
289
## @param tls.existingSecret The name of the existing secret that contains the TLS certificates
290
##
291
existingSecret: ""
292
## @param tls.certificatesSecret DEPRECATED. Use tls.existingSecret instead
293
##
294
certificatesSecret: ""
295
## @param tls.certFilename Certificate filename
296
##
297
certFilename: ""
298
## @param tls.certKeyFilename Certificate key filename
299
##
300
certKeyFilename: ""
301
## @param tls.certCAFilename CA Certificate filename
302
##
303
certCAFilename: ""
304
## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers)
305
##
306
dhParamsFilename: ""
307
## Valkey Service properties for standalone mode.
308
##
309
service:
310
## @param service.ports.valkey Kubernetes Valkey service port
311
##
312
ports:
313
valkey: 6379
314
## Node ports to expose
315
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
316
## @param service.nodePorts.valkey Node port for Valkey
317
##
318
nodePorts:
319
valkey: ""
320
## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
321
##
322
extraPorts: []
323
## @param service.annotations Provide any additional annotations which may be required.
324
## This can be used to set the LoadBalancer service type to internal only.
325
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
326
##
327
annotations: {}
328
## @param service.labels Additional labels for valkey service
329
##
330
labels: {}
331
## @param service.type Service type for default valkey service
332
## Setting this to LoadBalancer may require corresponding service annotations for loadbalancer creation to succeed.
333
## Currently supported types are ClusterIP (default) and LoadBalancer
334
##
335
type: ClusterIP
336
## @param service.clusterIP Service Cluster IP
337
## e.g.:
338
## clusterIP: None
339
##
340
clusterIP: ""
341
## @param service.loadBalancerIP Load balancer IP if `service.type` is `LoadBalancer`
342
## If service.type is LoadBalancer, request a specific static IP address if supported by the cloud provider, otherwise leave blank
343
##
344
loadBalancerIP: ""
345
## @param service.loadBalancerSourceRanges Service Load Balancer sources
346
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
347
## e.g:
348
## loadBalancerSourceRanges:
349
## - 10.10.10.0/24
350
##
351
loadBalancerSourceRanges: []
352
## @param service.externalTrafficPolicy Service external traffic policy
353
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
354
##
355
externalTrafficPolicy: Cluster
356
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
357
## If "ClientIP", consecutive client requests will be directed to the same Pod
358
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
359
##
360
sessionAffinity: None
361
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
362
## sessionAffinityConfig:
363
## clientIP:
364
## timeoutSeconds: 300
365
##
366
sessionAffinityConfig: {}
367
## Headless service properties
368
##
369
headless:
370
## @param service.headless.annotations Annotations for the headless service.
371
##
372
annotations: {}
373
## Enable persistence using Persistent Volume Claims
374
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
375
##
376
persistence:
377
## @param persistence.enabled Enable persistence on Valkey
378
## If enabled, nodes are using Persistent Volume Claims
379
## If disabled, an emptyDir volume is used. This is not recommended.
380
##
381
enabled: true
382
## @param persistence.path Path to mount the volume at, to use other images Valkey images.
383
##
384
path: /iamguarded/valkey/data
385
## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
386
##
387
subPath: ""
388
## @param persistence.storageClass Storage class of backing PVC
389
## If defined, storageClassName: <storageClass>
390
## If set to "-", storageClassName: "", which disables dynamic provisioning
391
## If undefined (the default) or set to null, no storageClassName spec is
392
## set, choosing the default provisioner. (gp2 on AWS, standard on
393
## GKE, AWS & OpenStack)
394
##
395
storageClass: ""
396
## @param persistence.annotations Persistent Volume Claim annotations
397
##
398
annotations: {}
399
## @param persistence.labels Persistent Volume Claim labels
400
##
401
labels: {}
402
## @param persistence.accessModes Persistent Volume Access Modes
403
##
404
accessModes:
405
- ReadWriteOnce
406
## @param persistence.size Size of data volume
407
##
408
size: 8Gi
409
## @param persistence.matchLabels Persistent Volume selectors
410
## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
411
##
412
matchLabels: {}
413
## @param persistence.matchExpressions matchExpressions Persistent Volume selectors
414
##
415
matchExpressions: {}
416
## persistentVolumeClaimRetentionPolicy
417
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
418
## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
419
## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
420
## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
421
persistentVolumeClaimRetentionPolicy:
422
enabled: false
423
whenScaled: Retain
424
whenDeleted: Retain
425
## Init containers parameters:
426
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
427
##
428
volumePermissions:
429
## @param volumePermissions.enabled Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
430
##
431
enabled: false
432
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
433
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
434
## @skip volumePermissions.image.tag Init container volume-permissions image tag
435
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
436
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
437
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
438
##
439
image:
440
registry: cgr.dev
441
repository: chainguard-private/os-shell-iamguarded
442
tag: 1.0.0
443
digest: ""
444
pullPolicy: IfNotPresent
445
## Optionally specify an array of imagePullSecrets.
446
## Secrets must be manually created in the namespace.
447
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
448
## e.g:
449
## pullSecrets:
450
## - myRegistryKeySecretName
451
##
452
pullSecrets: []
453
## Containers Security Context
454
## @param volumePermissions.containerSecurityContext.enabled Enable Containers' Security Context
455
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
456
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the containers.
457
## @param volumePermissions.containerSecurityContext.privileged Run container as privileged
458
##
459
containerSecurityContext:
460
enabled: true
461
seLinuxOptions: {}
462
runAsUser: 0
463
privileged: false
464
## Container resource requests and limits
465
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
466
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
467
##
468
resourcesPreset: "nano"
469
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
470
## Example:
471
## resources:
472
## requests:
473
## cpu: 2
474
## memory: 512Mi
475
## limits:
476
## cpu: 3
477
## memory: 1024Mi
478
##
479
resources: {}
480
## @section Valkey statefulset parameters
481
##
482
valkey:
483
## @param valkey.command Valkey entrypoint string. The command `valkey-server` is executed if this is not provided
484
##
485
command: []
486
## @param valkey.args Arguments for the provided command if needed
487
##
488
args: []
489
## @param valkey.updateStrategy.type Argo Workflows statefulset strategy type
490
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
491
##
492
updateStrategy:
493
## StrategyType
494
## Can be set to RollingUpdate or OnDelete
495
##
496
type: RollingUpdate
497
## @param valkey.updateStrategy.rollingUpdate.partition Partition update strategy
498
## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
499
##
500
rollingUpdate:
501
partition: 0
502
## @param valkey.podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join
503
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
504
##
505
podManagementPolicy: Parallel
506
## @param valkey.automountServiceAccountToken Mount Service Account token in pod
507
##
508
automountServiceAccountToken: false
509
## @param valkey.hostAliases Deployment pod host aliases
510
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
511
##
512
hostAliases: []
513
## @param valkey.hostNetwork Host networking requested for this pod. Use the host's network namespace.
514
## https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podspec-v1-core
515
##
516
hostNetwork: false
517
## @param valkey.useAOFPersistence Whether to use AOF Persistence mode or not
518
## It is strongly recommended to use this type when dealing with clusters
519
## ref: https://valkey.io/topics/persistence#append-only-file
520
## ref: https://valkey.io/topics/cluster-tutorial#creating-and-using-a-valkey-cluster
521
##
522
useAOFPersistence: "yes"
523
## @param valkey.containerPorts.valkey Valkey port
524
## @param valkey.containerPorts.bus The busPort should be obtained adding 10000 to the valkeyPort. By default: 10000 + 6379 = 16379
525
##
526
containerPorts:
527
valkey: 6379
528
bus: 16379
529
## @param valkey.lifecycleHooks LifecycleHook to set additional configuration before or after startup. Evaluated as a template
530
##
531
lifecycleHooks: {}
532
## @param valkey.extraVolumes Extra volumes to add to the deployment
533
##
534
extraVolumes: []
535
## @param valkey.extraVolumeMounts Extra volume mounts to add to the container
536
##
537
extraVolumeMounts: []
538
## @param valkey.customLivenessProbe Override default liveness probe
539
##
540
customLivenessProbe: {}
541
## @param valkey.customReadinessProbe Override default readiness probe
542
##
543
customReadinessProbe: {}
544
## @param valkey.customStartupProbe Custom startupProbe that overrides the default one
545
##
546
customStartupProbe: {}
547
## @param valkey.initContainers Extra init containers to add to the deployment
548
##
549
initContainers: []
550
## @param valkey.sidecars Extra sidecar containers to add to the deployment
551
##
552
sidecars: []
553
## @param valkey.podLabels Additional labels for Valkey pod
554
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
555
##
556
podLabels: {}
557
## @param valkey.priorityClassName Valkey Primary pod priorityClassName
558
##
559
priorityClassName: ""
560
## @param valkey.defaultConfigOverride Optional default Valkey configuration for the nodes
561
## If not set, the default Valkey configuration from the chart is used
562
## ref: https://valkey.io/topics/config
563
##
564
defaultConfigOverride: ""
565
## @param valkey.configmap Additional Valkey configuration for the nodes
566
## ref: https://valkey.io/topics/config
567
##
568
configmap: ""
569
## @param valkey.extraEnvVars An array to add extra environment variables
570
## For example:
571
## - name: BEARER_AUTH
572
## value: true
573
##
574
extraEnvVars: []
575
## @param valkey.extraEnvVarsCM ConfigMap with extra environment variables
576
##
577
extraEnvVarsCM: ""
578
## @param valkey.extraEnvVarsSecret Secret with extra environment variables
579
##
580
extraEnvVarsSecret: ""
581
## @param valkey.podAnnotations Valkey additional annotations
582
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
583
##
584
podAnnotations: {}
585
## Valkey resource requests and limits
586
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
587
## @param valkey.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if valkey.resources is set (valkey.resources is recommended for production).
588
##
589
resourcesPreset: "nano"
590
## @param valkey.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
591
## Example:
592
## resources:
593
## requests:
594
## cpu: 2
595
## memory: 512Mi
596
## limits:
597
## cpu: 3
598
## memory: 1024Mi
599
##
600
resources: {}
601
## @param valkey.schedulerName Use an alternate scheduler, e.g. "stork".
602
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
603
##
604
schedulerName: ""
605
## @param valkey.shareProcessNamespace Enable shared process namespace in a pod.
606
## If set to false (default), each container will run in separate namespace, valkey will have PID=1.
607
## If set to true, the /pause will run as init process and will reap any zombie PIDs,
608
## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
609
## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
610
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
611
##
612
shareProcessNamespace: false
613
## Configure extra options for Valkey liveness probes
614
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
615
## @param valkey.livenessProbe.enabled Enable livenessProbe
616
## @param valkey.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
617
## @param valkey.livenessProbe.periodSeconds Period seconds for livenessProbe
618
## @param valkey.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
619
## @param valkey.livenessProbe.failureThreshold Failure threshold for livenessProbe
620
## @param valkey.livenessProbe.successThreshold Success threshold for livenessProbe
621
##
622
livenessProbe:
623
enabled: true
624
initialDelaySeconds: 5
625
periodSeconds: 5
626
timeoutSeconds: 5
627
successThreshold: 1
628
failureThreshold: 5
629
## Configure extra options for Valkey readiness probes
630
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
631
## @param valkey.readinessProbe.enabled Enable readinessProbe
632
## @param valkey.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
633
## @param valkey.readinessProbe.periodSeconds Period seconds for readinessProbe
634
## @param valkey.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
635
## @param valkey.readinessProbe.failureThreshold Failure threshold for readinessProbe
636
## @param valkey.readinessProbe.successThreshold Success threshold for readinessProbe
637
##
638
readinessProbe:
639
enabled: true
640
initialDelaySeconds: 5
641
periodSeconds: 5
642
timeoutSeconds: 1
643
successThreshold: 1
644
failureThreshold: 5
645
## @param valkey.startupProbe.enabled Enable startupProbe
646
## @param valkey.startupProbe.path Path to check for startupProbe
647
## @param valkey.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
648
## @param valkey.startupProbe.periodSeconds Period seconds for startupProbe
649
## @param valkey.startupProbe.timeoutSeconds Timeout seconds for startupProbe
650
## @param valkey.startupProbe.failureThreshold Failure threshold for startupProbe
651
## @param valkey.startupProbe.successThreshold Success threshold for startupProbe
652
##
653
startupProbe:
654
enabled: false
655
path: /
656
initialDelaySeconds: 300
657
periodSeconds: 10
658
timeoutSeconds: 5
659
failureThreshold: 6
660
successThreshold: 1
661
## @param valkey.podAffinityPreset Valkey pod affinity preset. Ignored if `valkey.affinity` is set. Allowed values: `soft` or `hard`
662
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
663
##
664
podAffinityPreset: ""
665
## @param valkey.podAntiAffinityPreset Valkey pod anti-affinity preset. Ignored if `valkey.affinity` is set. Allowed values: `soft` or `hard`
666
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
667
##
668
podAntiAffinityPreset: soft
669
## Valkey node affinity preset
670
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
671
##
672
nodeAffinityPreset:
673
## @param valkey.nodeAffinityPreset.type Valkey node affinity preset type. Ignored if `valkey.affinity` is set. Allowed values: `soft` or `hard`
674
##
675
type: ""
676
## @param valkey.nodeAffinityPreset.key Valkey node label key to match Ignored if `valkey.affinity` is set.
677
## E.g.
678
## key: "kubernetes.io/e2e-az-name"
679
##
680
key: ""
681
## @param valkey.nodeAffinityPreset.values Valkey node label values to match. Ignored if `valkey.affinity` is set.
682
## E.g.
683
## values:
684
## - e2e-az1
685
## - e2e-az2
686
##
687
values: []
688
## @param valkey.affinity Affinity settings for Valkey pod assignment
689
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
690
## Note: valkey.podAffinityPreset, valkey.podAntiAffinityPreset, and valkey.nodeAffinityPreset will be ignored when it's set
691
##
692
affinity: {}
693
## @param valkey.nodeSelector Node labels for Valkey pods assignment
694
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
695
##
696
nodeSelector: {}
697
## @param valkey.tolerations Tolerations for Valkey pods assignment
698
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
699
##
700
tolerations: []
701
## @param valkey.topologySpreadConstraints Pod topology spread constraints for Valkey pod
702
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
703
## The value is evaluated as a template
704
##
705
topologySpreadConstraints: []
706
## @section Cluster update job parameters
707
##
708
709
## Cluster update job settings
710
##
711
updateJob:
712
## @param updateJob.activeDeadlineSeconds Number of seconds the Job to create the cluster will be waiting for the Nodes to be ready.
713
##
714
activeDeadlineSeconds: 600
715
## @param updateJob.command Container command (using container default if not set)
716
##
717
command: []
718
## @param updateJob.args Container args (using container default if not set)
719
##
720
args: []
721
## @param updateJob.automountServiceAccountToken Mount Service Account token in pod
722
##
723
automountServiceAccountToken: false
724
## @param updateJob.hostAliases Deployment pod host aliases
725
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
726
##
727
hostAliases: []
728
## @param updateJob.helmHook Job Helm hook
729
## https://helm.sh/docs/topics/charts_hooks/#the-available-hooks
730
##
731
helmHook: post-upgrade
732
## @param updateJob.annotations Job annotations
733
##
734
annotations: {}
735
## @param updateJob.podAnnotations Job pod annotations
736
##
737
podAnnotations: {}
738
## @param updateJob.podLabels Pod extra labels
739
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
740
##
741
podLabels: {}
742
## @param updateJob.extraEnvVars An array to add extra environment variables
743
## For example:
744
## - name: BEARER_AUTH
745
## value: true
746
##
747
extraEnvVars: []
748
## @param updateJob.extraEnvVarsCM ConfigMap containing extra environment variables
749
##
750
extraEnvVarsCM: ""
751
## @param updateJob.extraEnvVarsSecret Secret containing extra environment variables
752
##
753
extraEnvVarsSecret: ""
754
## @param updateJob.extraVolumes Extra volumes to add to the deployment
755
##
756
extraVolumes: []
757
## @param updateJob.extraVolumeMounts Extra volume mounts to add to the container
758
##
759
extraVolumeMounts: []
760
## @param updateJob.initContainers Extra init containers to add to the deployment
761
##
762
initContainers: []
763
## @param updateJob.podAffinityPreset Update job pod affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard`
764
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
765
##
766
podAffinityPreset: ""
767
## @param updateJob.podAntiAffinityPreset Update job pod anti-affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard`
768
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
769
##
770
podAntiAffinityPreset: soft
771
## Update job node affinity preset
772
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
773
##
774
nodeAffinityPreset:
775
## @param updateJob.nodeAffinityPreset.type Update job node affinity preset type. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard`
776
##
777
type: ""
778
## @param updateJob.nodeAffinityPreset.key Update job node label key to match Ignored if `updateJob.affinity` is set.
779
## E.g.
780
## key: "kubernetes.io/e2e-az-name"
781
##
782
key: ""
783
## @param updateJob.nodeAffinityPreset.values Update job node label values to match. Ignored if `updateJob.affinity` is set.
784
## E.g.
785
## values:
786
## - e2e-az1
787
## - e2e-az2
788
##
789
values: []
790
## @param updateJob.affinity Affinity for update job pods assignment
791
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
792
## Note: updateJob.podAffinityPreset, updateJob.podAntiAffinityPreset, and updateJob.nodeAffinityPreset will be ignored when it's set
793
##
794
affinity: {}
795
## @param updateJob.nodeSelector Node labels for update job pods assignment
796
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
797
##
798
nodeSelector: {}
799
## @param updateJob.tolerations Tolerations for update job pods assignment
800
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
801
##
802
tolerations: []
803
## @param updateJob.priorityClassName Priority class name
804
##
805
priorityClassName: ""
806
## Container resource requests and limits
807
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
808
## We usually recommend not to specify default resources and to leave this as a conscious
809
## choice for the user. This also increases chances charts run on environments with little
810
## resources, such as Minikube. If you do want to specify resources, uncomment the following
811
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
812
## @param updateJob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if updateJob.resources is set (updateJob.resources is recommended for production).
813
##
814
resourcesPreset: "nano"
815
## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
816
## Example:
817
## resources:
818
## requests:
819
## cpu: 2
820
## memory: 512Mi
821
## limits:
822
## cpu: 3
823
## memory: 1024Mi
824
##
825
resources: {}
826
## @section Cluster management parameters
827
##
828
829
## Valkey Cluster settings
830
##
831
cluster:
832
## @param cluster.init Enable the initialization of the Valkey Cluster
833
##
834
init: true
835
## Number of Valkey nodes to be deployed
836
##
837
## Note:
838
## This is total number of nodes including the replicas. Meaning there will be 3 primary and 3 replica
839
## nodes (as replica count is set to 1 by default, there will be 1 replica per primary node).
840
## Hence, nodes = numberOfPrimaryNodes + numberOfPrimaryNodes * replicas
841
##
842
## @param cluster.nodes The number of primary nodes should always be >= 3, otherwise cluster creation will fail
843
##
844
nodes: 6
845
## @param cluster.replicas Number of replicas for every primary in the cluster
846
## Parameter to be passed as --cluster-replicas to the valkey-cli --cluster create
847
## 1 means that we want a replica for every primary created
848
##
849
replicas: 1
850
## Configuration to access the Valkey Cluster from outside the Kubernetes cluster
851
##
852
externalAccess:
853
## @param cluster.externalAccess.enabled Enable access to the Valkey
854
##
855
enabled: false
856
## @param cluster.externalAccess.hostMode Set cluster preferred endpoint type as hostname
857
##
858
hostMode: false
859
service:
860
## @param cluster.externalAccess.service.disableLoadBalancerIP Disable use of `Service.spec.loadBalancerIP`
861
##
862
disableLoadBalancerIP: false
863
## @param cluster.externalAccess.service.loadBalancerIPAnnotaion Name of annotation to specify fixed IP for service in. Disables `Service.spec.loadBalancerIP` if not empty
864
##
865
loadBalancerIPAnnotaion: ""
866
## @param cluster.externalAccess.service.type Type for the services used to expose every Pod
867
## At this moment only LoadBalancer is supported
868
##
869
type: LoadBalancer
870
## @param cluster.externalAccess.service.port Port for the services used to expose every Pod
871
##
872
port: 6379
873
## @param cluster.externalAccess.service.loadBalancerIP Array of load balancer IPs for each Valkey node. Length must be the same as cluster.nodes
874
##
875
loadBalancerIP: []
876
## @param cluster.externalAccess.service.loadBalancerSourceRanges Service Load Balancer sources
877
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
878
## e.g:
879
## loadBalancerSourceRanges:
880
## - 10.10.10.0/24
881
##
882
loadBalancerSourceRanges: []
883
## @param cluster.externalAccess.service.annotations Annotations to add to the services used to expose every Pod of the Valkey Cluster
884
##
885
annotations: {}
886
## This section allows to update the Valkey cluster nodes.
887
##
888
update:
889
## @param cluster.update.addNodes Boolean to specify if you want to add nodes after the upgrade
890
## Setting this to true a hook will add nodes to the Valkey cluster after the upgrade. currentNumberOfNodes and currentNumberOfReplicas is required
891
##
892
addNodes: false
893
## @param cluster.update.currentNumberOfNodes Number of currently deployed Valkey nodes
894
##
895
currentNumberOfNodes: 6
896
## @param cluster.update.currentNumberOfReplicas Number of currently deployed Valkey replicas
897
##
898
currentNumberOfReplicas: 1
899
## @param cluster.update.newExternalIPs External IPs obtained from the services for the new nodes to add to the cluster
900
##
901
newExternalIPs: []
902
## @section Metrics sidecar parameters
903
##
904
905
## Prometheus Exporter / Metrics
906
##
907
metrics:
908
## @param metrics.enabled Start a side-car prometheus exporter
909
##
910
enabled: false
911
## @param metrics.image.registry [default: REGISTRY_NAME] Valkey exporter image registry
912
## @param metrics.image.repository [default: REPOSITORY_NAME/redis-exporter] Valkey exporter image name
913
## @skip metrics.image.tag Valkey exporter image tag
914
## @param metrics.image.digest Valkey exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
915
## @param metrics.image.pullPolicy Valkey exporter image pull policy
916
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
917
##
918
image:
919
registry: cgr.dev
920
repository: chainguard-private/prometheus-redis-exporter-iamguarded
921
tag: 1.82.0
922
digest: ""
923
pullPolicy: IfNotPresent
924
## Optionally specify an array of imagePullSecrets.
925
## Secrets must be manually created in the namespace.
926
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
927
## e.g:
928
## pullSecrets:
929
## - myRegistryKeySecretName
930
##
931
pullSecrets: []
932
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
933
##
934
resourcesPreset: "nano"
935
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
936
## Example:
937
## resources:
938
## requests:
939
## cpu: 2
940
## memory: 512Mi
941
## limits:
942
## cpu: 3
943
## memory: 1024Mi
944
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
945
##
946
resources: {}
947
## @param metrics.extraArgs Extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter)
948
## extraArgs:
949
## check-keys: myKey,myOtherKey
950
##
951
extraArgs: {}
952
## @param metrics.extraEnvVars Array with extra environment variables to add to Valkey exporter
953
## e.g:
954
# extraEnvVars:
955
## - name: FOO
956
## value: "bar"
957
##
958
extraEnvVars: []
959
## @param metrics.containerPorts.http Metrics HTTP container port
960
##
961
containerPorts:
962
http: 9121
963
## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod
964
##
965
podAnnotations:
966
prometheus.io/scrape: "true"
967
prometheus.io/port: "{{ .Values.metrics.containerPorts.http }}"
968
## @param metrics.podLabels Additional labels for Metrics exporter pod
969
##
970
podLabels: {}
971
## Containers' Security Context - All fields other than `enabled` get added to the metrics container's security context
972
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
973
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
974
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
975
## @param metrics.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
976
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
977
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
978
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
979
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
980
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
981
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
982
##
983
containerSecurityContext:
984
enabled: true
985
seLinuxOptions: {}
986
runAsUser: 1001
987
runAsGroup: 1001
988
runAsNonRoot: true
989
privileged: false
990
readOnlyRootFilesystem: true
991
allowPrivilegeEscalation: false
992
capabilities:
993
drop: ["ALL"]
994
seccompProfile:
995
type: "RuntimeDefault"
996
## Enable this if you're using https://github.com/coreos/prometheus-operator
997
##
998
serviceMonitor:
999
## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
1000
##
1001
enabled: false
1002
## @param metrics.serviceMonitor.namespace Optional namespace which Prometheus is running in
1003
##
1004
namespace: ""
1005
## @param metrics.serviceMonitor.interval How frequently to scrape metrics (use by default, falling back to Prometheus' default)
1006
##
1007
interval: ""
1008
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
1009
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1010
## e.g:
1011
## scrapeTimeout: 10s
1012
##
1013
scrapeTimeout: ""
1014
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
1015
## e.g:
1016
## selector:
1017
## prometheus: my-prometheus
1018
##
1019
selector: {}
1020
## @param metrics.serviceMonitor.labels ServiceMonitor extra labels
1021
##
1022
labels: {}
1023
## @param metrics.serviceMonitor.annotations ServiceMonitor annotations
1024
##
1025
annotations: {}
1026
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1027
##
1028
jobLabel: ""
1029
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
1030
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1031
##
1032
relabelings: []
1033
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
1034
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1035
##
1036
metricRelabelings: []
1037
## Custom PrometheusRule to be defined
1038
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
1039
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
1040
## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator
1041
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus
1042
## @param metrics.prometheusRule.namespace namespace where prometheusRules resource should be created
1043
## @param metrics.prometheusRule.rules Create specified [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/), check values for an example.
1044
##
1045
prometheusRule:
1046
enabled: false
1047
additionalLabels: {}
1048
namespace: ""
1049
## These are just examples rules, please adapt them to your needs.
1050
## Make sure to constraint the rules to the current postgresql service.
1051
## - alert: ValkeyDown
1052
## expr: valkey_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0
1053
## for: 2m
1054
## labels:
1055
## severity: error
1056
## annotations:
1057
## summary: Valkey instance {{ "{{ $instance }}" }} down
1058
## description: Valkey instance {{ "{{ $instance }}" }} is down.
1059
## - alert: ValkeyMemoryHigh
1060
## expr: >
1061
## valkey_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100
1062
## /
1063
## valkey_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"}
1064
## > 90
1065
## for: 2m
1066
## labels:
1067
## severity: error
1068
## annotations:
1069
## summary: Valkey instance {{ "{{ $instance }}" }} is using too much memory
1070
## description: Valkey instance {{ "{{ $instance }}" }} is using {{ "{{ $value }}" }}% of its available memory.
1071
## - alert: ValkeyKeyEviction
1072
## expr: increase(valkey_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0
1073
## for: 1s
1074
## labels:
1075
## severity: error
1076
## annotations:
1077
## summary: Valkey instance {{ "{{ $instance }}" }} has evicted keys
1078
## description: Valkey instance {{ "{{ $instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
1079
##
1080
rules: []
1081
## @param metrics.priorityClassName Metrics exporter pod priorityClassName
1082
##
1083
priorityClassName: ""
1084
## @param metrics.service.type Kubernetes Service type (valkey metrics)
1085
## @param metrics.service.loadBalancerIP Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank
1086
## @param metrics.service.annotations Annotations for the services to monitor.
1087
## @param metrics.service.labels Additional labels for the metrics service
1088
##
1089
service:
1090
type: ClusterIP
1091
## @param metrics.service.ports.http Metrics HTTP service port
1092
##
1093
ports:
1094
http: 9121
1095
## @param metrics.service.clusterIP Service Cluster IP
1096
## e.g.:
1097
## clusterIP: None
1098
##
1099
clusterIP: ""
1100
loadBalancerIP: ""
1101
annotations: {}
1102
labels: {}
1103
## @section Sysctl Image parameters
1104
##
1105
1106
## Sysctl InitContainer
1107
## Used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
1108
##
1109
sysctlImage:
1110
## @param sysctlImage.enabled Enable an init container to modify Kernel settings
1111
##
1112
enabled: false
1113
## @param sysctlImage.command sysctlImage command to execute
1114
##
1115
command: []
1116
## @param sysctlImage.registry [default: REGISTRY_NAME] sysctlImage Init container registry
1117
## @param sysctlImage.repository [default: REPOSITORY_NAME/os-shell] sysctlImage Init container repository
1118
## @skip sysctlImage.tag sysctlImage Init container tag
1119
## @param sysctlImage.digest sysctlImage Init container digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1120
## @param sysctlImage.pullPolicy sysctlImage Init container pull policy
1121
## @param sysctlImage.pullSecrets Specify docker-registry secret names as an array
1122
##
1123
registry: cgr.dev
1124
repository: chainguard-private/os-shell-iamguarded
1125
tag: 1.0.0
1126
digest: ""
1127
pullPolicy: IfNotPresent
1128
## Optionally specify an array of imagePullSecrets.
1129
## Secrets must be manually created in the namespace.
1130
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1131
## e.g:
1132
## pullSecrets:
1133
## - myRegistryKeySecretName
1134
##
1135
pullSecrets: []
1136
## @param sysctlImage.mountHostSys Mount the host `/sys` folder to `/host-sys`
1137
##
1138
mountHostSys: false
1139
## Containers Security Context
1140
## @param sysctlImage.containerSecurityContext.enabled Enable Containers' Security Context
1141
## @param sysctlImage.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1142
## @param sysctlImage.containerSecurityContext.runAsUser User ID for the containers.
1143
## @param sysctlImage.containerSecurityContext.privileged Run privileged as privileged
1144
##
1145
containerSecurityContext:
1146
enabled: true
1147
seLinuxOptions: {}
1148
runAsUser: 0
1149
privileged: true
1150
## Container resource requests and limits
1151
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1152
## @param sysctlImage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production).
1153
##
1154
resourcesPreset: "nano"
1155
## @param sysctlImage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1156
## Example:
1157
## resources:
1158
## requests:
1159
## cpu: 2
1160
## memory: 512Mi
1161
## limits:
1162
## cpu: 3
1163
## memory: 1024Mi
1164
##
1165
resources: {}
1166
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.