> ## Documentation Index
> Fetch the complete documentation index at: https://mogenius-docs-self-hosted-helm-values-update.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Self hosted

The mogenius platform is available as a SaaS option on [app.mogenius.com](https://app.mogenius.com). If you prefer the self-hosted version of mogenius, you can install it with our Helm chart. This way you can run mogenius on your own clusters and even in air-gapped environments.

## Prerequisites

* A Kubernetes cluster with at least 1 CPU and 1 GB of memory available.
* Credentials for pulling the mogenius images from the container registry (see below).
* The traefik ingress controller.
* A working local installation of [Helm](https://helm.sh/).
* A MySQL server (optional).

<Warning>
  Running the platform as a self-hosted version requires a subscription. <a href="mailto:sales@mogenius.com">Contact our sales team</a> for more information.
</Warning>

## Quickstart

For a quick installation of the mogenius platform with defaults where possible, follow these steps.

### Create a Namespace

On the cluster where you're installing the mogenius platform, create a new namespace `mogenius-platform`.

### Create Secrets

The platform services require a few secrets containing critical credentials that aren't created by the Helm chart. The following secrets are required for the minimum configuration. Additional secrets can be used when working with more sophisticated Helm chart configurations.

**1. Container Registry**\
After obtaining a subscription for the self-hosted version, you will have received credentials for the container registry where the platform images are stored. In your `mogenius-platform` namespace create a new secret `mo-registry-credentials` and store the credentials as type `kubernetes.io/dockerconfigjson`.

**2. Valkey (Redis-compatible)**\
Create a secret `mo-redis-secret` with the key `REDIS_SECRET`. Define a secure password as a value that you store in a safe place (e.g. a vault).

**3. Encryption Key**\
Create a secret `mo-platform-shared` with the key `MO_CORE_NEST__SSH_SYM_ENC_KEY`. As a value, use `openssl rand -base64 32` or a similar method on your terminal to create a base64-encrypted key.

**4. MySQL**\
Create the secret `mo-mysql-secret` with the keys `MYSQL_PASSWORD` and `MYSQL_ROOT_PASSWORD`. Use secure passwords as values.

**5. Admin User**\
Create the secret `mo-platform-user-secret` with the following keys and values:

`MO_USER_NEST__SYSTEM_ADMIN_EMAIL`\
The email address to log in with your admin user.

`MO_USER_NEST__SYSTEM_ADMIN_PASSWORD`\
The password for your admin user.

`MO_CORE_NEST__SSH_SYM_ENC_KEY`\
Use the same value that you set in the secret `mo-platform-shared`.

`MO_USER_NEST__JWT_PRIVATE`\
Create a private key using the following commands and retrieve the value from the text file.

```
openssl ecparam -genkey -name secp521r1 -noout -out ec512-key-pair.pem
openssl base64 -A -in ec512-key-pair.pem -out ec512-key-pair.txt
```

`MO_USER_NEST__JWT_PUBLIC`\
Create a public key using the following commands and retrieve the value from the text file.

```
openssl ec -in ec512-key-pair.pem -pubout -out public.pem
openssl base64 -A -in public.pem -out public.txt
```

`MO_USER_NEST__SESSION_SECRET`\
Define a secure secret of your choice.

### Prepare your values.yaml

The Helm chart supports wide range of values that you can use to configure your installation of the mogenius platform. Skip to [values](/cluster-management/self-hosted#values) for a full reference of the chart.
Below is an example `values.yaml` for a minimal setup to install the mogenius platform in a development environment. Make sure to review the configuration and ensure that it matches your infrastructure.

```yaml values.yaml quickstart example  theme={null}
ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
    traefik.ingress.kubernetes.io/forward-headers: "true"
    traefik.ingress.kubernetes.io/router.middlewares: mogenius-platform-cors-middleware@kubernetescrd
    traefik.ingress.kubernetes.io/secure-headers: "true"
  api_service_url: platform-api.YOURDOMAIN.com
  hostname: mogenius.YOURDOMAIN.com
  k8s_cmd_stream_url: k8s-cmd-stream.YOURDOMAIN.com
  k8s_dispatcher_url: k8s-dispatcher.YOURDOMAIN.com
  k8s_logs_url: k8s-logs.YOURDOMAIN.com
  k8s_websocket_url: k8s-ws.YOURDOMAIN.com
  rootDomain: YOURDOMAIN.com
  socket_service_url: platform-ws.YOURDOMAIN.com
  tls:
  - hosts:
    - mogenius.YOURDOMAIN.com
    - platform-api.YOURDOMAIN.com
    - platform-user.YOURDOMAIN.com
    - platform-ws.YOURDOMAIN.com
    - k8s-ws.YOURDOMAIN.com
    - k8s-logs.YOURDOMAIN.com
    - k8s-cmd-stream.YOURDOMAIN.com
    - k8s-dispatcher.YOURDOMAIN.com
    secretName: mo-platform-tls
  traefik:
    apiVersion: traefik.io/v1alpha1
  user_service_url: platform-user.YOURDOMAIN.com
mo_platform:
  metrics:
    enabled: true
    resources:
      requests:
        cpu: 10m
        memory: 50Mi
mo_platform_api:
  enableAutoRefreshToken: true
  refreshTokenTask: true
mo_platform_user:
  openid:
    enabled: false
mogenius:
  imagePullSecrets:
  - mo-registry-credentials
mysql:
  enabled: true
  ssl: false
storage:
  accessMode: ReadWriteOnce
  className: local-path
```

<Warning>
  This chart configuration deploys the MySQL Docker image as part of the platform deployment. This setup is not recommended for running the mogenius platform in production scenarios. We recommend configuring the `mysql` values with connection to a high-availability MySQL for use in a production environment.
</Warning>

### Deploy the Helm chart

Run the following command on your cluster to install the Helm chart with your values.yaml.

```
helm repo add mogenius https://helm.mogenius.com/private
helm install mogenius-platform mogenius/mo-infrastructure -n mogenius-platform -f values.yaml
```

### Access the mogenius web interface

Check the status of the installation and make sure all Pods are starting properly.

```
kubectl get Pods -n mogenius-platform
```

When all Pods are `Running`, access the mogenius platform with the hostname you specified in your Ingress (e.g. mogenius.yourdomain.com). You can log in with the credentials of your admin user.

### Next steps

Now that mogenius is up and running you can prepare the platform for your team. Check out the following resources as next steps:

* [Quickstart guide](../overview/quickstart) for connecting your first cluster and getting started with Workspaces.
* [Enable Single Sign-On](./single-sign-on) to enable your team joining the mogenius platform.
* [Configure GitOps](./gitops) for enabling Git-based workflows in mogenius using Argo CD.

### Support

Need help setting up the mogenius platform? Contact us via [support@mogenius.com](mailto:support@mogenius.com).

## Values

### Global Settings

| Key                                          | Type   | Default                 | Description                                          |
| -------------------------------------------- | ------ | ----------------------- | ---------------------------------------------------- |
| stage                                        | string | `"production"`          | Current environment, one of \[dev, production]       |
| revisionHistoryLimit                         | int    | `1`                     | Global revisionHistoryLimit for all resources        |
| progressDeadlineSeconds                      | int    | `600`                   | Deployment progress deadline                         |
| secrets                                      | object | `{}`                    | secrets.`<secretName>`.`<secretKey>`.`<secretValue>` |
| dockersecrets                                | object | `{}`                    | Docker registry secrets                              |
| mogenius.imagePullSecrets                    | list   | `[]`                    | List of image pull secrets for mogenius images       |
| global.imagePullSecrets                      | list   | `[]`                    | List of image pull secrets for all images            |
| global.serviceMonitor.fallbackScrapeProtocol | string | `"PrometheusText0.0.4"` | Fallback scrape protocol for service monitors        |
| global.podLabels                             | object | `{}`                    | Global pod labels applied to all pods                |

### Ingress

| Key                           | Type   | Default                          | Description                                                       |
| ----------------------------- | ------ | -------------------------------- | ----------------------------------------------------------------- |
| ingress.rootDomain            | string | `nil`                            | Root domain that the platform will be hosted on, e.g. example.com |
| ingress.ingressClassName      | string | `"traefik"`                      | Ingress class name                                                |
| ingress.annotations           | object | See below                        | Annotations to be placed on the ingress                           |
| ingress.tls                   | list   | `[]`                             | Secret reference for TLS                                          |
| ingress.hostname              | string | `nil`                            | Platform hostname e.g. app.example.com                            |
| ingress.api\_service\_url     | string | `nil`                            | API hostname e.g. api-app.example.com                             |
| ingress.user\_service\_url    | string | `nil`                            | User service hostname e.g. user-app.example.com                   |
| ingress.socket\_service\_url  | string | `nil`                            | WebSocket hostname e.g. ws-app.example.com                        |
| ingress.k8s\_websocket\_url   | string | `nil`                            | Kubernetes WebSocket hostname e.g. k8s-ws.example.com             |
| ingress.k8s\_logs\_url        | string | `nil`                            | Kubernetes log hostname e.g. k8s-logs.example.com                 |
| ingress.k8s\_cmd\_stream\_url | string | `nil`                            | Kubernetes cmd stream hostname e.g. k8s-cmd-stream.example.com    |
| ingress.k8s\_dispatcher\_url  | string | `nil`                            | Kubernetes dispatcher hostname e.g. k8s-dispatcher.example.com    |
| ingress.traefik.apiVersion    | string | `"traefik.containo.us/v1alpha1"` | The apiVersion that shall be used for traefik resources           |

Default ingress annotations:

```yaml theme={null}
traefik.ingress.kubernetes.io/router.middlewares: mogenius-cors-middleware@kubernetescrd
traefik.ingress.kubernetes.io/forward-headers: "true"
traefik.ingress.kubernetes.io/secure-headers: "true"
```

### Feature Toggles

| Key                                         | Type   | Default                 | Description                                             |
| ------------------------------------------- | ------ | ----------------------- | ------------------------------------------------------- |
| features.sso.enabled                        | bool   | `true`                  | Enable SSO feature with ingress for SSO wildcard domain |
| features.sso.ingress.tls                    | list   | `[]`                    | TLS configuration for SSO ingress                       |
| features.sso.ingress.annotations            | object | `{}`                    | Annotations for SSO ingress                             |
| features.portForwarding.enabled             | bool   | `true`                  | Enable port forwarding feature                          |
| features.portForwarding.hostname            | string | `"tunnel.mogenius.com"` | Hostname for port forwarding                            |
| features.portForwarding.ingress.tls         | list   | `[]`                    | TLS configuration for port forwarding ingress           |
| features.portForwarding.ingress.annotations | object | `{}`                    | Annotations for port forwarding ingress                 |

### Platform Services

#### mo\_platform (Frontend)

| Key                                         | Type   | Default                  | Description                                  |
| ------------------------------------------- | ------ | ------------------------ | -------------------------------------------- |
| mo\_platform.enabled                        | bool   | `true`                   | Enable frontend service                      |
| mo\_platform.replicas                       | int    | `1`                      | Number of replicas                           |
| mo\_platform.image.registry                 | string | `"ghcr.io"`              | Image registry                               |
| mo\_platform.image.repository               | string | `"mogenius/mo-frontend"` | Image repository                             |
| mo\_platform.image.tag                      | string | `"v2.8.3"`               | Image tag                                    |
| mo\_platform.imagePullPolicy                | string | `"IfNotPresent"`         | Image pull policy                            |
| mo\_platform.port                           | int    | `8080`                   | Service port                                 |
| mo\_platform.resources                      | object | `{}`                     | Resource requests/limits                     |
| mo\_platform.tolerations                    | object | `{}`                     | Pod tolerations                              |
| mo\_platform.metrics.enabled                | bool   | `false`                  | Enable Prometheus metrics exporter for nginx |
| mo\_platform.metrics.port                   | int    | `9113`                   | Metrics port                                 |
| mo\_platform.metrics.serviceMonitor.enabled | bool   | `false`                  | Enable ServiceMonitor                        |

#### mo\_platform\_api (API Service)

| Key                                              | Type   | Default                              | Description                                            |
| ------------------------------------------------ | ------ | ------------------------------------ | ------------------------------------------------------ |
| mo\_platform\_api.enabled                        | bool   | `true`                               | Enable API service                                     |
| mo\_platform\_api.replicas                       | int    | `1`                                  | Number of replicas                                     |
| mo\_platform\_api.image.registry                 | string | `"ghcr.io"`                          | Image registry                                         |
| mo\_platform\_api.image.repository               | string | `"mogenius/mo-platform-api-service"` | Image repository                                       |
| mo\_platform\_api.image.tag                      | string | `"v4.4.6"`                           | Image tag                                              |
| mo\_platform\_api.imagePullPolicy                | string | `"IfNotPresent"`                     | Image pull policy                                      |
| mo\_platform\_api.port                           | int    | `1337`                               | HTTP port                                              |
| mo\_platform\_api.port\_tcp                      | int    | `7000`                               | TCP port                                               |
| mo\_platform\_api.ws\_port                       | int    | `7001`                               | WebSocket port                                         |
| mo\_platform\_api.ws\_log\_port                  | int    | `7002`                               | WebSocket log port                                     |
| mo\_platform\_api.ws\_cmd\_stream\_port          | int    | `7003`                               | WebSocket cmd stream port                              |
| mo\_platform\_api.refreshTokenTask               | bool   | `false`                              | If set to true will refresh the tokens in the database |
| mo\_platform\_api.enableAutoRefreshToken         | bool   | `false`                              | Enable automatic token refresh                         |
| mo\_platform\_api.resources                      | object | `{}`                                 | Resource requests/limits                               |
| mo\_platform\_api.tolerations                    | object | `{}`                                 | Pod tolerations                                        |
| mo\_platform\_api.probes.enabled                 | bool   | `true`                               | Enable health probes                                   |
| mo\_platform\_api.probes.port                    | int    | `1337`                               | Probe port                                             |
| mo\_platform\_api.probes.livenessProbe.path      | string | `"/core/status"`                     | Liveness probe path                                    |
| mo\_platform\_api.probes.readinessProbe.path     | string | `"/core/status"`                     | Readiness probe path                                   |
| mo\_platform\_api.probes.startupProbe.path       | string | `"/core/status"`                     | Startup probe path                                     |
| mo\_platform\_api.sshSymEncKey.secretName        | string | `"mo-platform-shared"`               | Secret name for SSH symmetric encryption key           |
| mo\_platform\_api.sshSymEncKey.secretKey         | string | `"MO_CORE_NEST__SSH_SYM_ENC_KEY"`    | Secret key for SSH symmetric encryption key            |
| mo\_platform\_api.initContainer.image.registry   | string | `"docker.io"`                        | Init container image registry                          |
| mo\_platform\_api.initContainer.image.repository | string | `"alpine/curl"`                      | Init container image repository                        |
| mo\_platform\_api.initContainer.image.tag        | string | `"8.20.0"`                           | Init container image tag                               |

#### mo\_platform\_user (User Service)

| Key                                        | Type   | Default                           | Description                                  |
| ------------------------------------------ | ------ | --------------------------------- | -------------------------------------------- |
| mo\_platform\_user.enabled                 | bool   | `true`                            | Enable user service                          |
| mo\_platform\_user.replicas                | int    | `1`                               | Number of replicas                           |
| mo\_platform\_user.image.registry          | string | `"ghcr.io"`                       | Image registry                               |
| mo\_platform\_user.image.repository        | string | `"mogenius/mo-platform-user"`     | Image repository                             |
| mo\_platform\_user.image.tag               | string | `"v2.0.17"`                       | Image tag                                    |
| mo\_platform\_user.imagePullPolicy         | string | `"IfNotPresent"`                  | Image pull policy                            |
| mo\_platform\_user.port                    | int    | `1337`                            | HTTP port                                    |
| mo\_platform\_user.port\_ws                | int    | `7000`                            | WebSocket port                               |
| mo\_platform\_user.resources               | object | `{}`                              | Resource requests/limits                     |
| mo\_platform\_user.tolerations             | object | `{}`                              | Pod tolerations                              |
| mo\_platform\_user.probes.enabled          | bool   | `true`                            | Enable health probes                         |
| mo\_platform\_user.sshSymEncKey.secretName | string | `"mo-platform-shared"`            | Secret name for SSH symmetric encryption key |
| mo\_platform\_user.sshSymEncKey.secretKey  | string | `"MO_CORE_NEST__SSH_SYM_ENC_KEY"` | Secret key for SSH symmetric encryption key  |

**OpenID Configuration:**

| Key                                                  | Type   | Default                            | Description                            |
| ---------------------------------------------------- | ------ | ---------------------------------- | -------------------------------------- |
| mo\_platform\_user.openid.enabled                    | bool   | `true`                             | Enable OpenID                          |
| mo\_platform\_user.openid.issuer                     | string | `"https://login-dev.mogenius.com"` | OpenID issuer URL                      |
| mo\_platform\_user.openid.accessTokenLifetime        | string | `"600"`                            | Access token lifetime in seconds       |
| mo\_platform\_user.openid.refreshTokenLifetime       | string | `"7776000"`                        | Refresh token lifetime in seconds      |
| mo\_platform\_user.openid.adminAccessTokenLifetime   | string | `"28800"`                          | Admin access token lifetime in seconds |
| mo\_platform\_user.openid.provider.github.enabled    | bool   | `false`                            | Enable GitHub OAuth                    |
| mo\_platform\_user.openid.provider.gitlab.enabled    | bool   | `false`                            | Enable GitLab OAuth                    |
| mo\_platform\_user.openid.provider.google.enabled    | bool   | `false`                            | Enable Google OAuth                    |
| mo\_platform\_user.openid.provider.linkedin.enabled  | bool   | `false`                            | Enable LinkedIn OAuth                  |
| mo\_platform\_user.openid.provider.microsoft.enabled | bool   | `false`                            | Enable Microsoft OAuth                 |

#### mo\_platform\_websocket (WebSocket Service)

| Key                                             | Type   | Default                            | Description                                  |
| ----------------------------------------------- | ------ | ---------------------------------- | -------------------------------------------- |
| mo\_platform\_websocket.enabled                 | bool   | `true`                             | Enable WebSocket service                     |
| mo\_platform\_websocket.replicas                | int    | `1`                                | Number of replicas                           |
| mo\_platform\_websocket.image.registry          | string | `"ghcr.io"`                        | Image registry                               |
| mo\_platform\_websocket.image.repository        | string | `"mogenius/mo-platform-websocket"` | Image repository                             |
| mo\_platform\_websocket.image.tag               | string | `"v2.0.7"`                         | Image tag                                    |
| mo\_platform\_websocket.imagePullPolicy         | string | `"IfNotPresent"`                   | Image pull policy                            |
| mo\_platform\_websocket.port                    | int    | `1337`                             | HTTP port                                    |
| mo\_platform\_websocket.port\_ws                | int    | `7000`                             | WebSocket port                               |
| mo\_platform\_websocket.resources               | object | `{}`                               | Resource requests/limits                     |
| mo\_platform\_websocket.tolerations             | object | `{}`                               | Pod tolerations                              |
| mo\_platform\_websocket.sshSymEncKey.secretName | string | `"mo-platform-shared"`             | Secret name for SSH symmetric encryption key |
| mo\_platform\_websocket.sshSymEncKey.secretKey  | string | `"MO_CORE_NEST__SSH_SYM_ENC_KEY"`  | Secret key for SSH symmetric encryption key  |

#### mo\_platform\_notification (Notification Service)

| Key                                                | Type   | Default                               | Description                                  |
| -------------------------------------------------- | ------ | ------------------------------------- | -------------------------------------------- |
| mo\_platform\_notification.enabled                 | bool   | `true`                                | Enable notification service                  |
| mo\_platform\_notification.replicas                | int    | `1`                                   | Number of replicas                           |
| mo\_platform\_notification.image.registry          | string | `"ghcr.io"`                           | Image registry                               |
| mo\_platform\_notification.image.repository        | string | `"mogenius/mo-platform-notification"` | Image repository                             |
| mo\_platform\_notification.image.tag               | string | `"v2.0.7"`                            | Image tag                                    |
| mo\_platform\_notification.imagePullPolicy         | string | `"IfNotPresent"`                      | Image pull policy                            |
| mo\_platform\_notification.port                    | int    | `7000`                                | Service port                                 |
| mo\_platform\_notification.email.fromName          | string | `"Mogenius Team"`                     | Email sender name                            |
| mo\_platform\_notification.email.fromAddress       | string | `"no-reply@mogenius.com"`             | Email sender address                         |
| mo\_platform\_notification.resources               | object | `{}`                                  | Resource requests/limits                     |
| mo\_platform\_notification.tolerations             | object | `{}`                                  | Pod tolerations                              |
| mo\_platform\_notification.sshSymEncKey.secretName | string | `"mo-platform-shared"`                | Secret name for SSH symmetric encryption key |
| mo\_platform\_notification.sshSymEncKey.secretKey  | string | `"MO_CORE_NEST__SSH_SYM_ENC_KEY"`     | Secret key for SSH symmetric encryption key  |

#### mo\_platform\_queue (Queue Service)

| Key                                         | Type   | Default                           | Description                                  |
| ------------------------------------------- | ------ | --------------------------------- | -------------------------------------------- |
| mo\_platform\_queue.enabled                 | bool   | `true`                            | Enable queue service                         |
| mo\_platform\_queue.replicas                | int    | `1`                               | Number of replicas                           |
| mo\_platform\_queue.image.registry          | string | `"ghcr.io"`                       | Image registry                               |
| mo\_platform\_queue.image.repository        | string | `"mogenius/mo-platform-queue"`    | Image repository                             |
| mo\_platform\_queue.image.tag               | string | `"v3.0.4"`                        | Image tag                                    |
| mo\_platform\_queue.imagePullPolicy         | string | `"IfNotPresent"`                  | Image pull policy                            |
| mo\_platform\_queue.resources               | object | `{}`                              | Resource requests/limits                     |
| mo\_platform\_queue.tolerations             | object | `{}`                              | Pod tolerations                              |
| mo\_platform\_queue.sshSymEncKey.secretName | string | `"mo-platform-shared"`            | Secret name for SSH symmetric encryption key |
| mo\_platform\_queue.sshSymEncKey.secretKey  | string | `"MO_CORE_NEST__SSH_SYM_ENC_KEY"` | Secret key for SSH symmetric encryption key  |

#### mo\_platform\_message\_dispatcher (Message Dispatcher)

| Key                                                | Type   | Default                                     | Description               |
| -------------------------------------------------- | ------ | ------------------------------------------- | ------------------------- |
| mo\_platform\_message\_dispatcher.enabled          | bool   | `true`                                      | Enable message dispatcher |
| mo\_platform\_message\_dispatcher.replicas         | int    | `1`                                         | Number of replicas        |
| mo\_platform\_message\_dispatcher.image.registry   | string | `"ghcr.io"`                                 | Image registry            |
| mo\_platform\_message\_dispatcher.image.repository | string | `"mogenius/mo-platform-message-dispatcher"` | Image repository          |
| mo\_platform\_message\_dispatcher.image.tag        | string | `"v1.1.4"`                                  | Image tag                 |
| mo\_platform\_message\_dispatcher.imagePullPolicy  | string | `"IfNotPresent"`                            | Image pull policy         |
| mo\_platform\_message\_dispatcher.listen\_host     | string | `"0.0.0.0"`                                 | Listen host               |
| mo\_platform\_message\_dispatcher.port             | int    | `7060`                                      | Service port              |
| mo\_platform\_message\_dispatcher.resources        | object | `{}`                                        | Resource requests/limits  |
| mo\_platform\_message\_dispatcher.tolerations      | object | `{}`                                        | Pod tolerations           |

### Valkey (Redis-compatible Cache)

The platform uses [Valkey](https://valkey.io/), an open-source Redis-compatible in-memory data store, for caching and message queuing. The chart deploys multiple Valkey instances for different purposes.

#### mo\_platform\_api\_valkey

| Key                                                      | Type   | Default                    | Description                        |
| -------------------------------------------------------- | ------ | -------------------------- | ---------------------------------- |
| mo\_platform\_api\_valkey.enabled                        | bool   | `true`                     | Enable Valkey for API service      |
| mo\_platform\_api\_valkey.image.registry                 | string | `"docker.io"`              | Image registry                     |
| mo\_platform\_api\_valkey.image.repository               | string | `"valkey/valkey"`          | Image repository                   |
| mo\_platform\_api\_valkey.image.tag                      | string | `"9.1.0"`                  | Image tag                          |
| mo\_platform\_api\_valkey.imagePullPolicy                | string | `"IfNotPresent"`           | Image pull policy                  |
| mo\_platform\_api\_valkey.port                           | int    | `6379`                     | Service port                       |
| mo\_platform\_api\_valkey.host                           | string | `"mo-platform-api-valkey"` | Service hostname                   |
| mo\_platform\_api\_valkey.password.secretName            | string | `"mo-redis-secret"`        | Secret name for password           |
| mo\_platform\_api\_valkey.password.secretKey             | string | `"REDIS_SECRET"`           | Secret key for password            |
| mo\_platform\_api\_valkey.resources                      | object | `{}`                       | Resource requests/limits           |
| mo\_platform\_api\_valkey.metrics.enabled                | bool   | `false`                    | Enable Prometheus metrics exporter |
| mo\_platform\_api\_valkey.metrics.port                   | int    | `9121`                     | Metrics port                       |
| mo\_platform\_api\_valkey.metrics.serviceMonitor.enabled | bool   | `false`                    | Enable ServiceMonitor              |

#### mo\_valkey\_shared

Shared Valkey instance used for queue processing and cross-service communication.

| Key                                               | Type   | Default              | Description                        |
| ------------------------------------------------- | ------ | -------------------- | ---------------------------------- |
| mo\_valkey\_shared.enabled                        | bool   | `true`               | Enable shared Valkey               |
| mo\_valkey\_shared.tls                            | bool   | `false`              | Enable TLS                         |
| mo\_valkey\_shared.queue\_db                      | int    | `7`                  | Database number for queue          |
| mo\_valkey\_shared.image.registry                 | string | `"docker.io"`        | Image registry                     |
| mo\_valkey\_shared.image.repository               | string | `"valkey/valkey"`    | Image repository                   |
| mo\_valkey\_shared.image.tag                      | string | `"9.1.0"`            | Image tag                          |
| mo\_valkey\_shared.imagePullPolicy                | string | `"IfNotPresent"`     | Image pull policy                  |
| mo\_valkey\_shared.port                           | int    | `6379`               | Service port                       |
| mo\_valkey\_shared.host                           | string | `"mo-valkey-shared"` | Service hostname                   |
| mo\_valkey\_shared.password.secretName            | string | `"mo-redis-secret"`  | Secret name for password           |
| mo\_valkey\_shared.password.secretKey             | string | `"REDIS_SECRET"`     | Secret key for password            |
| mo\_valkey\_shared.resources                      | object | `{}`                 | Resource requests/limits           |
| mo\_valkey\_shared.strategy                       | string | `"RollingUpdate"`    | Update strategy                    |
| mo\_valkey\_shared.metrics.enabled                | bool   | `false`              | Enable Prometheus metrics exporter |
| mo\_valkey\_shared.metrics.serviceMonitor.enabled | bool   | `false`              | Enable ServiceMonitor              |

#### mo\_websocket\_valkey

| Key                                       | Type   | Default                 | Description                         |
| ----------------------------------------- | ------ | ----------------------- | ----------------------------------- |
| mo\_websocket\_valkey.enabled             | bool   | `true`                  | Enable Valkey for WebSocket service |
| mo\_websocket\_valkey.image.registry      | string | `"docker.io"`           | Image registry                      |
| mo\_websocket\_valkey.image.repository    | string | `"valkey/valkey"`       | Image repository                    |
| mo\_websocket\_valkey.image.tag           | string | `"9.1.0"`               | Image tag                           |
| mo\_websocket\_valkey.port                | int    | `6379`                  | Service port                        |
| mo\_websocket\_valkey.host                | string | `"mo-websocket-valkey"` | Service hostname                    |
| mo\_websocket\_valkey.password.secretName | string | `"mo-redis-secret"`     | Secret name for password            |
| mo\_websocket\_valkey.password.secretKey  | string | `"REDIS_SECRET"`        | Secret key for password             |
| mo\_websocket\_valkey.resources           | object | `{}`                    | Resource requests/limits            |
| mo\_websocket\_valkey.metrics.enabled     | bool   | `false`                 | Enable Prometheus metrics exporter  |

#### mo\_user\_valkey

| Key                                  | Type   | Default             | Description                        |
| ------------------------------------ | ------ | ------------------- | ---------------------------------- |
| mo\_user\_valkey.enabled             | bool   | `true`              | Enable Valkey for user service     |
| mo\_user\_valkey.image.registry      | string | `"docker.io"`       | Image registry                     |
| mo\_user\_valkey.image.repository    | string | `"valkey/valkey"`   | Image repository                   |
| mo\_user\_valkey.image.tag           | string | `"9.1.0"`           | Image tag                          |
| mo\_user\_valkey.port                | int    | `6379`              | Service port                       |
| mo\_user\_valkey.host                | string | `"mo-user-valkey"`  | Service hostname                   |
| mo\_user\_valkey.password.secretName | string | `"mo-redis-secret"` | Secret name for password           |
| mo\_user\_valkey.password.secretKey  | string | `"REDIS_SECRET"`    | Secret key for password            |
| mo\_user\_valkey.resources           | object | `{}`                | Resource requests/limits           |
| mo\_user\_valkey.metrics.enabled     | bool   | `false`             | Enable Prometheus metrics exporter |

#### mo\_message\_dispatcher\_valkey

| Key                                                 | Type   | Default                          | Description                          |
| --------------------------------------------------- | ------ | -------------------------------- | ------------------------------------ |
| mo\_message\_dispatcher\_valkey.enabled             | bool   | `true`                           | Enable Valkey for message dispatcher |
| mo\_message\_dispatcher\_valkey.image.registry      | string | `"docker.io"`                    | Image registry                       |
| mo\_message\_dispatcher\_valkey.image.repository    | string | `"valkey/valkey"`                | Image repository                     |
| mo\_message\_dispatcher\_valkey.image.tag           | string | `"9.1.0"`                        | Image tag                            |
| mo\_message\_dispatcher\_valkey.port                | int    | `6379`                           | Service port                         |
| mo\_message\_dispatcher\_valkey.host                | string | `"mo-message-dispatcher-valkey"` | Service hostname                     |
| mo\_message\_dispatcher\_valkey.tls                 | bool   | `false`                          | Enable TLS                           |
| mo\_message\_dispatcher\_valkey.password.secretName | string | `"mo-redis-secret"`              | Secret name for password             |
| mo\_message\_dispatcher\_valkey.password.secretKey  | string | `"REDIS_SECRET"`                 | Secret key for password              |
| mo\_message\_dispatcher\_valkey.resources           | object | `{}`                             | Resource requests/limits             |
| mo\_message\_dispatcher\_valkey.metrics.enabled     | bool   | `false`                          | Enable Prometheus metrics exporter   |

### MySQL

| Key                                | Type   | Default                                        | Description                                                 |
| ---------------------------------- | ------ | ---------------------------------------------- | ----------------------------------------------------------- |
| mysql.enabled                      | bool   | `false`                                        | Enable MySQL deployment (use external MySQL for production) |
| mysql.replicas                     | int    | `1`                                            | Number of replicas                                          |
| mysql.image.registry               | string | `"docker.io"`                                  | Image registry                                              |
| mysql.image.repository             | string | `"mysql"`                                      | Image repository                                            |
| mysql.image.tag                    | string | `"8.4.10"`                                     | Image tag                                                   |
| mysql.imagePullPolicy              | string | `"IfNotPresent"`                               | Image pull policy                                           |
| mysql.port                         | int    | `3306`                                         | Service port                                                |
| mysql.host                         | string | `"mysql"`                                      | Service hostname                                            |
| mysql.database                     | string | `"platform"`                                   | Database name                                               |
| mysql.user                         | string | `"platform_user"`                              | Database user                                               |
| mysql.password.secretName          | string | `"mo-mysql-secret"`                            | Secret name for password                                    |
| mysql.password.secretKey           | string | `"MYSQL_PASSWORD"`                             | Secret key for password                                     |
| mysql.root\_password.secretName    | string | `"mo-mysql-secret"`                            | Secret name for root password                               |
| mysql.root\_password.secretKey     | string | `"MYSQL_ROOT_PASSWORD"`                        | Secret key for root password                                |
| mysql.ssl                          | bool   | `false`                                        | Enable SSL                                                  |
| mysql.sslRejectUnauthorized        | bool   | `true`                                         | Reject unauthorized SSL connections                         |
| mysql.allow\_empty\_root\_password | int    | `0`                                            | Allow empty root password (0 = no)                          |
| mysql.subpath                      | string | `"{{ tpl .Release.Namespace }}-mysql-storage"` | Storage subpath                                             |
| mysql.mountpoint                   | string | `"/var/lib/mysql"`                             | Data mount point                                            |
| mysql.storage.capacity             | string | `"50Gi"`                                       | Storage capacity                                            |
| mysql.resources                    | object | `{}`                                           | Resource requests/limits                                    |
| mysql.tolerations                  | object | `{}`                                           | Pod tolerations                                             |

### Storage

| Key                | Type   | Default           | Description        |
| ------------------ | ------ | ----------------- | ------------------ |
| storage.className  | string | `"default"`       | Storage class name |
| storage.accessMode | string | `"ReadWriteMany"` | Access mode        |
