The CleanStart Valkey image provides a production-ready, security-hardened container optimized for enterprise environments. Built on a minimal base OS with comprehensive security hardening, this image delivers reliable application execution with advanced security features.
📌 Base Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.
Image Path: ghcr.io/cleanstart-containers/valkey
Registry: cleanstart
Core capabilities and strengths of this container
- Production-ready container deployment
- Enterprise-grade security hardening
- Comprehensive monitoring and logging
- Multi-architecture support
Typical scenarios where this container excels
- Production application deployment
- Microservices architecture implementation
- Development and testing environments
- Enterprise workload containerization
Download the container image from the registry
docker pull ghcr.io/cleanstart-containers/valkey:latestdocker pull ghcr.io/cleanstart-containers/valkey:latest-devRun the container with basic configuration
docker run -it --name valkey ghcr.io/cleanstart-containers/valkey:latestDeploy with production security settings
docker run -d --name valkey-prod \
--security-opt=no-new-privileges \
--restart unless-stopped \
ghcr.io/cleanstart-containers/valkey:latestVolume Mount Mount local directory for persistent data
docker run -v /app:/app ghcr.io/cleanstart-containers/valkey:latestPort Forwarding Run with custom port mappings
docker run -p 8080:8080 ghcr.io/cleanstart-containers/valkey:latestConfiguration options available through environment variables
| Variable | Default | Description |
|---|---|---|
| PATH | /usr/local/sbin:/... | System PATH configuration |
Recommended security configurations and practices
- Use specific image tags for production (avoid latest)
- Configure resource limits: memory and CPU constraints
- Enable read-only root filesystem when possible
- Run containers with non-root user (--user 1000:1000)
- Use --security-opt=no-new-privileges flag
- Regularly update container images for security patches
- Implement proper network segmentation
- Monitor container metrics for anomalies
Recommended security context for Kubernetes deployments
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALLEssential links and resources for further information
- Container Registry: https://www.cleanstart.com/
- CleanStart Website: https://www.cleanstart.com
- CleanStart Community Images: https://hub.docker.com/u/cleanstart
- How-to-Run CleanStart images & sample projects: https://github.com/cleanstart-dev/cleanstart-containers
- How to run sample projects using Dockerfile
- How to deploy via Kubernetes YAML
- How to migrate from public images to CleanStart images
Vulnerability Disclaimer
CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.
Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.
Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.