feat: enable prometheus metrics to be Made for UDS (#28)

## Description

This enables the service monitor for Valkey to officially finish the
Made for UDS journey.

## Related Issue

Fixes #22

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [X] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [X] Test, docs, adr added or updated as needed
- [X] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-package-valkey/blob/main/CONTRIBUTING.md#developer-workflow)
followed

README.md

@@ -1,5 +1,6 @@
 # 🏭 UDS Valkey Package
 
+[<img alt="Made for UDS" src="https://raw.githubusercontent.com/defenseunicorns/uds-common/main/docs/made-for-uds.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core)
 [![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-package-valkey)](https://github.com/defenseunicorns/uds-package-valkey/releases)
 [![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-package-valkey/tag-and-release.yaml)](https://github.com/defenseunicorns/uds-package-valkey/actions/workflows/tag-and-release.yaml)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-valkey/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-valkey)

chart/templates/uds-package.yaml

@@ -4,6 +4,13 @@ metadata:
   name: valkey
   namespace: {{ .Release.Namespace }}
 spec:
+  monitor:
+    - selector:
+        app.kubernetes.io/name: valkey
+      targetPort: 9121
+      portName: http-metrics
+      description: Metrics
+
   network:
     allow:
       - direction: Ingress

docs/configuration.md

@@ -0,0 +1,18 @@
+# Configuration
+
+Valkey configured through the upstream [Bitnami Valkey chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey) as well as a UDS configuration chart that supports the following:
+
+## Networking
+
+Network policies are controlled via the `uds-valkey-config` chart in accordance with the [common patterns for networking within UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory/blob/main/docs/networking.md).  Because Valkey does not interact with external resources like databases or object storage it only implements `custom` networking for the `valkey` namespace:
+
+- `custom`: sets custom network policies for the `valkey` namespace (i.e. to allow clients like GitLab to connect)
+
+## Cross-Namespace Password
+
+Valkey is currently configured to expect a single user or workload to be using it - to enable this workload to exist in another namespace without needing elevated permissions itself, the `uds-valkey-config` chart supports the following keys to place the Valkey password in another namespace:
+
+- `copyPassword.enabled`: enables the copying of the Valkey password secret to another namespace
+- `copyPassword.namespace`: the namespace to copy the Kubernetes secret into
+- `copyPassword.secretName`: the name to give the Kubernetes secret in the other namespace
+- `copyPassword.secretKey`: the key to place the password under within the Kubernetes secret

values/upstream-values.yaml

@@ -2,3 +2,9 @@ image:
   registry: docker.io
   repository: bitnami/valkey
   tag: 7.2.5-debian-12-r9
+
+metrics:
+  image:
+    registry: docker.io
+    repository: bitnami/redis-exporter
+    tag: 1.62.0-debian-12-r2

values/values.yaml

@@ -3,3 +3,6 @@ architecture: standalone
 auth:
   existingSecret: valkey-password
   existingSecretPasswordKey: valkey-password
+
+metrics:
+  enabled: true

zarf.yaml

@@ -20,3 +20,4 @@ components:
           - ./values/upstream-values.yaml
     images:
       - docker.io/bitnami/valkey:7.2.5-debian-12-r9
+      - docker.io/bitnami/redis-exporter:1.62.0-debian-12-r2