Valkey Logo

Valkey (Redis Fork) Provisioning

Laralord provisions Valkey, a high-performance in-memory database and open-source fork of Redis, as a key component for caching and data storage in Kubernetes clusters. Widely used in Laravel projects for session management, caching, and queuing, Valkey offers low-latency data access with robust Access Control List (ACL) capabilities. This page details the Valkey cluster deployment, its configurations, tenant-specific access via NodePort, and integration with Laralord’s multi-tenant SaaS platform. For more information, refer to the official Valkey documentation.

Valkey Overview

Valkey is an open-source, in-memory database and a fork of Redis, designed for high-performance caching, session storage, and queuing. It is widely adopted in Laravel projects due to its speed, simplicity, and compatibility with Redis clients, making it ideal for accelerating web applications. Laralord deploys Valkey as a cluster with Access Control List (ACL) capabilities, ensuring each tenant has isolated, secure access to the database via specific path prefixes and NodePort connectivity.

Valkey Deployment Details

Laralord deploys Valkey in a user-defined namespace using a Helm chart from Bitnami’s container registry. The deployment is configured as a standalone architecture with optional replication, optimized for tenant isolation and secure access via NodePort. Key aspects include:

  • Namespace: Deployed in a user-defined namespace (e.g., databases), isolating Valkey from other services for security and organization.
  • Helm Configuration: Uses a specific Helm chart version with a standalone setup, referencing a Kubernetes secret for authentication credentials and enabling an ACL file for tenant-specific access control.
  • ACL Initialization: An init container creates an ACL file with a default user and randomly generated password, granting full permissions with path-specific prefixes (e.g., ~* +@all). New ACL nodes are provisioned with randomly generated ports for enhanced security.
  • Node Selection: Pods are scheduled on nodes labeled for databases, optimizing resource allocation.
  • Replication: Configured with two replicas for high availability, with optional replication settings for data redundancy (available but not enabled by default).
  • NodePort Access: Exposes Valkey via a NodePort service on port 6379, using a dynamically assigned node port for external connectivity within the cluster, allowing clients to connect without a dedicated UI.
  • Secret Management: Stores the Valkey password, host, and port in a Kubernetes secret, securely referenced by the Helm chart and tenant applications.

Key Features

The Valkey deployment by Laralord provides the following features:

  • High-Performance Caching: Delivers low-latency data access for Laravel session management, caching, and queuing.
  • Tenant Isolation: Uses ACLs to provide each tenant with unique credentials and path-specific access, ensuring data security.
  • NodePort Connectivity: Enables direct client access via a dynamically assigned NodePort, eliminating the need for a dedicated UI.
  • High Availability: Supports two replicas for fault tolerance and optional replication for data redundancy.
  • Redis Compatibility: Fully compatible with Redis clients, simplifying integration with Laravel’s Redis driver.
  • Secure Provisioning: Randomly generated ports for new ACL nodes enhance security during tenant provisioning.

Why Valkey?

Valkey is chosen by Laralord as a Redis fork for its performance, open-source governance, and compatibility with Laravel ecosystems. Key advantages include:

  • Laravel Integration: Widely used in Laravel for caching (e.g., Laravel Cache), session storage, and queuing (e.g., Laravel Horizon), with native Redis driver support.
  • Open-Source Continuity: As a fork of Redis, Valkey ensures long-term support and community-driven development, avoiding licensing concerns.
  • Performance: In-memory architecture provides sub-millisecond response times, ideal for high-traffic SaaS applications.
  • ACL Security: Robust ACL support enables fine-grained, tenant-specific access control, critical for multi-tenant environments.
  • Kubernetes-Native: Seamlessly integrates with Kubernetes via Helm, leveraging NodePort for flexible access.

Integration with Laralord

Valkey is a core component of Laralord’s multi-tenant SaaS platform, providing a scalable, secure in-memory database for tenant applications. Key integrations include:

  • Tenant-Specific Access: Each tenant receives unique ACL credentials and a path prefix (e.g., tenant1:*), ensuring isolated data access within the shared Valkey cluster.
  • Laravel Applications: Powers Laravel applications for caching, session management, and queuing, configured via the Redis driver with tenant credentials.
  • APISIX Gateway: Routes tenant traffic to the Valkey NodePort service, optionally enforcing mTLS for secure external access.
  • Vault Integration: Stores tenant-specific ACL credentials in Vault HashiCorp, securely distributing them to applications.
  • Argo CD Deployments: Supports Argo CD-managed applications by providing caching and queuing for tenant workloads.

Secure Access with NodePort and ACL

Laralord secures access to the Valkey cluster through tenant-specific ACL credentials and a NodePort service, eliminating the need for a dedicated UI. This setup ensures secure, isolated access for each tenant while maintaining simplicity. Key features include:

  • ACL Authentication: Each tenant is assigned unique credentials stored in a Vaut Hashicorp. key - tenant's environment variables, with path-specific prefixes (e.g., tenant1 :*) to restrict access to their data.
  • NodePort Connectivity: Clients connect directly to Valkey via a NodePort service on port 6379, using a dynamically assigned node port for external access within the cluster.
  • Random Port Provisioning: New ACL nodes are provisioned with randomly generated ports, enhancing security by reducing predictable access points.
Laralord © 2024UI Build: 0.1.0-rc1-42-g4cde