(feat): Extra Valkey config

Makefile

@@ -184,7 +184,7 @@ KIND ?= kind
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
-GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
+GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.8.1

api/v1alpha1/valkeycluster_types.go

@@ -38,6 +38,15 @@ const (
 	ClusterStateFailed ClusterState = "Failed"
 )
 
+// This list defines specific Valkey server configuration parameters that cannot
+// be overridden by a user-supplied configuration within the CR. Doing so would
+// potentially break the operator's behavior, which could result in data loss, or
+// a non-functioning cluster
+var NonUserOverrideConfigParameters = []string{
+	"cluster-enabled",
+	"aclfile",
+}
+
 // ValkeyClusterSpec defines the desired state of ValkeyCluster.
 type ValkeyClusterSpec struct {
 
@@ -88,6 +97,10 @@ type ValkeyClusterSpec struct {
 	// Additional containers or overrides for existing containers, applied using strategic merge patch
 	// +optional
 	Containers []corev1.Container `json:"containers,omitempty"`
+
+	// Additional Valkey configuration parameters
+	// +optional
+	Config map[string]string `json:"config,omitempty"`
 }
 
 type ExporterSpec struct {

api/v1alpha1/valkeynode_types.go

@@ -65,9 +65,10 @@ type ValkeyNodeSpec struct {
 	// +optional
 	Exporter ExporterSpec `json:"exporter,omitempty"`
 
-	// ScriptsConfigMapName specifies the name of the ConfigMap that contains the scripts for the ValkeyNode.
+	// UsersConfigMapName specifies the name of the ConfigMap that contains the
+	// scripts, and Valkey config for the ValkeyNode.
 	// +optional
-	ScriptsConfigMapName string `json:"scriptsConfigMapName,omitempty"`
+	UsersConfigMapName string `json:"usersConfigMapName,omitempty"`
 
 	// UsersACLSecretName is the name of the Secret containing the ACL user
 	// file. When set, mounts a users-acl volume from this Secret so the

config/crd/bases/valkey.io_valkeyclusters.yaml

@@ -971,6 +971,11 @@ spec:
                         x-kubernetes-list-type: atomic
                     type: object
                 type: object
+              config:
+                additionalProperties:
+                  type: string
+                description: Additional Valkey configuration parameters
+                type: object
               containers:
                 description: Additional containers or overrides for existing containers,
                   applied using strategic merge patch

config/crd/bases/valkey.io_valkeynodes.yaml

@@ -2639,10 +2639,6 @@ spec:
                       More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                     type: object
                 type: object
-              scriptsConfigMapName:
-                description: ScriptsConfigMapName specifies the name of the ConfigMap
-                  that contains the scripts for the ValkeyNode.
-                type: string
               tolerations:
                 description: Tolerations defines the pod tolerations.
                 items:
@@ -2689,6 +2685,11 @@ spec:
                   file. When set, mounts a users-acl volume from this Secret so the
                   container can load aclfile /config/users/users.acl.
                 type: string
+              usersConfigMapName:
+                description: |-
+                  UsersConfigMapName specifies the name of the ConfigMap that contains the
+                  scripts, and Valkey config for the ValkeyNode.
+                type: string
               workloadType:
                 default: StatefulSet
                 description: |-

config/samples/v1alpha1_valkeycluster.yaml

@@ -5,6 +5,9 @@ metadata:
 spec:
   shards: 3
   replicas: 1
+  config:
+    maxmemory: 50mb
+    maxmemory-policy: allkeys-lfu
   resources:
     requests:
       memory: "256Mi"

go.mod

@@ -12,6 +12,7 @@ require (
 	k8s.io/apimachinery v0.35.0
 	k8s.io/client-go v0.35.0
 	sigs.k8s.io/controller-runtime v0.23.3
+	sigs.k8s.io/yaml v1.6.0
 )
 
 require (
@@ -98,5 +99,4 @@ require (
 	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
-	sigs.k8s.io/yaml v1.6.0 // indirect
 )

internal/controller/config.go

@@ -0,0 +1,224 @@
+/*
+Copyright 2025 Valkey Contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controller
+
+import (
+	"context"
+	"crypto/sha256"
+	"embed"
+	"fmt"
+	"maps"
+	"slices"
+	"strings"
+
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	valkeyiov1alpha1 "valkey.io/valkey-operator/api/v1alpha1"
+)
+
+const (
+	scriptsHashKey = "valkey.io/script-hash"
+	configHashKey  = "valkey.io/config-hash"
+	configFileKey  = "valkey.conf"
+
+	readinessScriptKey = "readiness-check.sh"
+	livenessScriptKey  = "liveness-check.sh"
+
+	// This hash should be updated whenever the contents of either script changes, which would
+	// coincide with operator version bump.
+	// $ cat internal/controller/scripts/{liveness-check.sh,readiness-check.sh} | sha256sum
+	scriptsHash = "8531132f52ac311772dfcb45c107c34ab05e719a0df644cc332512277b564346"
+
+	// Average-ish length of Valkey parameter + value
+	averageParameterLength = 20
+)
+
+//go:embed scripts/*
+var scripts embed.FS
+
+func getConfigMapName(clusterName string) string {
+	return clusterName + "-config"
+}
+
+// Return a base config of parameters that users shouldn't be able to override
+func getBaseConfig() string {
+	return `# Base operator config
+cluster-enabled yes
+protected-mode no
+cluster-node-timeout 2000
+aclfile /config/users/users.acl
+`
+}
+
+func getUserConfig(ctx context.Context, cluster *valkeyiov1alpha1.ValkeyCluster) string {
+
+	specConfig := cluster.Spec.Config
+
+	// Exit early if nothing
+	if len(specConfig) == 0 {
+		return ""
+	}
+
+	log := logf.FromContext(ctx)
+
+	// Build the config
+	var configBuilder strings.Builder
+	configBuilder.Grow(len(specConfig) * averageParameterLength)
+	writeConfigLine(&configBuilder, "#", "Extra Config")
+
+	// Sort the config keys to keep consistent processing order
+	sortedKeys := slices.Sorted(maps.Keys(specConfig))
+
+	for _, param := range sortedKeys {
+
+		if slices.Contains(valkeyiov1alpha1.NonUserOverrideConfigParameters, param) {
+			log.Error(nil, "Prohibited valkey server config", "parameter", param)
+			continue
+		}
+
+		writeConfigLine(&configBuilder, param, specConfig[param])
+	}
+
+	return configBuilder.String()
+}
+
+// Create or update a default valkey.conf
+// If additional config is provided, append to the default map
+func (r *ValkeyClusterReconciler) upsertConfigMap(ctx context.Context, cluster *valkeyiov1alpha1.ValkeyCluster) error {
+
+	log := logf.FromContext(ctx)
+
+	// Embed readiness check script
+	readiness, err := scripts.ReadFile("scripts/readiness-check.sh")
+	if err != nil {
+		return fmt.Errorf("reading embedded readiness-check.sh: %w", err)
+	}
+
+	// Embed liveness check script
+	liveness, err := scripts.ReadFile("scripts/liveness-check.sh")
+	if err != nil {
+		return fmt.Errorf("reading embedded liveness-check.sh: %w", err)
+	}
+
+	// Get base config
+	var newConfigBuilder strings.Builder
+	newConfigBuilder.WriteString(getBaseConfig())
+
+	// User-provided config from spec
+	newConfigBuilder.WriteString(getUserConfig(ctx, cluster))
+
+	// Final string version of the config
+	newServerConfig := newConfigBuilder.String()
+
+	// Calculate hash of constructed configMap contents (ie: updated scripts, changed/added parameters)
+	newServerConfigHash := fmt.Sprintf("%x", sha256.Sum256([]byte(newServerConfig)))
+
+	// Look for, and fetch existing configMap for this cluster
+	serverConfigMapName := getConfigMapName(cluster.Name)
+	serverConfigMap := &corev1.ConfigMap{}
+	if err := r.Get(ctx, types.NamespacedName{
+		Name:      serverConfigMapName,
+		Namespace: cluster.Namespace,
+	}, serverConfigMap); err != nil {
+		if !apierrors.IsNotFound(err) {
+			log.Error(err, "failed to fetch server configmap")
+			return err
+		}
+
+		// ConfigMap not found; This happens on cluster init
+		log.V(2).Info("creating server configMap", "name", serverConfigMapName)
+
+		// Create configMap object with contents
+		serverConfigMap.ObjectMeta = metav1.ObjectMeta{
+			Name:      serverConfigMapName,
+			Namespace: cluster.Namespace,
+			Labels:    labels(cluster),
+			Annotations: map[string]string{
+				configHashKey:  newServerConfigHash,
+				scriptsHashKey: scriptsHash,
+			},
+		}
+		serverConfigMap.Data = map[string]string{
+			readinessScriptKey: string(readiness),
+			livenessScriptKey:  string(liveness),
+			configFileKey:      newServerConfig,
+		}
+
+		// Register ownership of the configMap
+		if err := controllerutil.SetControllerReference(cluster, serverConfigMap, r.Scheme); err != nil {
+			log.Error(err, "Failed to grab ownership of server configMap")
+			r.Recorder.Eventf(cluster, nil, corev1.EventTypeWarning, "ConfigMapCreationFailed", "UpsertConfigMap", "Failed to grab ownership of server configMap: %v", err)
+			return err
+		}
+
+		// Create the configMap
+		if err := r.Create(ctx, serverConfigMap); err != nil {
+			log.Error(err, "Failed to create server configMap")
+			r.Recorder.Eventf(cluster, nil, corev1.EventTypeWarning, "ConfigMapCreationFailed", "UpsertConfigMap", "Failed to create server configMap: %v", err)
+			return err
+		}
+
+		r.Recorder.Eventf(cluster, nil, corev1.EventTypeNormal, "ConfigMapCreated", "UpsertConfigMap", "Created server configMap")
+
+		// All good; new configMap with contents created
+		return nil
+	}
+
+	// ConfigMap exists
+
+	// Compare scripts hash in existing configMap to const value in operator; update scripts contents if different
+	updatedScripts := upsertAnnotation(serverConfigMap, scriptsHashKey, scriptsHash)
+	if updatedScripts {
+		log.V(1).Info("updated readiness, and liveness scripts")
+		serverConfigMap.Data[readinessScriptKey] = string(readiness)
+		serverConfigMap.Data[livenessScriptKey] = string(liveness)
+	}
+
+	// If the generated config contents hash (from above) matches the hash of the current
+	// config contents, and we did not update the scripts contents, exit early
+	if !updatedScripts && !upsertAnnotation(serverConfigMap, configHashKey, newServerConfigHash) {
+		log.V(1).Info("server config unchanged")
+		return nil
+	}
+
+	// Update the configMap with the generated config contents
+	serverConfigMap.Data[configFileKey] = newServerConfig
+
+	// Update
+	if err := r.Update(ctx, serverConfigMap); err != nil {
+		log.Error(err, "Failed to update server configMap")
+		r.Recorder.Eventf(cluster, nil, corev1.EventTypeWarning, "ConfigMapUpdateFailed", "UpsertConfigMap", "Failed to update server configMap: %v", err)
+		return err
+	}
+
+	r.Recorder.Eventf(cluster, nil, corev1.EventTypeNormal, "ConfigMapUpdated", "UpsertConfigMap", "Synchronized server configMap")
+
+	// All is good. configMap was updated with new contents.
+	return nil
+}
+
+// Helper function to write a config line in the form of "parameter value\n" to a strings.Builder
+func writeConfigLine(builder *strings.Builder, name, value string) {
+	builder.WriteString(name)
+	builder.WriteString(" ")
+	builder.WriteString(value)
+	builder.WriteString("\n")
+}