valkey
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
## @param global.valkey.password Global Valkey password (overrides `auth.password`)
21
##
22
global:
23
imageRegistry: ""
24
## Example:
25
## imagePullSecrets:
26
## - myRegistryKeySecretName
27
##
28
imagePullSecrets: []
29
defaultStorageClass: ""
30
storageClass: ""
31
## Security parameters
32
##
33
security:
34
## @param global.security.allowInsecureImages Allows skipping image verification
35
allowInsecureImages: false
36
valkey:
37
password: ""
38
## Compatibility adaptations for Kubernetes platforms
39
##
40
compatibility:
41
## Compatibility adaptations for Openshift
42
##
43
openshift:
44
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
45
##
46
adaptSecurityContext: auto
47
org: ""
48
## @section Common parameters
49
##
50
51
## @param kubeVersion Override Kubernetes version
52
##
53
kubeVersion: ""
54
## @param apiVersions Override Kubernetes API versions reported by .Capabilities
55
##
56
apiVersions: []
57
## @param nameOverride String to partially override common.names.fullname
58
##
59
nameOverride: ""
60
## @param fullnameOverride String to fully override common.names.fullname
61
##
62
fullnameOverride: ""
63
## @param namespaceOverride String to fully override common.names.namespace
64
##
65
namespaceOverride: ""
66
## @param commonLabels Labels to add to all deployed objects
67
##
68
commonLabels: {}
69
## @param commonAnnotations Annotations to add to all deployed objects
70
##
71
commonAnnotations: {}
72
## @param secretAnnotations Annotations to add to secret
73
##
74
secretAnnotations: {}
75
## @param clusterDomain Kubernetes cluster domain name
76
##
77
clusterDomain: cluster.local
78
## @param extraDeploy Array of extra objects to deploy with the release
79
##
80
extraDeploy: []
81
## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address
82
##
83
useHostnames: true
84
## @param nameResolutionThreshold Failure threshold for internal hostnames resolution
85
##
86
nameResolutionThreshold: 5
87
## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution
88
##
89
nameResolutionTimeout: 5
90
## Enable diagnostic mode in the deployment
91
##
92
diagnosticMode:
93
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
94
##
95
enabled: false
96
## @param diagnosticMode.command Command to override all containers in the deployment
97
##
98
command:
99
- sleep
100
## @param diagnosticMode.args Args to override all containers in the deployment
101
##
102
args:
103
- infinity
104
## @section Valkey Image parameters
105
##
106
107
## Iamguarded Valkey image
108
## ref: https://hub.docker.com/r/iamguarded/valkey/tags/
109
## @param image.registry [default: REGISTRY_NAME] Valkey image registry
110
## @param image.repository [default: REPOSITORY_NAME/valkey] Valkey image repository
111
## @skip image.tag Valkey image tag (immutable tags are recommended)
112
## @param image.digest Valkey image digest in the way sha256:aa... Please note this parameter, if set, will override the tag
113
## @param image.pullPolicy Valkey image pull policy
114
## @param image.pullSecrets Valkey image pull secrets
115
## @param image.debug Enable image debug mode
116
##
117
image:
118
registry: cgr.dev
119
repository: chainguard-private/valkey-iamguarded-iamguarded
120
tag: 9.0.3
121
digest: ""
122
## Specify a imagePullPolicy
123
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
124
##
125
pullPolicy: IfNotPresent
126
## Optionally, specify an array of imagePullSecrets.
127
## Secrets must be manually created in the namespace.
128
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
129
## Example:
130
## pullSecrets:
131
## - myRegistryKeySecretName
132
##
133
pullSecrets: []
134
## Enable debug mode
135
##
136
debug: false
137
## @section Valkey common configuration parameters
138
## https://github.com/iamguarded/containers/tree/main/iamguarded/valkey#configuration
139
##
140
141
## @param architecture Valkey architecture. Allowed values: `standalone` or `replication`
142
##
143
architecture: replication
144
## Valkey Authentication parameters
145
## ref: https://github.com/iamguarded/containers/tree/main/iamguarded/valkey#setting-the-server-password-on-first-run
146
##
147
auth:
148
## @param auth.enabled Enable password authentication
149
##
150
enabled: true
151
## @param auth.sentinel Enable password authentication on sentinels too
152
##
153
sentinel: true
154
## @param auth.password Valkey password
155
## Defaults to a random 10-character alphanumeric string if not set
156
##
157
password: ""
158
## @param auth.existingSecret The name of an existing secret with Valkey credentials
159
## NOTE: When it's set, the previous `auth.password` parameter is ignored
160
##
161
existingSecret: ""
162
## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret
163
## NOTE: ignored unless `auth.existingSecret` parameter is set
164
##
165
existingSecretPasswordKey: ""
166
## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable
167
##
168
usePasswordFiles: true
169
## @param auth.usePasswordFileFromSecret Mount password file from secret
170
##
171
usePasswordFileFromSecret: true
172
## @param commonConfiguration [string] Common configuration to be added into the ConfigMap
173
## ref: https://valkey.io/topics/valkey-conf/
174
##
175
commonConfiguration: |-
176
# Enable AOF https://valkey.io/docs/topics/persistence.html
177
appendonly yes
178
# Disable RDB persistence, AOF persistence already enabled.
179
save ""
180
## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Valkey nodes
181
##
182
existingConfigmap: ""
183
## @section Valkey primary configuration parameters
184
##
185
primary:
186
## @param primary.replicaCount Number of Valkey primary instances to deploy (experimental, requires additional configuration)
187
##
188
replicaCount: 1
189
## @param primary.configuration Configuration for Valkey primary nodes
190
## ref: https://valkey.io/topics/config
191
##
192
configuration: ""
193
## @param primary.disableCommands Array with Valkey commands to disable on primary nodes
194
## Commands will be completely disabled by renaming each to an empty string.
195
## ref: https://valkey.io/topics/security#disabling-of-specific-commands
196
##
197
disableCommands:
198
- FLUSHDB
199
- FLUSHALL
200
## @param primary.command Override default container command (useful when using custom images)
201
##
202
command: []
203
## @param primary.args Override default container args (useful when using custom images)
204
##
205
args: []
206
## @param primary.enableServiceLinks Whether information about services should be injected into pod's environment variable
207
##
208
enableServiceLinks: true
209
## @param primary.preExecCmds Additional commands to run prior to starting Valkey primary
210
##
211
preExecCmds: []
212
## @param primary.extraFlags Array with additional command line flags for Valkey primary
213
## Example:
214
## extraFlags:
215
## - "--maxmemory-policy volatile-ttl"
216
## - "--repl-backlog-size 1024mb"
217
##
218
extraFlags: []
219
## @param primary.extraEnvVars Array with extra environment variables to add to Valkey primary nodes
220
## Example:
221
## extraEnvVars:
222
## - name: FOO
223
## value: "bar"
224
##
225
extraEnvVars: []
226
## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey primary nodes
227
##
228
extraEnvVarsCM: ""
229
## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey primary nodes
230
##
231
extraEnvVarsSecret: ""
232
## @param primary.containerPorts.valkey Container port to open on Valkey primary nodes
233
##
234
containerPorts:
235
valkey: 6379
236
## Configure extra options for Valkey containers' liveness and readiness probes
237
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
238
## @param primary.startupProbe.enabled Enable startupProbe on Valkey primary nodes
239
## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
240
## @param primary.startupProbe.periodSeconds Period seconds for startupProbe
241
## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe
242
## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe
243
## @param primary.startupProbe.successThreshold Success threshold for startupProbe
244
##
245
startupProbe:
246
enabled: false
247
initialDelaySeconds: 20
248
periodSeconds: 5
249
timeoutSeconds: 5
250
successThreshold: 1
251
failureThreshold: 5
252
## @param primary.livenessProbe.enabled Enable livenessProbe on Valkey primary nodes
253
## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
254
## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe
255
## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
256
## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe
257
## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe
258
##
259
livenessProbe:
260
enabled: true
261
initialDelaySeconds: 20
262
periodSeconds: 5
263
timeoutSeconds: 5
264
successThreshold: 1
265
failureThreshold: 5
266
## @param primary.readinessProbe.enabled Enable readinessProbe on Valkey primary nodes
267
## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
268
## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe
269
## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
270
## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe
271
## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe
272
##
273
readinessProbe:
274
enabled: true
275
initialDelaySeconds: 20
276
periodSeconds: 5
277
timeoutSeconds: 1
278
successThreshold: 1
279
failureThreshold: 5
280
## @param primary.customStartupProbe Custom startupProbe that overrides the default one
281
##
282
customStartupProbe: {}
283
## @param primary.customLivenessProbe Custom livenessProbe that overrides the default one
284
##
285
customLivenessProbe: {}
286
## @param primary.customReadinessProbe Custom readinessProbe that overrides the default one
287
##
288
customReadinessProbe: {}
289
## Valkey primary resource requests and limits
290
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
291
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
292
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
293
##
294
resourcesPreset: "nano"
295
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
296
## Example:
297
## resources:
298
## requests:
299
## cpu: 2
300
## memory: 512Mi
301
## limits:
302
## cpu: 3
303
## memory: 1024Mi
304
##
305
resources: {}
306
## Configure Pods Security Context
307
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
308
## @param primary.podSecurityContext.enabled Enable Valkey primary pods' Security Context
309
## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
310
## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
311
## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups
312
## @param primary.podSecurityContext.fsGroup Set Valkey primary pod's Security Context fsGroup
313
##
314
podSecurityContext:
315
enabled: true
316
fsGroupChangePolicy: Always
317
sysctls: []
318
supplementalGroups: []
319
fsGroup: 1001
320
## Configure Container Security Context
321
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
322
## @param primary.containerSecurityContext.enabled Enable Valkey primary containers' Security Context
323
## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
324
## @param primary.containerSecurityContext.runAsUser Set Valkey primary containers' Security Context runAsUser
325
## @param primary.containerSecurityContext.runAsGroup Set Valkey primary containers' Security Context runAsGroup
326
## @param primary.containerSecurityContext.runAsNonRoot Set Valkey primary containers' Security Context runAsNonRoot
327
## @param primary.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Valkey pod(s) privileges
328
## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
329
## @param primary.containerSecurityContext.seccompProfile.type Set Valkey primary containers' Security Context seccompProfile
330
## @param primary.containerSecurityContext.capabilities.drop Set Valkey primary containers' Security Context capabilities to drop
331
##
332
containerSecurityContext:
333
enabled: true
334
seLinuxOptions: {}
335
runAsUser: 1001
336
runAsGroup: 1001
337
runAsNonRoot: true
338
allowPrivilegeEscalation: false
339
readOnlyRootFilesystem: true
340
seccompProfile:
341
type: RuntimeDefault
342
capabilities:
343
drop: ["ALL"]
344
## @param primary.kind Use either Deployment, StatefulSet (default) or DaemonSet
345
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
346
##
347
kind: StatefulSet
348
## @param primary.schedulerName Alternate scheduler for Valkey primary pods
349
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
350
##
351
schedulerName: ""
352
## @param primary.updateStrategy.type Valkey primary statefulset strategy type
353
## @skip primary.updateStrategy.rollingUpdate
354
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
355
##
356
updateStrategy:
357
## StrategyType
358
## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment)
359
##
360
type: RollingUpdate
361
## @param primary.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
362
##
363
minReadySeconds: 0
364
## @param primary.priorityClassName Valkey primary pods' priorityClassName
365
##
366
priorityClassName: ""
367
## @param primary.automountServiceAccountToken Mount Service Account token in pod
368
##
369
automountServiceAccountToken: false
370
## @param primary.hostAliases Valkey primary pods host aliases
371
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
372
##
373
hostAliases: []
374
## @param primary.podLabels Extra labels for Valkey primary pods
375
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
376
##
377
podLabels: {}
378
## @param primary.podAnnotations Annotations for Valkey primary pods
379
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
380
##
381
podAnnotations: {}
382
## @param primary.shareProcessNamespace Share a single process namespace between all of the containers in Valkey primary pods
383
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
384
##
385
shareProcessNamespace: false
386
## @param primary.podAffinityPreset Pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
387
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
388
##
389
podAffinityPreset: ""
390
## @param primary.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
391
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
392
##
393
podAntiAffinityPreset: soft
394
## Node primary.affinity preset
395
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
396
##
397
nodeAffinityPreset:
398
## @param primary.nodeAffinityPreset.type Node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
399
##
400
type: ""
401
## @param primary.nodeAffinityPreset.key Node label key to match. Ignored if `primary.affinity` is set
402
##
403
key: ""
404
## @param primary.nodeAffinityPreset.values Node label values to match. Ignored if `primary.affinity` is set
405
## Example:
406
## values:
407
## - e2e-az1
408
## - e2e-az2
409
##
410
values: []
411
## @param primary.affinity Affinity for Valkey primary pods assignment
412
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
413
## NOTE: `primary.podAffinityPreset`, `primary.podAntiAffinityPreset`, and `primary.nodeAffinityPreset` will be ignored when it's set
414
##
415
affinity: {}
416
## @param primary.nodeSelector Node labels for Valkey primary pods assignment
417
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
418
##
419
nodeSelector: {}
420
## @param primary.tolerations Tolerations for Valkey primary pods assignment
421
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
422
##
423
tolerations: []
424
## @param primary.topologySpreadConstraints Spread Constraints for Valkey primary pod assignment
425
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
426
## Example:
427
## topologySpreadConstraints:
428
## - maxSkew: 1
429
## topologyKey: node
430
## whenUnsatisfiable: DoNotSchedule
431
##
432
topologySpreadConstraints: []
433
## @param primary.dnsPolicy DNS Policy for Valkey primary pod
434
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
435
## Example:
436
## dnsPolicy: ClusterFirst
437
##
438
dnsPolicy: ""
439
## @param primary.dnsConfig DNS Configuration for Valkey primary pod
440
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
441
## Example:
442
## dnsConfig:
443
## options:
444
## - name: ndots
445
## value: "4"
446
## - name: single-request-reopen
447
##
448
dnsConfig: {}
449
## @param primary.lifecycleHooks for the Valkey primary container(s) to automate configuration before or after startup
450
##
451
lifecycleHooks: {}
452
## @param primary.extraVolumes Optionally, specify extra list of additional volumes for the Valkey primary pod(s)
453
##
454
extraVolumes: []
455
## @param primary.extraVolumeMounts Optionally, specify extra list of additional volumeMounts for the Valkey primary container(s)
456
##
457
extraVolumeMounts: []
458
## @param primary.sidecars Add additional sidecar containers to the Valkey primary pod(s)
459
## Example:
460
## sidecars:
461
## - name: your-image-name
462
## image: your-image
463
## imagePullPolicy: Always
464
## ports:
465
## - name: portname
466
## containerPort: 1234
467
##
468
sidecars: []
469
## @param primary.initContainers Add additional init containers to the Valkey primary pod(s)
470
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
471
## Example:
472
## initContainers:
473
## - name: your-image-name
474
## image: your-image
475
## imagePullPolicy: Always
476
## command: ['sh', '-c', 'echo "hello world"']
477
##
478
initContainers: []
479
## Persistence parameters
480
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
481
##
482
persistence:
483
## @param primary.persistence.enabled Enable persistence on Valkey primary nodes using Persistent Volume Claims
484
##
485
enabled: true
486
## @param primary.persistence.medium Provide a medium for `emptyDir` volumes.
487
##
488
medium: ""
489
## @param primary.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
490
##
491
sizeLimit: ""
492
## @param primary.persistence.path The path the volume will be mounted at on Valkey primary containers
493
## NOTE: Useful when using different Valkey images
494
##
495
path: /data
496
## @param primary.persistence.subPath The subdirectory of the volume to mount on Valkey primary containers
497
## NOTE: Useful in dev environments
498
##
499
subPath: ""
500
## @param primary.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Valkey primary containers
501
##
502
subPathExpr: ""
503
## @param primary.persistence.storageClass Persistent Volume storage class
504
## If defined, storageClassName: <storageClass>
505
## If set to "-", storageClassName: "", which disables dynamic provisioning
506
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
507
##
508
storageClass: ""
509
## @param primary.persistence.accessModes Persistent Volume access modes
510
##
511
accessModes:
512
- ReadWriteOnce
513
## @param primary.persistence.size Persistent Volume size
514
##
515
size: 8Gi
516
## @param primary.persistence.annotations Additional custom annotations for the PVC
517
##
518
annotations: {}
519
## @param primary.persistence.labels Additional custom labels for the PVC
520
##
521
labels: {}
522
## @param primary.persistence.selector Additional labels to match for the PVC
523
## Example:
524
## selector:
525
## matchLabels:
526
## app: my-app
527
##
528
selector: {}
529
## @param primary.persistence.dataSource Custom PVC data source
530
##
531
dataSource: {}
532
## @param primary.persistence.existingClaim Use an existing PVC which must be created manually before bound
533
## NOTE: requires primary.persistence.enabled: true
534
##
535
existingClaim: ""
536
## persistentVolumeClaimRetentionPolicy
537
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
538
## @param primary.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
539
## @param primary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
540
## @param primary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
541
##
542
persistentVolumeClaimRetentionPolicy:
543
enabled: false
544
whenScaled: Retain
545
whenDeleted: Retain
546
## Valkey primary service parameters
547
##
548
service:
549
## @param primary.service.type Valkey primary service type
550
##
551
type: ClusterIP
552
## @param primary.service.ports.valkey Valkey primary service port
553
##
554
ports:
555
valkey: 6379
556
## @param primary.service.nodePorts.valkey Node port for Valkey primary
557
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
558
## NOTE: choose port between <30000-32767>
559
##
560
nodePorts:
561
valkey: ""
562
## @param primary.service.externalTrafficPolicy Valkey primary service external traffic policy
563
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
564
##
565
externalTrafficPolicy: Cluster
566
## @param primary.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
567
##
568
extraPorts: []
569
## @param primary.service.internalTrafficPolicy Valkey primary service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
570
## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
571
##
572
internalTrafficPolicy: Cluster
573
## @param primary.service.clusterIP Valkey primary service Cluster IP
574
##
575
clusterIP: ""
576
## @param primary.service.loadBalancerIP Valkey primary service Load Balancer IP
577
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
578
##
579
loadBalancerIP: ""
580
## @param primary.service.loadBalancerClass primary service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
581
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
582
##
583
loadBalancerClass: ""
584
## @param primary.service.loadBalancerSourceRanges Valkey primary service Load Balancer sources
585
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
586
## Example:
587
## loadBalancerSourceRanges:
588
## - 10.10.10.0/24
589
##
590
loadBalancerSourceRanges: []
591
## @param primary.service.externalIPs Valkey primary service External IPs
592
## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
593
## Example:
594
## externalIPs:
595
## - 10.10.10.1
596
## - 201.22.30.1
597
##
598
externalIPs: []
599
## @param primary.service.annotations Additional custom annotations for Valkey primary service
600
##
601
annotations: {}
602
## @param primary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
603
## If "ClientIP", consecutive client requests will be directed to the same Pod
604
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
605
##
606
sessionAffinity: None
607
## @param primary.service.sessionAffinityConfig Additional settings for the sessionAffinity
608
## sessionAffinityConfig:
609
## clientIP:
610
## timeoutSeconds: 300
611
##
612
sessionAffinityConfig: {}
613
## @param primary.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-primary pods
614
##
615
terminationGracePeriodSeconds: 30
616
## ServiceAccount configuration
617
##
618
serviceAccount:
619
## @param primary.serviceAccount.create Specifies whether a ServiceAccount should be created
620
##
621
create: true
622
## @param primary.serviceAccount.name The name of the ServiceAccount to use.
623
## If not set and create is true, a name is generated using the common.names.fullname template
624
##
625
name: ""
626
## @param primary.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
627
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
628
##
629
automountServiceAccountToken: false
630
## @param primary.serviceAccount.annotations Additional custom annotations for the ServiceAccount
631
##
632
annotations: {}
633
## Pod Disruption Budget configuration
634
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
635
## @param primary.pdb.create Enable/disable a Pod Disruption Budget creation
636
## @param primary.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled
637
## @param primary.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty.
638
##
639
pdb:
640
create: true
641
minAvailable: ""
642
maxUnavailable: ""
643
## @section Valkey replicas configuration parameters
644
##
645
replica:
646
## @param replica.kind Use either DaemonSet or StatefulSet (default)
647
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
648
##
649
kind: StatefulSet
650
## @param replica.replicaCount Number of Valkey replicas to deploy
651
##
652
replicaCount: 3
653
## @param replica.configuration Configuration for Valkey replicas nodes
654
## ref: https://valkey.io/topics/config
655
##
656
configuration: ""
657
## @param replica.disableCommands Array with Valkey commands to disable on replicas nodes
658
## Commands will be completely disabled by renaming each to an empty string.
659
## ref: https://valkey.io/topics/security#disabling-of-specific-commands
660
##
661
disableCommands:
662
- FLUSHDB
663
- FLUSHALL
664
## @param replica.command Override default container command (useful when using custom images)
665
##
666
command: []
667
## @param replica.args Override default container args (useful when using custom images)
668
##
669
args: []
670
## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable
671
##
672
enableServiceLinks: true
673
## @param replica.preExecCmds Additional commands to run prior to starting Valkey replicas
674
##
675
preExecCmds: []
676
## @param replica.extraFlags Array with additional command line flags for Valkey replicas
677
## Example:
678
## extraFlags:
679
## - "--maxmemory-policy volatile-ttl"
680
## - "--repl-backlog-size 1024mb"
681
##
682
extraFlags: []
683
## @param replica.extraEnvVars Array with extra environment variables to add to Valkey replicas nodes
684
## Example:
685
## extraEnvVars:
686
## - name: FOO
687
## value: "bar"
688
##
689
extraEnvVars: []
690
## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey replicas nodes
691
##
692
extraEnvVarsCM: ""
693
## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey replicas nodes
694
##
695
extraEnvVarsSecret: ""
696
## @param replica.externalPrimary.enabled Use external primary for bootstrapping
697
## @param replica.externalPrimary.host External primary host to bootstrap from
698
## @param replica.externalPrimary.port Port for Valkey service external primary host
699
##
700
externalPrimary:
701
enabled: false
702
host: ""
703
port: 6379
704
## @param replica.containerPorts.valkey Container port to open on Valkey replicas nodes
705
##
706
containerPorts:
707
valkey: 6379
708
## Configure extra options for Valkey containers' liveness and readiness probes
709
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
710
## @param replica.startupProbe.enabled Enable startupProbe on Valkey replicas nodes
711
## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
712
## @param replica.startupProbe.periodSeconds Period seconds for startupProbe
713
## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe
714
## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe
715
## @param replica.startupProbe.successThreshold Success threshold for startupProbe
716
##
717
startupProbe:
718
enabled: true
719
initialDelaySeconds: 10
720
periodSeconds: 10
721
timeoutSeconds: 5
722
successThreshold: 1
723
failureThreshold: 22
724
## @param replica.livenessProbe.enabled Enable livenessProbe on Valkey replicas nodes
725
## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
726
## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe
727
## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
728
## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe
729
## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe
730
##
731
livenessProbe:
732
enabled: true
733
initialDelaySeconds: 20
734
periodSeconds: 5
735
timeoutSeconds: 5
736
successThreshold: 1
737
failureThreshold: 5
738
## @param replica.readinessProbe.enabled Enable readinessProbe on Valkey replicas nodes
739
## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
740
## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe
741
## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
742
## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe
743
## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe
744
##
745
readinessProbe:
746
enabled: true
747
initialDelaySeconds: 20
748
periodSeconds: 5
749
timeoutSeconds: 1
750
successThreshold: 1
751
failureThreshold: 5
752
## @param replica.customStartupProbe Custom startupProbe that overrides the default one
753
##
754
customStartupProbe: {}
755
## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one
756
##
757
customLivenessProbe: {}
758
## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one
759
##
760
customReadinessProbe: {}
761
## Valkey replicas resource requests and limits
762
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
763
## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
764
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
765
##
766
resourcesPreset: "nano"
767
## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
768
## Example:
769
## resources:
770
## requests:
771
## cpu: 2
772
## memory: 512Mi
773
## limits:
774
## cpu: 3
775
## memory: 1024Mi
776
##
777
resources: {}
778
## Configure Pods Security Context
779
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
780
## @param replica.podSecurityContext.enabled Enable Valkey replicas pods' Security Context
781
## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
782
## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface
783
## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups
784
## @param replica.podSecurityContext.fsGroup Set Valkey replicas pod's Security Context fsGroup
785
##
786
podSecurityContext:
787
enabled: true
788
fsGroupChangePolicy: Always
789
sysctls: []
790
supplementalGroups: []
791
fsGroup: 1001
792
## Configure Container Security Context
793
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
794
## @param replica.containerSecurityContext.enabled Enable Valkey replicas containers' Security Context
795
## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
796
## @param replica.containerSecurityContext.runAsUser Set Valkey replicas containers' Security Context runAsUser
797
## @param replica.containerSecurityContext.runAsGroup Set Valkey replicas containers' Security Context runAsGroup
798
## @param replica.containerSecurityContext.runAsNonRoot Set Valkey replicas containers' Security Context runAsNonRoot
799
## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Valkey replicas pod's Security Context allowPrivilegeEscalation
800
## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
801
## @param replica.containerSecurityContext.seccompProfile.type Set Valkey replicas containers' Security Context seccompProfile
802
## @param replica.containerSecurityContext.capabilities.drop Set Valkey replicas containers' Security Context capabilities to drop
803
##
804
containerSecurityContext:
805
enabled: true
806
seLinuxOptions: {}
807
runAsUser: 1001
808
runAsGroup: 1001
809
runAsNonRoot: true
810
allowPrivilegeEscalation: false
811
readOnlyRootFilesystem: true
812
seccompProfile:
813
type: RuntimeDefault
814
capabilities:
815
drop: ["ALL"]
816
## @param replica.schedulerName Alternate scheduler for Valkey replicas pods
817
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
818
##
819
schedulerName: ""
820
## @param replica.updateStrategy.type Valkey replicas statefulset strategy type
821
## @skip replica.updateStrategy.rollingUpdate
822
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
823
##
824
updateStrategy:
825
## StrategyType
826
## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment)
827
##
828
type: RollingUpdate
829
## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
830
##
831
minReadySeconds: 0
832
## @param replica.priorityClassName Valkey replicas pods' priorityClassName
833
##
834
priorityClassName: ""
835
## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods
836
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
837
##
838
podManagementPolicy: ""
839
## @param replica.automountServiceAccountToken Mount Service Account token in pod
840
##
841
automountServiceAccountToken: false
842
## @param replica.hostAliases Valkey replicas pods host aliases
843
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
844
##
845
hostAliases: []
846
## @param replica.podLabels Extra labels for Valkey replicas pods
847
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
848
##
849
podLabels: {}
850
## @param replica.podAnnotations Annotations for Valkey replicas pods
851
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
852
##
853
podAnnotations: {}
854
## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Valkey replicas pods
855
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
856
##
857
shareProcessNamespace: false
858
## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
859
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
860
##
861
podAffinityPreset: ""
862
## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
863
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
864
##
865
podAntiAffinityPreset: soft
866
## Node affinity preset
867
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
868
##
869
nodeAffinityPreset:
870
## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
871
##
872
type: ""
873
## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set
874
##
875
key: ""
876
## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set
877
## Example:
878
## values:
879
## - e2e-az1
880
## - e2e-az2
881
##
882
values: []
883
## @param replica.affinity Affinity for Valkey replicas pods assignment
884
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
885
## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set
886
##
887
affinity: {}
888
## @param replica.nodeSelector Node labels for Valkey replicas pods assignment
889
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
890
##
891
nodeSelector: {}
892
## @param replica.tolerations Tolerations for Valkey replicas pods assignment
893
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
894
##
895
tolerations: []
896
## @param replica.topologySpreadConstraints Spread Constraints for Valkey replicas pod assignment
897
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
898
## Example:
899
## topologySpreadConstraints:
900
## - maxSkew: 1
901
## topologyKey: node
902
## whenUnsatisfiable: DoNotSchedule
903
##
904
topologySpreadConstraints: []
905
## @param replica.dnsPolicy DNS Policy for Valkey replica pods
906
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
907
## Example:
908
## dnsPolicy: ClusterFirst
909
##
910
dnsPolicy: ""
911
## @param replica.dnsConfig DNS Configuration for Valkey replica pods
912
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
913
## Example:
914
## dnsConfig:
915
## options:
916
## - name: ndots
917
## value: "4"
918
## - name: single-request-reopen
919
##
920
dnsConfig: {}
921
## @param replica.lifecycleHooks for the Valkey replica container(s) to automate configuration before or after startup
922
##
923
lifecycleHooks: {}
924
## @param replica.extraVolumes Optionally, specify an extra list of additional volumes for the Valkey replicas pod(s)
925
##
926
extraVolumes: []
927
## @param replica.extraVolumeMounts Optionally, specify extra list of additional volumeMounts for the Valkey replicas container(s)
928
##
929
extraVolumeMounts: []
930
## @param replica.sidecars Add additional sidecar containers to the Valkey replicas pod(s)
931
## Example:
932
## sidecars:
933
## - name: your-image-name
934
## image: your-image
935
## imagePullPolicy: Always
936
## ports:
937
## - name: portname
938
## containerPort: 1234
939
##
940
sidecars: []
941
## @param replica.initContainers Add additional init containers to the Valkey replicas pod(s)
942
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
943
## Example:
944
## initContainers:
945
## - name: your-image-name
946
## image: your-image
947
## imagePullPolicy: Always
948
## command: ['sh', '-c', 'echo "hello world"']
949
##
950
initContainers: []
951
## Persistence Parameters
952
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
953
##
954
persistence:
955
## @param replica.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims
956
##
957
enabled: true
958
## @param replica.persistence.medium Provide a medium for `emptyDir` volumes.
959
##
960
medium: ""
961
## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
962
##
963
sizeLimit: ""
964
## @param replica.persistence.path The path the volume will be mounted at on Valkey replicas containers
965
## NOTE: Useful when using different Valkey images
966
##
967
path: /data
968
## @param replica.persistence.subPath The subdirectory of the volume to mount on Valkey replicas containers
969
## NOTE: Useful in dev environments
970
##
971
subPath: ""
972
## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Valkey replicas containers
973
##
974
subPathExpr: ""
975
## @param replica.persistence.storageClass Persistent Volume storage class
976
## If defined, storageClassName: <storageClass>
977
## If set to "-", storageClassName: "", which disables dynamic provisioning
978
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
979
##
980
storageClass: ""
981
## @param replica.persistence.accessModes Persistent Volume access modes
982
##
983
accessModes:
984
- ReadWriteOnce
985
## @param replica.persistence.size Persistent Volume size
986
##
987
size: 8Gi
988
## @param replica.persistence.annotations Additional custom annotations for the PVC
989
##
990
annotations: {}
991
## @param replica.persistence.labels Additional custom labels for the PVC
992
##
993
labels: {}
994
## @param replica.persistence.selector Additional labels to match for the PVC
995
## Example:
996
## selector:
997
## matchLabels:
998
## app: my-app
999
##
1000
selector: {}
1001
## @param replica.persistence.dataSource Custom PVC data source
1002
##
1003
dataSource: {}
1004
## @param replica.persistence.existingClaim Use an existing PVC which must be created manually before bound
1005
## NOTE: requires replica.persistence.enabled: true
1006
##
1007
existingClaim: ""
1008
## persistentVolumeClaimRetentionPolicy
1009
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1010
## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
1011
## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1012
## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1013
##
1014
persistentVolumeClaimRetentionPolicy:
1015
enabled: false
1016
whenScaled: Retain
1017
whenDeleted: Retain
1018
## Valkey replicas service parameters
1019
##
1020
service:
1021
## @param replica.service.type Valkey replicas service type
1022
##
1023
type: ClusterIP
1024
## @param replica.service.ports.valkey Valkey replicas service port
1025
##
1026
ports:
1027
valkey: 6379
1028
## @param replica.service.nodePorts.valkey Node port for Valkey replicas
1029
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1030
## NOTE: choose port between <30000-32767>
1031
##
1032
nodePorts:
1033
valkey: ""
1034
## @param replica.service.externalTrafficPolicy Valkey replicas service external traffic policy
1035
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1036
##
1037
externalTrafficPolicy: Cluster
1038
## @param replica.service.internalTrafficPolicy Valkey replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
1039
## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
1040
##
1041
internalTrafficPolicy: Cluster
1042
## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1043
##
1044
extraPorts: []
1045
## @param replica.service.clusterIP Valkey replicas service Cluster IP
1046
##
1047
clusterIP: ""
1048
## @param replica.service.loadBalancerIP Valkey replicas service Load Balancer IP
1049
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1050
##
1051
loadBalancerIP: ""
1052
## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1053
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1054
##
1055
loadBalancerClass: ""
1056
## @param replica.service.loadBalancerSourceRanges Valkey replicas service Load Balancer sources
1057
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1058
## Example:
1059
## loadBalancerSourceRanges:
1060
## - 10.10.10.0/24
1061
##
1062
loadBalancerSourceRanges: []
1063
## @param replica.service.annotations Additional custom annotations for Valkey replicas service
1064
##
1065
annotations: {}
1066
## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1067
## If "ClientIP", consecutive client requests will be directed to the same Pod
1068
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1069
##
1070
sessionAffinity: None
1071
## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity
1072
## Example:
1073
## sessionAffinityConfig:
1074
## clientIP:
1075
## timeoutSeconds: 300
1076
##
1077
sessionAffinityConfig: {}
1078
## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-replicas pods
1079
##
1080
terminationGracePeriodSeconds: 30
1081
## @section Autoscaling
1082
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1083
##
1084
autoscaling:
1085
vpa:
1086
## @param replica.autoscaling.vpa.enabled Enable VPA
1087
##
1088
enabled: false
1089
## @param replica.autoscaling.vpa.annotations Annotations for VPA resource
1090
##
1091
annotations: {}
1092
## @param replica.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
1093
##
1094
controlledResources: []
1095
## @param replica.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
1096
## Example:
1097
## maxAllowed:
1098
## cpu: 200m
1099
## memory: 100Mi
1100
##
1101
maxAllowed: {}
1102
## @param replica.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
1103
## Example:
1104
## maxAllowed:
1105
## cpu: 200m
1106
## memory: 100Mi
1107
##
1108
minAllowed: {}
1109
## @section VPA update policy
1110
##
1111
updatePolicy:
1112
## @param replica.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
1113
## Possible values are "Off", "Initial", "Recreate", and "Auto".
1114
##
1115
updateMode: Auto
1116
hpa:
1117
## @param replica.autoscaling.hpa.enabled Enable HPA
1118
##
1119
enabled: false
1120
## @param replica.autoscaling.hpa.minReplicas Minimum number of replicas
1121
##
1122
minReplicas: ""
1123
## @param replica.autoscaling.hpa.maxReplicas Maximum number of replicas
1124
##
1125
maxReplicas: ""
1126
## @param replica.autoscaling.hpa.targetCPU Target CPU utilization percentage
1127
##
1128
targetCPU: ""
1129
## @param replica.autoscaling.hpa.targetMemory Target Memory utilization percentage
1130
##
1131
targetMemory: ""
1132
## ServiceAccount configuration
1133
##
1134
serviceAccount:
1135
## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created
1136
##
1137
create: true
1138
## @param replica.serviceAccount.name The name of the ServiceAccount to use.
1139
## If not set and create is true, a name is generated using the common.names.fullname template
1140
##
1141
name: ""
1142
## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
1143
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
1144
##
1145
automountServiceAccountToken: false
1146
## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount
1147
##
1148
annotations: {}
1149
## Pod Disruption Budget configuration
1150
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1151
## @param replica.pdb.create Enable/disable a Pod Disruption Budget creation
1152
## @param replica.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled
1153
## @param replica.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty.
1154
##
1155
pdb:
1156
create: true
1157
minAvailable: ""
1158
maxUnavailable: ""
1159
## @section Valkey Sentinel configuration parameters
1160
##
1161
sentinel:
1162
## @param sentinel.enabled Use Valkey Sentinel on Valkey pods.
1163
## IMPORTANT: this will disable the primary and replicas services and
1164
## create a single Valkey service exposing both the Valkey and Sentinel ports
1165
##
1166
enabled: false
1167
## Iamguarded Valkey Sentinel image version
1168
## ref: https://hub.docker.com/r/iamguarded/valkey-sentinel/tags/
1169
## @param sentinel.image.registry [default: REGISTRY_NAME] Valkey Sentinel image registry
1170
## @param sentinel.image.repository [default: REPOSITORY_NAME/valkey-sentinel] Valkey Sentinel image repository
1171
## @skip sentinel.image.tag Valkey Sentinel image tag (immutable tags are recommended)
1172
## @param sentinel.image.digest Valkey Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1173
## @param sentinel.image.pullPolicy Valkey Sentinel image pull policy
1174
## @param sentinel.image.pullSecrets Valkey Sentinel image pull secrets
1175
## @param sentinel.image.debug Enable image debug mode
1176
##
1177
image:
1178
registry: cgr.dev
1179
repository: chainguard-private/valkey-sentinel-iamguarded-sentinel-iamguarded
1180
tag: 9.0.3
1181
digest: ""
1182
## Specify a imagePullPolicy
1183
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1184
##
1185
pullPolicy: IfNotPresent
1186
## Optionally, specify an array of imagePullSecrets.
1187
## Secrets must be manually created in the namespace.
1188
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1189
## Example:
1190
## pullSecrets:
1191
## - myRegistryKeySecretName
1192
##
1193
pullSecrets: []
1194
## Enable debug mode
1195
##
1196
debug: false
1197
## @param sentinel.annotations Additional custom annotations for Valkey Sentinel resource
1198
##
1199
annotations: {}
1200
## @param sentinel.primarySet Primary set name
1201
##
1202
primarySet: myprimary
1203
## @param sentinel.quorum Sentinel Quorum
1204
##
1205
quorum: 2
1206
## @param sentinel.getPrimaryTimeout Amount of time to allow before get_sentinel_primary_info() times out.
1207
##
1208
getPrimaryTimeout: 90
1209
## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically fail over to it.
1210
## This also prevents any new replica from starting until the last remaining replica is elected as primary to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data.
1211
## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000.
1212
##
1213
automateClusterRecovery: false
1214
## @param sentinel.valkeyShutdownWaitFailover Whether the Valkey primary container waits for the failover at shutdown (in addition to the Valkey Sentinel container).
1215
##
1216
valkeyShutdownWaitFailover: true
1217
## Sentinel timing restrictions
1218
## @param sentinel.downAfterMilliseconds Timeout for detecting a Valkey node is down
1219
## @param sentinel.failoverTimeout Timeout for performing the election failover
1220
##
1221
downAfterMilliseconds: 60000
1222
failoverTimeout: 180000
1223
## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new primary after the failover
1224
##
1225
parallelSyncs: 1
1226
## @param sentinel.configuration Configuration for Valkey Sentinel nodes
1227
## ref: https://valkey.io/topics/sentinel
1228
##
1229
configuration: ""
1230
## @param sentinel.command Override default container command (useful when using custom images)
1231
##
1232
command: []
1233
## @param sentinel.args Override default container args (useful when using custom images)
1234
##
1235
args: []
1236
## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable
1237
##
1238
enableServiceLinks: true
1239
## @param sentinel.preExecCmds Additional commands to run prior to starting Valkey Sentinel
1240
##
1241
preExecCmds: []
1242
## @param sentinel.extraEnvVars Array with extra environment variables to add to Valkey Sentinel nodes
1243
## Example:
1244
## extraEnvVars:
1245
## - name: FOO
1246
## value: "bar"
1247
##
1248
extraEnvVars: []
1249
## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey Sentinel nodes
1250
##
1251
extraEnvVarsCM: ""
1252
## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey Sentinel nodes
1253
##
1254
extraEnvVarsSecret: ""
1255
## @param sentinel.externalPrimary.enabled Use external primary for bootstrapping
1256
## @param sentinel.externalPrimary.host External primary host to bootstrap from
1257
## @param sentinel.externalPrimary.port Port for Valkey service external primary host
1258
##
1259
externalPrimary:
1260
enabled: false
1261
host: ""
1262
port: 6379
1263
## @param sentinel.containerPorts.sentinel Container port to open on Valkey Sentinel nodes
1264
##
1265
containerPorts:
1266
sentinel: 26379
1267
## Configure extra options for Valkey containers' liveness and readiness probes
1268
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1269
## @param sentinel.startupProbe.enabled Enable startupProbe on Valkey Sentinel nodes
1270
## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1271
## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe
1272
## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1273
## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe
1274
## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe
1275
##
1276
startupProbe:
1277
enabled: true
1278
initialDelaySeconds: 10
1279
periodSeconds: 10
1280
timeoutSeconds: 5
1281
successThreshold: 1
1282
failureThreshold: 22
1283
## @param sentinel.livenessProbe.enabled Enable livenessProbe on Valkey Sentinel nodes
1284
## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1285
## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe
1286
## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1287
## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe
1288
## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe
1289
##
1290
livenessProbe:
1291
enabled: true
1292
initialDelaySeconds: 20
1293
periodSeconds: 10
1294
timeoutSeconds: 5
1295
successThreshold: 1
1296
failureThreshold: 6
1297
## @param sentinel.readinessProbe.enabled Enable readinessProbe on Valkey Sentinel nodes
1298
## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1299
## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe
1300
## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1301
## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe
1302
## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe
1303
##
1304
readinessProbe:
1305
enabled: true
1306
initialDelaySeconds: 20
1307
periodSeconds: 5
1308
timeoutSeconds: 1
1309
successThreshold: 1
1310
failureThreshold: 6
1311
## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one
1312
##
1313
customStartupProbe: {}
1314
## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one
1315
##
1316
customLivenessProbe: {}
1317
## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one
1318
##
1319
customReadinessProbe: {}
1320
## Persistence parameters
1321
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1322
##
1323
persistence:
1324
## @param sentinel.persistence.enabled Enable persistence on Valkey sentinel nodes using Persistent Volume Claims (Experimental)
1325
##
1326
enabled: false
1327
## @param sentinel.persistence.storageClass Persistent Volume storage class
1328
## If defined, storageClassName: <storageClass>
1329
## If set to "-", storageClassName: "", which disables dynamic provisioning
1330
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
1331
##
1332
storageClass: ""
1333
## @param sentinel.persistence.accessModes Persistent Volume access modes
1334
##
1335
accessModes:
1336
- ReadWriteOnce
1337
## @param sentinel.persistence.size Persistent Volume size
1338
##
1339
size: 100Mi
1340
## @param sentinel.persistence.annotations Additional custom annotations for the PVC
1341
##
1342
annotations: {}
1343
## @param sentinel.persistence.labels Additional custom labels for the PVC
1344
##
1345
labels: {}
1346
## @param sentinel.persistence.selector Additional labels to match for the PVC
1347
## Example:
1348
## selector:
1349
## matchLabels:
1350
## app: my-app
1351
##
1352
selector: {}
1353
## @param sentinel.persistence.dataSource Custom PVC data source
1354
##
1355
dataSource: {}
1356
## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes.
1357
##
1358
medium: ""
1359
## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
1360
##
1361
sizeLimit: ""
1362
## persistentVolumeClaimRetentionPolicy
1363
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1364
## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
1365
## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1366
## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1367
##
1368
persistentVolumeClaimRetentionPolicy:
1369
enabled: false
1370
whenScaled: Retain
1371
whenDeleted: Retain
1372
## Valkey Sentinel resource requests and limits
1373
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1374
## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
1375
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
1376
##
1377
resourcesPreset: "nano"
1378
## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1379
## Example:
1380
## resources:
1381
## requests:
1382
## cpu: 2
1383
## memory: 512Mi
1384
## limits:
1385
## cpu: 3
1386
## memory: 1024Mi
1387
##
1388
resources: {}
1389
## Configure Container Security Context
1390
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1391
## @param sentinel.containerSecurityContext.enabled Enable Valkey Sentinel containers' Security Context
1392
## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1393
## @param sentinel.containerSecurityContext.runAsUser Set Valkey Sentinel containers' Security Context runAsUser
1394
## @param sentinel.containerSecurityContext.runAsGroup Set Valkey Sentinel containers' Security Context runAsGroup
1395
## @param sentinel.containerSecurityContext.runAsNonRoot Set Valkey Sentinel containers' Security Context runAsNonRoot
1396
## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
1397
## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Valkey Sentinel containers' Security Context allowPrivilegeEscalation
1398
## @param sentinel.containerSecurityContext.seccompProfile.type Set Valkey Sentinel containers' Security Context seccompProfile
1399
## @param sentinel.containerSecurityContext.capabilities.drop Set Valkey Sentinel containers' Security Context capabilities to drop
1400
##
1401
containerSecurityContext:
1402
enabled: true
1403
seLinuxOptions: {}
1404
runAsUser: 1001
1405
runAsGroup: 1001
1406
runAsNonRoot: true
1407
allowPrivilegeEscalation: false
1408
readOnlyRootFilesystem: true
1409
seccompProfile:
1410
type: RuntimeDefault
1411
capabilities:
1412
drop: ["ALL"]
1413
## @param sentinel.lifecycleHooks for the Valkey sentinel container(s) to automate configuration before or after startup
1414
##
1415
lifecycleHooks: {}
1416
## @param sentinel.extraVolumes Optionally, specify extra list of additional volumes for the Valkey Sentinel
1417
##
1418
extraVolumes: []
1419
## @param sentinel.extraVolumeMounts Optionally, specify extra list of additional volumeMounts for the Valkey Sentinel container(s)
1420
##
1421
extraVolumeMounts: []
1422
## Valkey Sentinel service parameters
1423
##
1424
service:
1425
## @param sentinel.service.type Valkey Sentinel service type
1426
##
1427
type: ClusterIP
1428
## @param sentinel.service.ports.valkey Valkey service port for Valkey
1429
## @param sentinel.service.ports.sentinel Valkey service port for Valkey Sentinel
1430
##
1431
ports:
1432
valkey: 6379
1433
sentinel: 26379
1434
## @param sentinel.service.nodePorts.valkey Node port for Valkey
1435
## @param sentinel.service.nodePorts.sentinel Node port for Sentinel
1436
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1437
## NOTE: choose port between <30000-32767>
1438
## NOTE: By leaving these values blank, they will be generated by ports-configmap
1439
## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.valkey and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port
1440
##
1441
nodePorts:
1442
valkey: ""
1443
sentinel: ""
1444
## @param sentinel.service.externalTrafficPolicy Valkey Sentinel service external traffic policy
1445
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1446
##
1447
externalTrafficPolicy: Cluster
1448
## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1449
##
1450
extraPorts: []
1451
## @param sentinel.service.clusterIP Valkey Sentinel service Cluster IP
1452
##
1453
clusterIP: ""
1454
## @param sentinel.service.createPrimary Enable primary service pointing to the current primary (experimental)
1455
## NOTE: rbac.create need to be set to true
1456
##
1457
createPrimary: false
1458
## @param sentinel.service.loadBalancerIP Valkey Sentinel service Load Balancer IP
1459
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1460
##
1461
loadBalancerIP: ""
1462
## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1463
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1464
##
1465
loadBalancerClass: ""
1466
## @param sentinel.service.loadBalancerSourceRanges Valkey Sentinel service Load Balancer sources
1467
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1468
## Example:
1469
## loadBalancerSourceRanges:
1470
## - 10.10.10.0/24
1471
##
1472
loadBalancerSourceRanges: []
1473
## @param sentinel.service.annotations Additional custom annotations for Valkey Sentinel service
1474
##
1475
annotations: {}
1476
## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1477
## If "ClientIP", consecutive client requests will be directed to the same Pod
1478
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1479
##
1480
sessionAffinity: None
1481
## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity
1482
## Example:
1483
## sessionAffinityConfig:
1484
## clientIP:
1485
## timeoutSeconds: 300
1486
##
1487
sessionAffinityConfig: {}
1488
## Headless service properties
1489
##
1490
headless:
1491
## @param sentinel.service.headless.annotations Annotations for the headless service.
1492
##
1493
annotations: {}
1494
## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-node pods
1495
##
1496
terminationGracePeriodSeconds: 30
1497
## @section Other Parameters
1498
##
1499
1500
## @param serviceBindings.enabled Create secret for service binding (Experimental)
1501
## Ref: https://servicebinding.io/service-provider/
1502
##
1503
serviceBindings:
1504
enabled: false
1505
## Network Policy configuration
1506
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1507
##
1508
networkPolicy:
1509
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
1510
##
1511
enabled: true
1512
## @param networkPolicy.allowExternal Don't require client label for connections
1513
## When set to false, only pods with the correct client label will have network access to the ports
1514
## Valkey is listening on. When true, Valkey will accept connections from any source
1515
## (with the correct destination port).
1516
##
1517
allowExternal: true
1518
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1519
##
1520
allowExternalEgress: true
1521
## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
1522
## Example:
1523
## extraIngress:
1524
## - ports:
1525
## - port: 1234
1526
## from:
1527
## - podSelector:
1528
## - matchLabels:
1529
## - role: frontend
1530
## - podSelector:
1531
## - matchExpressions:
1532
## - key: role
1533
## operator: In
1534
## values:
1535
## - frontend
1536
##
1537
extraIngress: []
1538
## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy
1539
## Example:
1540
## extraEgress:
1541
## - ports:
1542
## - port: 1234
1543
## to:
1544
## - podSelector:
1545
## - matchLabels:
1546
## - role: frontend
1547
## - podSelector:
1548
## - matchExpressions:
1549
## - key: role
1550
## operator: In
1551
## values:
1552
## - frontend
1553
##
1554
extraEgress: []
1555
## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces
1556
## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces
1557
##
1558
ingressNSMatchLabels: {}
1559
ingressNSPodMatchLabels: {}
1560
metrics:
1561
## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint
1562
## When set to false, only pods with the correct client label will have network access to the metrics port
1563
##
1564
allowExternal: true
1565
## @param networkPolicy.metrics.ingressNSMatchLabels Labels to match to allow traffic from other namespaces to metrics endpoint
1566
## @param networkPolicy.metrics.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces to metrics endpoint
1567
##
1568
ingressNSMatchLabels: {}
1569
ingressNSPodMatchLabels: {}
1570
## PodSecurityPolicy configuration
1571
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1572
##
1573
podSecurityPolicy:
1574
## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
1575
##
1576
create: false
1577
## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules
1578
##
1579
enabled: false
1580
## RBAC configuration
1581
##
1582
rbac:
1583
## @param rbac.create Specifies whether RBAC resources should be created
1584
##
1585
create: false
1586
## @param rbac.rules Custom RBAC rules to set
1587
## Example:
1588
## rules:
1589
## - apiGroups:
1590
## - ""
1591
## resources:
1592
## - pods
1593
## verbs:
1594
## - get
1595
## - list
1596
##
1597
rules: []
1598
## ServiceAccount configuration
1599
##
1600
serviceAccount:
1601
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
1602
##
1603
create: true
1604
## @param serviceAccount.name The name of the ServiceAccount to use.
1605
## If not set and create is true, a name is generated using the common.names.fullname template
1606
##
1607
name: ""
1608
## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
1609
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
1610
##
1611
automountServiceAccountToken: false
1612
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
1613
##
1614
annotations: {}
1615
## Redis® Pod Disruption Budget configuration
1616
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1617
## @param pdb DEPRECATED Please use `primary.pdb` and `replica.pdb` values instead
1618
##
1619
pdb: {}
1620
## TLS configuration
1621
##
1622
tls:
1623
## @param tls.enabled Enable TLS traffic
1624
##
1625
enabled: false
1626
## @param tls.authClients Require clients to authenticate
1627
##
1628
authClients: true
1629
## @param tls.autoGenerated Enable autogenerated certificates
1630
##
1631
autoGenerated: false
1632
## @param tls.existingSecret The name of the existing secret that contains the TLS certificates
1633
##
1634
existingSecret: ""
1635
## @param tls.certFilename Certificate filename
1636
##
1637
certFilename: ""
1638
## @param tls.certKeyFilename Certificate Key filename
1639
##
1640
certKeyFilename: ""
1641
## @param tls.certCAFilename CA Certificate filename
1642
##
1643
certCAFilename: ""
1644
## @param tls.dhParamsFilename File containing DH params (to support DH-based ciphers)
1645
##
1646
dhParamsFilename: ""
1647
## @section Metrics Parameters
1648
##
1649
metrics:
1650
## @param metrics.enabled Start a sidecar Prometheus Exporter to expose Valkey metrics
1651
##
1652
enabled: false
1653
## Iamguarded Redis(R) Exporter image
1654
## ref: https://hub.docker.com/r/iamguarded/redis-exporter/tags/
1655
## @param metrics.image.registry [default: REGISTRY_NAME] Redis(R) Exporter image registry
1656
## @param metrics.image.repository [default: REPOSITORY_NAME/redis-exporter] Redis(R) Exporter image repository
1657
## @skip metrics.image.tag Redis(R) Exporter image tag (immutable tags are recommended)
1658
## @param metrics.image.digest Redis(R) Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1659
## @param metrics.image.pullPolicy Redis(R) Exporter image pull policy
1660
## @param metrics.image.pullSecrets Redis(R) Exporter image pull secrets
1661
##
1662
image:
1663
registry: cgr.dev
1664
repository: chainguard-private/iamguarded-charts/prometheus-redis-exporter-iamguarded
1665
tag: 1.82.0
1666
digest: ""
1667
pullPolicy: IfNotPresent
1668
## Optionally, specify an array of imagePullSecrets.
1669
## Secrets must be manually created in the namespace.
1670
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1671
## Example:
1672
## pullSecrets:
1673
## - myRegistryKeySecretName
1674
##
1675
pullSecrets: []
1676
## @param metrics.containerPorts.http Metrics HTTP container port
1677
##
1678
containerPorts:
1679
http: 9121
1680
## Configure extra options for Valkey containers' liveness, readiness & startup probes
1681
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1682
## @param metrics.startupProbe.enabled Enable startupProbe on Valkey replicas nodes
1683
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1684
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
1685
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1686
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
1687
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
1688
##
1689
startupProbe:
1690
enabled: false
1691
initialDelaySeconds: 10
1692
periodSeconds: 10
1693
timeoutSeconds: 5
1694
successThreshold: 1
1695
failureThreshold: 5
1696
## @param metrics.livenessProbe.enabled Enable livenessProbe on Valkey replicas nodes
1697
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1698
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
1699
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1700
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
1701
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
1702
##
1703
livenessProbe:
1704
enabled: true
1705
initialDelaySeconds: 10
1706
periodSeconds: 10
1707
timeoutSeconds: 5
1708
successThreshold: 1
1709
failureThreshold: 5
1710
## @param metrics.readinessProbe.enabled Enable readinessProbe on Valkey replicas nodes
1711
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1712
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
1713
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1714
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
1715
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
1716
##
1717
readinessProbe:
1718
enabled: true
1719
initialDelaySeconds: 5
1720
periodSeconds: 10
1721
timeoutSeconds: 1
1722
successThreshold: 1
1723
failureThreshold: 3
1724
## @param metrics.customStartupProbe Custom startupProbe that overrides the default one
1725
##
1726
customStartupProbe: {}
1727
## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one
1728
##
1729
customLivenessProbe: {}
1730
## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one
1731
##
1732
customReadinessProbe: {}
1733
## @param metrics.command Override default metrics container init command (useful when using custom images)
1734
##
1735
command: []
1736
## @param metrics.valkeyTargetHost A way to specify an alternative Valkey hostname
1737
## Useful for certificate CN/SAN matching
1738
##
1739
valkeyTargetHost: "localhost"
1740
## @param metrics.extraArgs Extra arguments for Redis(R) Exporter
1741
## Example:
1742
## extraArgs:
1743
## check-keys: myKey,myOtherKey
1744
##
1745
extraArgs: {}
1746
## @param metrics.extraEnvVars Array with extra environment variables to add to Redis(R) Exporter
1747
## Example:
1748
## extraEnvVars:
1749
## - name: FOO
1750
## value: "bar"
1751
##
1752
extraEnvVars: []
1753
## Configure Container Security Context
1754
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1755
## @param metrics.containerSecurityContext.enabled Enable Redis(R) Exporter containers' Security Context
1756
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1757
## @param metrics.containerSecurityContext.runAsUser Set Redis(R) Exporter containers' Security Context runAsUser
1758
## @param metrics.containerSecurityContext.runAsGroup Set Redis(R) Exporter containers' Security Context runAsGroup
1759
## @param metrics.containerSecurityContext.runAsNonRoot Set Redis(R) Exporter containers' Security Context runAsNonRoot
1760
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis(R) Exporter containers' Security Context allowPrivilegeEscalation
1761
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
1762
## @param metrics.containerSecurityContext.seccompProfile.type Set Redis(R) Exporter containers' Security Context seccompProfile
1763
## @param metrics.containerSecurityContext.capabilities.drop Set Redis(R) Exporter containers' Security Context capabilities to drop
1764
##
1765
containerSecurityContext:
1766
enabled: true
1767
seLinuxOptions: {}
1768
runAsUser: 1001
1769
runAsGroup: 1001
1770
runAsNonRoot: true
1771
allowPrivilegeEscalation: false
1772
readOnlyRootFilesystem: true
1773
seccompProfile:
1774
type: RuntimeDefault
1775
capabilities:
1776
drop: ["ALL"]
1777
## @param metrics.extraVolumes Optionally, specify extra list of additional volumes for the Valkey metrics sidecar
1778
##
1779
extraVolumes: []
1780
## @param metrics.extraVolumeMounts Optionally, specify extra list of additional volumeMounts for the Valkey metrics sidecar
1781
##
1782
extraVolumeMounts: []
1783
## Redis(R) Exporter resource requests and limits
1784
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1785
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
1786
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
1787
##
1788
resourcesPreset: "nano"
1789
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1790
## Example:
1791
## resources:
1792
## requests:
1793
## cpu: 2
1794
## memory: 512Mi
1795
## limits:
1796
## cpu: 3
1797
## memory: 1024Mi
1798
##
1799
resources: {}
1800
## @param metrics.podLabels Extra labels for Redis(R) Exporter pods
1801
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1802
##
1803
podLabels: {}
1804
## @param metrics.podAnnotations [object] Annotations for Redis(R) Exporter pods
1805
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1806
##
1807
podAnnotations:
1808
prometheus.io/scrape: "true"
1809
prometheus.io/port: "9121"
1810
## Redis(R) Exporter service parameters
1811
##
1812
service:
1813
## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor
1814
##
1815
enabled: true
1816
## @param metrics.service.type Redis(R) Exporter service type
1817
##
1818
type: ClusterIP
1819
## @param metrics.service.ports.http Redis(R) Exporter service port
1820
##
1821
ports:
1822
http: 9121
1823
## @param metrics.service.externalTrafficPolicy Redis(R) Exporter service external traffic policy
1824
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1825
##
1826
externalTrafficPolicy: Cluster
1827
## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1828
##
1829
extraPorts: []
1830
## @param metrics.service.loadBalancerIP Redis(R) Exporter service Load Balancer IP
1831
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1832
##
1833
loadBalancerIP: ""
1834
## @param metrics.service.loadBalancerClass Exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1835
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1836
##
1837
loadBalancerClass: ""
1838
## @param metrics.service.loadBalancerSourceRanges Redis(R) Exporter service Load Balancer sources
1839
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1840
## Example:
1841
## loadBalancerSourceRanges:
1842
## - 10.10.10.0/24
1843
##
1844
loadBalancerSourceRanges: []
1845
## @param metrics.service.annotations Additional custom annotations for Redis(R) Exporter service
1846
##
1847
annotations: {}
1848
## @param metrics.service.clusterIP Redis(R) Exporter service Cluster IP
1849
##
1850
clusterIP: ""
1851
## Prometheus Service Monitor
1852
## ref: https://github.com/coreos/prometheus-operator
1853
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1854
##
1855
serviceMonitor:
1856
## @param metrics.serviceMonitor.port the service port to scrape metrics from
1857
##
1858
port: http-metrics
1859
## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
1860
##
1861
enabled: false
1862
## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created
1863
##
1864
namespace: ""
1865
## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped
1866
##
1867
interval: 30s
1868
## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
1869
##
1870
scrapeTimeout: ""
1871
## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
1872
##
1873
relabelings: []
1874
## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
1875
##
1876
metricRelabelings: []
1877
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
1878
##
1879
honorLabels: false
1880
## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus
1881
##
1882
additionalLabels: {}
1883
## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
1884
##
1885
podTargetLabels: []
1886
## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod
1887
##
1888
sampleLimit: false
1889
## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped
1890
##
1891
targetLimit: false
1892
## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g., sentinel)
1893
## Example to scrape sentinel metrics, also to in order distinguish between Sentinel and Valkey container metrics
1894
## add metricRelabelings with label like app=valkey to main valkey pod-monitor port:
1895
## additionalEndpoints:
1896
## - interval: "30s"
1897
## path: "/scrape"
1898
## port: "metrics"
1899
## params:
1900
## target: ["localhost:26379"]
1901
## metricRelabelings:
1902
## - targetLabel: "app"
1903
## replacement: "sentinel"
1904
##
1905
additionalEndpoints: []
1906
## Prometheus Pod Monitor
1907
## ref: https://github.com/coreos/prometheus-operator
1908
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor
1909
##
1910
podMonitor:
1911
## @param metrics.podMonitor.port the pod port to scrape metrics from
1912
##
1913
port: metrics
1914
## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator
1915
##
1916
enabled: false
1917
## @param metrics.podMonitor.namespace The namespace in which the PodMonitor will be created
1918
##
1919
namespace: ""
1920
## @param metrics.podMonitor.interval The interval at which metrics should be scraped
1921
##
1922
interval: 30s
1923
## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended
1924
##
1925
scrapeTimeout: ""
1926
## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
1927
##
1928
relabelings: []
1929
## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
1930
## Example:
1931
## metricRelabelings:
1932
## - targetLabel: "app"
1933
## replacement: "valkey"
1934
##
1935
metricRelabelings: []
1936
## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
1937
##
1938
honorLabels: false
1939
## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus
1940
##
1941
additionalLabels: {}
1942
## @param metrics.podMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
1943
##
1944
podTargetLabels: []
1945
## @param metrics.podMonitor.sampleLimit Limit of how many samples should be scraped from every Pod
1946
##
1947
sampleLimit: false
1948
## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped
1949
##
1950
targetLimit: false
1951
## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g., sentinel)
1952
## Example:
1953
## additionalEndpoints:
1954
## - interval: "30s"
1955
## path: "/scrape"
1956
## port: "metrics"
1957
## params:
1958
## target: ["localhost:26379"]
1959
## metricRelabelings:
1960
## - targetLabel: "app"
1961
## replacement: "sentinel"
1962
##
1963
additionalEndpoints: []
1964
## Custom PrometheusRule to be defined
1965
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
1966
##
1967
prometheusRule:
1968
## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator
1969
##
1970
enabled: false
1971
## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created
1972
##
1973
namespace: ""
1974
## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule
1975
##
1976
additionalLabels: {}
1977
## @param metrics.prometheusRule.rules Custom Prometheus rules
1978
## Example:
1979
## rules:
1980
## - alert: ValkeyDown
1981
## expr: valkey_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0
1982
## for: 2m
1983
## labels:
1984
## severity: error
1985
## annotations:
1986
## summary: Valkey instance {{ "{{ $labels.instance }}" }} down
1987
## description: Valkey instance {{ "{{ $labels.instance }}" }} is down
1988
## - alert: ValkeyMemoryHigh
1989
## expr: >
1990
## valkey_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100
1991
## /
1992
## valkey_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"}
1993
## > 90
1994
## for: 2m
1995
## labels:
1996
## severity: error
1997
## annotations:
1998
## summary: Valkey instance {{ "{{ $labels.instance }}" }} is using too much memory
1999
## description: |
2000
## Valkey instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory.
2001
## - alert: ValkeyKeyEviction
2002
## expr: |
2003
## increase(valkey_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0
2004
## for: 1s
2005
## labels:
2006
## severity: error
2007
## annotations:
2008
## summary: Valkey instance {{ "{{ $labels.instance }}" }} has evicted keys
2009
## description: |
2010
## Valkey instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
2011
##
2012
rules: []
2013
## @section Init Container Parameters
2014
##
2015
2016
## 'volumePermissions' init container parameters
2017
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
2018
## based on the *podSecurityContext/*containerSecurityContext parameters
2019
##
2020
volumePermissions:
2021
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
2022
##
2023
enabled: false
2024
## OS Shell + Utility image
2025
## ref: https://hub.docker.com/r/iamguarded/os-shell/tags/
2026
## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
2027
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
2028
## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
2029
## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2030
## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
2031
## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
2032
##
2033
image:
2034
registry: cgr.dev
2035
repository: chainguard-private/iamguarded-charts/os-shell-iamguarded
2036
tag: 1.0.0
2037
digest: ""
2038
pullPolicy: IfNotPresent
2039
## Optionally, specify an array of imagePullSecrets.
2040
## Secrets must be manually created in the namespace.
2041
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2042
## Example:
2043
## pullSecrets:
2044
## - myRegistryKeySecretName
2045
##
2046
pullSecrets: []
2047
## Init container's resource requests and limits
2048
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2049
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
2050
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
2051
##
2052
resourcesPreset: "nano"
2053
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2054
## Example:
2055
## resources:
2056
## requests:
2057
## cpu: 2
2058
## memory: 512Mi
2059
## limits:
2060
## cpu: 3
2061
## memory: 1024Mi
2062
##
2063
resources: {}
2064
## Init container Security Context
2065
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2066
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2067
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
2068
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
2069
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
2070
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
2071
##
2072
containerSecurityContext:
2073
seLinuxOptions: {}
2074
runAsUser: 0
2075
## Kubectl InitContainer
2076
## used by Sentinel to update the isPrimary label on the Valkey(TM) pods
2077
##
2078
kubectl:
2079
## Iamguarded Kubectl image version
2080
## ref: https://hub.docker.com/r/iamguarded/kubectl/tags/
2081
## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry
2082
## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository
2083
## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version
2084
## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2085
## @param kubectl.image.pullPolicy Kubectl image pull policy
2086
## @param kubectl.image.pullSecrets Kubectl pull secrets
2087
##
2088
image:
2089
registry: cgr.dev
2090
repository: chainguard-private/iamguarded-charts/kubectl-iamguarded
2091
tag: 1.35.2
2092
digest: ""
2093
## Specify a imagePullPolicy
2094
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
2095
##
2096
pullPolicy: IfNotPresent
2097
## Optionally, specify an array of imagePullSecrets.
2098
## Secrets must be manually created in the namespace.
2099
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2100
## Example:
2101
## pullSecrets:
2102
## - myRegistryKeySecretName
2103
##
2104
pullSecrets: []
2105
## @param kubectl.command kubectl command to execute
2106
##
2107
command: ["/opt/iamguarded/scripts/kubectl-scripts/update-primary-label.sh"]
2108
## Configure Container Security Context
2109
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2110
## @param kubectl.containerSecurityContext.enabled Enable kubectl containers' Security Context
2111
## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2112
## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser
2113
## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup
2114
## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot
2115
## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation
2116
## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
2117
## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile
2118
## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop
2119
##
2120
containerSecurityContext:
2121
enabled: true
2122
seLinuxOptions: {}
2123
runAsUser: 1001
2124
runAsGroup: 1001
2125
runAsNonRoot: true
2126
allowPrivilegeEscalation: false
2127
readOnlyRootFilesystem: true
2128
seccompProfile:
2129
type: RuntimeDefault
2130
capabilities:
2131
drop: ["ALL"]
2132
## Iamguarded Kubectl resource requests and limits
2133
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2134
## @param kubectl.resources.limits The resources limits for the kubectl containers
2135
## @param kubectl.resources.requests The requested resources for the kubectl containers
2136
##
2137
resources:
2138
limits: {}
2139
requests: {}
2140
## @section useExternalDNS Parameters
2141
##
2142
## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable.
2143
## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled.
2144
## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations.
2145
## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release.
2146
##
2147
useExternalDNS:
2148
enabled: false
2149
suffix: ""
2150
annotationKey: external-dns.alpha.kubernetes.io/
2151
additionalAnnotations: {}
2152
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.