search
cegedim.cloudITCareAPI

Valkey - Features

Valkey can be deployed on a self-service basis via our cloud platform management tool: ITCare.

hashtag
Topologies

Two topologies are available:

  • Standalone instance

  • Sentinel cluster

In both cases, you can choose whether or not to persist data on disk when requesting creation, see #persistence.

hashtag
Standalone instance

Once deployed, the standalone instance is accessible on listening port 6379.

hashtag
Sentinel Cluster

The Valkey Sentinel cluster is deployed on three instances distributed across all Availability Zones in an Area.

Once deployed, the cluster is accessible on listening port 6379.

hashtag
Special features in cluster mode

  • Each instance runs both Valkey and Sentinel processes

  • Sentinel listening port: 26379

  • Of the three instances, one is primary and the other two are replicas

  • The replicas are open in read-only mode

hashtag
Persistence

Persistence refers to writing data to a durable medium, such as a solid-state disk (SSD). Valkey offers a range of persistence options.

  • RDB (Valkey Database): RDB persistence takes point-in-time snapshots of your dataset at specified intervals.

  • AOF (Append Only File): AOF persistence records every write operation received by the server. These operations can then be replayed when the server starts up, reconstructing the original dataset. Commands are recorded in the same format as the Valkey protocol itself.

  • No persistence: You can disable persistence completely. This option is sometimes used for caching.

  • RDB + AOF: You can also combine AOF and RDB in the same instance.

LogoValkey Documentation: Persistencevalkey.iochevron-right
Scenario
Settings

If RDB persistence enabled

  • save 3600 1

  • save 300 100

  • save 60 10000

If AOF persistence enabled

  • append fsync every sec

hashtag
Resilience

If the primary instance fails, a replica will automatically be promoted as the new primary. The replica will be automatically reconfigured to follow the new primary.

Sentinel provides information about the primary instance and replica instances.

hashtag
Features

This section lists the features available to the customer, as well as how to request or execute them:

Self-service

The customer can perform an action independently.

On request

The customer can ask the cegedim.cloud support team to take the necessary measures.

Features
Self-service
On request
Comments

SSH access

false

false

SSH access is disabled and reserved for cegedim.cloud administrators.

Modify configuration file

false

true

On request via a ticket.

Access to Redis/Sentinel

true

true

The customer can log in to Redis and Sentinel with an account (password defined by the customer in the provisioning wizard).

hashtag
High-level diagram

hashtag
Configuration

hashtag
Product Configuration

Settings
Custom value
Enforced
Comments

bind

@IP 127.0.0.1

Listening address

timeout

300

Close the connection after a client is idle for N seconds (0 to disable)

logfile

/var/log/valkey/valkey-server.log

Log file path

supervised

systemd

Supervision interaction

If AOF persistence is active, the following parameters will be applied:

Settings
Custom value
Enforced

appendonly

yes

dir

/var/lib/valkey/persistance

appendfsync

everysec

if RDB is active, the following parameters will be applied:

Settings
Custom value
Enforced

save

3600 1

save

300 100

save

60 10000

rdb_compression

oui

rdbchecksum

oui

dir

/var/lib/valkey/persistance

hashtag
Kernel configuration

The following kernel parameters have been modified to optimize operating system performance for Valkey :

  • vm.overcommit_memory = 1

  • vm.swappiness = 1

  • net.core.somaxconn = 65535

hashtag
Security

hashtag
Authentification

The authentication mode used is : Access Control List.

Passwords are hashed with SHA-256 and do not appear in plain text in the ACL file.

hashtag
Authorizations

ACLs are used to manage authorizations.

On Sentinel, the dedicated client account has rights to :

On Valkey, the dedicated customer account has rights to :

hashtag
Secure Transport

The customer can choose whether or not to activate TLS transport when requesting self-service creation via ITCare.

hashtag
Password

This section describes password management:

Password
Stored by cegedim.cloud
Stored by customer
Enforced
Hash

customer account

SHA-256

ANY other account

SHA-256

cgdm_admin account

SHA-256

cgdm_monitor account

SHA-256

hashtag
Monitoring

The following items are monitored and are accessible in ITCare.

Alerts
Description

DBS_VALKEY_CLI_CLIENTS

Check connected clients count

DBS_VALKEY_CLI_AOF_STATUS

Check aof status

DBS_VALKEY_CLI_COMMANDS

Number of commands processed

DBS_VALKEY_CLI_CONNECTIONS

Number of connections

DBS_VALKEY_CLI_CPU

CPU usage

DBS_VALKEY_CLI_MEMORY

Memory usage

DBS_VALKEY_CLI_REPL_REPLICAS_COUNT

Check replicas count

DBS_VALKEY_CLI_RDB_STATUS

RDB status

DBS_VALKEY_PING

Check node availability

DBS_VALKEY_SENTINEL_MASTER_UP

Checks the status of the master from Sentinel

DBS_VALKEY_SENTINEL_SLAVES_COUNT

Check replicas count from Sentinel

DBS_VALKEY_SENTINEL_SENTINELS_COUNT

Check Sentinelscount

DBS_VALKEY_SENTINEL_QUORUM

Check quorum status

TLS_VALKEY_CERT_EXPIRATION

Check Valkey certificate expiration

TLS_SENTINEL_CERT_EXPIRATION

Check Sentinel certificate expiration

PreviousValkeyNextValkey - Get started

Last updated