From 599da87d0f88349ff20d5ed708e27ac66c7bc54f Mon Sep 17 00:00:00 2001
From: Julio Caicedo <llulioscesar@gmail.com>
Date: Sun, 15 Feb 2026 00:36:45 -0500
Subject: [PATCH] feat(metrics): switch redis exporter to Chainguard zero-CVE
 image

Replace oliver006/redis_exporter with Chainguard's prometheus-redis-exporter
to maintain zero-CVE security posture across all chart components. Updates
applied to Chart.yaml metadata, values.yaml defaults, JSON schema, and
documentation.
---
 Chart.yaml         | 6 ++++--
 README.md          | 4 ++--
 values.schema.json | 6 +++---
 values.yaml        | 7 ++++---
 4 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/Chart.yaml b/Chart.yaml
index eed7ce5..02342f7 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -21,20 +21,22 @@ annotations:
     - name: wolfi-base
       image: cgr.dev/chainguard/wolfi-base:latest
     - name: redis-exporter
-      image: docker.io/oliver006/redis_exporter:v1.80.0
+      image: cgr.dev/chainguard/prometheus-redis-exporter:latest
     - name: kubectl
       image: cgr.dev/chainguard/kubectl:latest
   artifacthub.io/containsSecurityUpdates: "true"
   artifacthub.io/prerelease: "false"
   artifacthub.io/changes: |
     - kind: security
-      description: Switch to Chainguard images for zero CVE (valkey, kubectl, wolfi-base)
+      description: Switch to Chainguard images for zero CVE (valkey, kubectl, wolfi-base, prometheus-redis-exporter)
     - kind: changed
       description: Update container user from 999 to 65532 (Chainguard default)
     - kind: changed
       description: Simplify health check scripts for distroless compatibility
     - kind: changed
       description: Update pre-upgrade hook to work without shell
+    - kind: added
+      description: Automated version checking workflow for weekly updates
 keywords:
   - valkey
   - redis
diff --git a/README.md b/README.md
index 9ed6428..80f3d97 100644
--- a/README.md
+++ b/README.md
@@ -203,8 +203,8 @@ helm install my-valkey valkey/valkey \
 | Parameter | Description | Default |
 |-----------|-------------|---------|
 | `metrics.enabled` | Enable Prometheus exporter | `false` |
-| `metrics.image.repository` | Exporter image | `oliver006/redis_exporter` |
-| `metrics.image.tag` | Exporter tag | `v1.80.0` |
+| `metrics.image.repository` | Exporter image | `chainguard/prometheus-redis-exporter` |
+| `metrics.image.tag` | Exporter tag | `latest` |
 | `metrics.serviceMonitor.enabled` | Create ServiceMonitor | `false` |
 | `metrics.podMonitor.enabled` | Create PodMonitor | `false` |
 
diff --git a/values.schema.json b/values.schema.json
index 6c5b159..bcf08c3 100644
--- a/values.schema.json
+++ b/values.schema.json
@@ -523,15 +523,15 @@
           "properties": {
             "registry": {
               "type": "string",
-              "default": "docker.io"
+              "default": "cgr.dev"
             },
             "repository": {
               "type": "string",
-              "default": "oliver006/redis_exporter"
+              "default": "chainguard/prometheus-redis-exporter"
             },
             "tag": {
               "type": "string",
-              "default": "v1.80.0"
+              "default": "latest"
             },
             "pullPolicy": {
               "type": "string",
diff --git a/values.yaml b/values.yaml
index aea11bc..389df76 100644
--- a/values.yaml
+++ b/values.yaml
@@ -453,10 +453,11 @@ metrics:
   enabled: false
   port: 9121
 
+  # Using Chainguard image for zero CVE security (same as Valkey)
   image:
-    registry: docker.io
-    repository: oliver006/redis_exporter
-    tag: "v1.80.0"
+    registry: cgr.dev
+    repository: chainguard/prometheus-redis-exporter
+    tag: "latest"
     pullPolicy: IfNotPresent
 
   containerSecurityContext: