valkey-helm icon indicating copy to clipboard operation
valkey-helm copied to clipboard
verified publisher icon valkey-io

Valkey Replication mode

Open sgissi opened this issue 1 month ago • 5 comments

Valkey replication support with static replicas. First node is always master, in case of failure, replicas will wait for master to restart. Note that persistent storage is required to avoid an empty master leading to full data wipe upon pod recreation. Both authentication and TLS are supported in this mode.

sgissi avatar Nov 19 '25 21:11 sgissi

Closes #83. I ran initial tests, deleting replicas, increasing number of replicas, deleting master and it seemed to work fine. Also tested that read service will cycle through all instances but main service will be kept at instance 0 (master). I would appreciate further testing on this.

sgissi avatar Nov 19 '25 21:11 sgissi

Hi! When deploying with ACL users and an existing secret, I can't deploy the first replica (the second pod in the StatefulSet), due to a permission issue in the init container:

Fri Nov 21 12:32:38 UTC 2025 Creating configuration in /data/conf... 
Fri Nov 21 12:32:38 UTC 2025 Generating base valkey.conf 
Fri Nov 21 12:32:38 UTC 2025 Creating /etc/valkey directory for ACL file 
Fri Nov 21 12:32:38 UTC 2025 Generating ACL file at /etc/valkey/users.acl 
Fri Nov 21 12:32:38 UTC 2025 Generating ACL entries for users 
Fri Nov 21 12:32:38 UTC 2025 Using password from existing secret for user user 
/scripts/init.sh: 77: cannot create /etc/valkey/users.acl: Permission denied

varadiistvan avatar Nov 21 '25 13:11 varadiistvan

Thanks @varadiistvan, you actually found three bugs!

  1. If the init pod runs more than once (e.g. pod restarts), the /etc/valkey/users.acl exists and is read-only.
  2. The user for replication defaults to "default" and you don't have that user in aclUsers. The chart should check that a given user exists. Note that, if you are using an existing secret, helm cannot check at installation time that a key exists in the secret, if the user password is not there, init will fail with "ERROR: No password found for user [username]".
  3. If auth is enabled, the default user must be defined, otherwise anyone can read and write to the database without credentials.

I'll fix these errors. To continue testing, add "default" under aclUsers with proper permissions and a password either inline or in the secret.

sgissi avatar Nov 21 '25 13:11 sgissi

@mk-raven Can you review this PR? Tests look good.

sgissi avatar Nov 23 '25 22:11 sgissi

Of course, I will check on my side.

mk-raven avatar Nov 26 '25 09:11 mk-raven