dandydeveloper-redis-ha
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
## Globally shared configuration
2
global:
3
# -- Default priority class for all components
4
priorityClassName: ""
5
# -- Openshift compatibility options
6
compatibility:
7
openshift:
8
adaptSecurityContext: auto
9
## -- Image information for Redis HA
10
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
11
##
12
image:
13
# -- Redis image repository
14
repository: cgr.dev/chainguard-private/redis
15
# -- Redis image tag
16
tag: latest@sha256:918d7c855dd24cefdac9f7552b8855a7a33f269ab19143e81e6bd5948632cc96
17
# -- Redis image pull policy
18
pullPolicy: IfNotPresent
19
# -- Full name of the Redis HA Resources
20
fullnameOverride: ""
21
# -- Name override for Redis HA resources
22
nameOverride: ""
23
## Reference to one or more secrets to be used when pulling images
24
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
25
## This imagePullSecrets is only for redis images
26
##
27
# -- Reference to one or more secrets to be used when pulling redis images
28
imagePullSecrets: []
29
# - name: "image-pull-secret"
30
31
# -- Number of redis master/slave
32
replicas: 3
33
## Customize the statefulset pod management policy:
34
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
35
# -- The statefulset pod management policy
36
podManagementPolicy: OrderedReady
37
## read-only replicas
38
## indexed slaves get never promoted to be master
39
## index starts with 0 - which is master on init
40
## i.e. "8,9" means 8th and 9th slave will be replica with replica-priority=0
41
## see also: https://redis.io/topics/sentinel
42
# -- Comma separated list of slaves which never get promoted to be master.
43
# Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0.
44
ro_replicas: ""
45
# -- Kubernetes priorityClass name for the redis-ha-server pod
46
priorityClassName: ""
47
# -- Custom labels for the redis pod
48
labels: {}
49
# -- Custom labels for redis service
50
serviceLabels: {}
51
## Custom labels for the redis configmap
52
configmap:
53
# -- Custom labels for the redis configmap
54
labels: {}
55
## ConfigMap Test Parameters
56
configmapTest:
57
# -- Image for redis-ha-configmap-test hook
58
image:
59
# -- Repository of the configmap shellcheck test image.
60
repository: cgr.dev/chainguard-private/busybox
61
# -- Tag of the configmap shellcheck test image.
62
tag: latest@sha256:a4df82542624593a943071c90310653381295bb95494ff58a4650101aefeafaf
63
# -- Resources for the ConfigMap test pod
64
resources: {}
65
## Pods Service Account
66
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
67
serviceAccount:
68
# -- Specifies whether a ServiceAccount should be created
69
create: true
70
# -- The name of the ServiceAccount to use.
71
# If not set and create is true, a name is generated using the redis-ha.fullname template
72
name: ""
73
# -- opt in/out of automounting API credentials into container.
74
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
75
automountToken: false
76
# -- Annotations to be added to the service account for the redis statefulset
77
annotations: {}
78
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
79
## Recommend for externally exposed Redis clusters.
80
## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
81
haproxy:
82
# -- Enabled HAProxy LoadBalancing/Proxy
83
enabled: false
84
# -- Modify HAProxy service port
85
servicePort: 6379
86
# -- Modify HAProxy deployment container port
87
containerPort: 6379
88
# -- Enable TLS termination on HAproxy, This will create a volume mount
89
tls:
90
# -- If "true" this will enable TLS termination on haproxy
91
enabled: false
92
# -- Secret containing the .pem file
93
# Supports templates like "{{ .Release.Name }}-haproxy-tls"
94
secretName: ""
95
# -- Key file name
96
keyName:
97
# -- Path to mount the secret that contains the certificates. haproxy
98
certMountPath: /tmp/
99
# -- Enable read-only redis-slaves
100
readOnly:
101
# -- Enable if you want a dedicated port in haproxy for redis-slaves
102
enabled: false
103
# -- Port for the read-only redis-slaves
104
port: 6380
105
# -- Additional ports to expose on HAProxy service and deployment
106
# Each port should have a name, containerPort, and optionally servicePort (defaults to containerPort)
107
additionalPorts: []
108
# Example:
109
# additionalPorts:
110
# - name: custom-port
111
# containerPort: 8080
112
# servicePort: 8080
113
# - name: another-port
114
# containerPort: 9090
115
# -- Number of HAProxy instances
116
replicas: 3
117
# -- Deployment strategy for the haproxy deployment
118
deploymentStrategy:
119
type: RollingUpdate
120
# rollingUpdate:
121
# maxSurge: 25%
122
# maxUnavailable: 25%
123
image:
124
# -- HAProxy Image Repository
125
repository: cgr.dev/chainguard-private/haproxy
126
# -- HAProxy Image Tag
127
tag: latest@sha256:ddeb5e875c03b09a7e4821e53c1398d6bc98fa139689434c175fecb7be9969d4
128
# -- HAProxy Image PullPolicy
129
pullPolicy: IfNotPresent
130
# -- Custom labels for the haproxy pod
131
labels: {}
132
# -- Reference to one or more secrets to be used when pulling images
133
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
134
imagePullSecrets: []
135
# - name: "image-pull-secret"
136
137
# -- HAProxy template annotations
138
annotations: {}
139
# -- HAProxy deployment annotations
140
deploymentAnnotations: {}
141
# -- Annotations to be added to the HAProxy deployment pods
142
podAnnotations: {}
143
# -- HAProxy resources
144
resources: {}
145
# -- Configuration of `emptyDir`
146
emptyDir: {}
147
# -- Pod Disruption Budget
148
# ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
149
podDisruptionBudget: {}
150
# Use only one of the two
151
# maxUnavailable: 1
152
# minAvailable: 1
153
154
## Enable sticky sessions to Redis nodes via HAProxy
155
## Very useful for long-living connections as in case of Sentry for example
156
# -- HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown.
157
stickyBalancing: false
158
# -- Kubernetes priorityClass name for the haproxy pod
159
priorityClassName: ""
160
## Service for HAProxy
161
service:
162
# -- HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort"
163
type: ClusterIP
164
# -- (int) HAProxy service nodePort value (haproxy.service.type must be NodePort)
165
nodePort: ~
166
# -- HAProxy service loadbalancer IP
167
loadBalancerIP:
168
# -- (string) HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer)
169
externalTrafficPolicy: ~
170
# -- HAProxy external IPs
171
externalIPs: {}
172
# -- HAProxy service labels
173
labels: {}
174
# -- HAProxy service annotations
175
annotations: null
176
# -- List of CIDR's allowed to connect to LoadBalancer
177
loadBalancerSourceRanges: []
178
# -- HAProxy serviceAccountName
179
serviceAccountName: redis-sa
180
serviceAccount:
181
# -- Specifies whether a ServiceAccount should be created
182
create: true
183
automountToken: true
184
## Official HAProxy embedded prometheus metrics settings.
185
## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
186
##
187
metrics:
188
# -- HAProxy enable prometheus metric scraping
189
enabled: false
190
# -- HAProxy prometheus metrics scraping port
191
port: 9101
192
# -- HAProxy metrics scraping port name
193
portName: http-exporter-port
194
# -- HAProxy prometheus metrics scraping path
195
scrapePath: /metrics
196
serviceMonitor:
197
# -- When set true then use a ServiceMonitor to configure scraping
198
enabled: false
199
# -- Set the namespace the ServiceMonitor should be deployed
200
# @default -- `.Release.Namespace`
201
namespace: ""
202
# -- Set how frequently Prometheus should scrape (default is 30s)
203
interval: ""
204
# -- Set path to redis-exporter telemtery-path (default is /metrics)
205
telemetryPath: ""
206
# -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
207
labels: {}
208
# -- Set timeout for scrape (default is 10s)
209
timeout: ""
210
# -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more.
211
endpointAdditionalProperties: {}
212
# -- Disable API Check on ServiceMonitor
213
disableAPICheck: false
214
init:
215
# -- Extra init resources
216
resources: {}
217
timeout:
218
# -- haproxy.cfg `timeout connect` setting
219
connect: 4s
220
# -- haproxy.cfg `timeout server` setting
221
server: 330s
222
# -- haproxy.cfg `timeout client` setting
223
client: 330s
224
# -- haproxy.cfg `timeout check` setting
225
check: 2s
226
# -- haproxy.cfg `timeout tunnel` setting
227
tunnel: 1h
228
# -- haproxy.cfg `check inter` setting
229
checkInterval: 1s
230
# -- haproxy.cfg `check fall` setting
231
checkFall: 1
232
# -- Security context to be added to the HAProxy deployment.
233
securityContext:
234
runAsUser: 65532
235
fsGroup: 65532
236
runAsNonRoot: true
237
# -- Security context to be added to the HAProxy containers.
238
containerSecurityContext:
239
runAsNonRoot: true
240
allowPrivilegeEscalation: false
241
seccompProfile:
242
type: RuntimeDefault
243
capabilities:
244
drop:
245
- ALL
246
add:
247
- NET_BIND_SERVICE
248
# -- Whether the haproxy pods should be forced to run on separate nodes.
249
hardAntiAffinity: true
250
# -- Additional affinities to add to the haproxy pods.
251
additionalAffinities: {}
252
# -- Override all other affinity settings for the haproxy pods with a string.
253
affinity: ""
254
## Custom config-haproxy.cfg files used to override default settings. If this file is
255
## specified then the config-haproxy.cfg above will be ignored.
256
# -- (string) Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten
257
customConfig: ~
258
# customConfig: |-
259
# Define configuration here
260
261
## Place any additional configuration section to add to the default config-haproxy.cfg
262
# -- (string) Allows to place any additional configuration section to add to the default config-haproxy.cfg
263
extraConfig: ~
264
# extraConfig: |-
265
# Define configuration here
266
267
# -- Container lifecycle hooks.
268
# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
269
lifecycle: {}
270
## HAProxy test related options
271
tests:
272
# -- Pod resources for the tests against HAProxy.
273
resources: {}
274
## Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default.
275
IPv6:
276
# -- Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default.
277
enabled: true
278
networkPolicy:
279
# -- whether NetworkPolicy for Haproxy should be created
280
enabled: false
281
# -- Annotations for Haproxy NetworkPolicy
282
annotations: {}
283
# -- Labels for Haproxy NetworkPolicy
284
labels: {}
285
# -- user defined ingress rules that Haproxy should permit into.
286
# uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
287
ingressRules: []
288
# - selectors:
289
# - namespaceSelector:
290
# matchLabels:
291
# name: my-redis-client-namespace
292
# podSelector:
293
# matchLabels:
294
# application: redis-client
295
## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel)
296
# ports:
297
# - port: 6379
298
# protocol: TCP
299
# - port: 26379
300
# protocol: TCP
301
302
# -- user can define egress rules too, uses the same structure as ingressRules
303
egressRules: []
304
## Role Based Access
305
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
306
##
307
rbac:
308
# -- Create and use RBAC resources
309
create: true
310
# NOT RECOMMENDED: Additional container in which you can execute arbitrary commands to update sysctl parameters
311
# You can now use securityContext.sysctls to leverage this capability
312
# Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
313
##
314
sysctlImage:
315
# -- Enable an init container to modify Kernel settings
316
enabled: false
317
# -- sysctlImage command to execute
318
command: []
319
# -- sysctlImage Init container registry
320
registry: cgr.dev
321
# -- sysctlImage Init container name
322
repository: chainguard-private/busybox
323
# -- sysctlImage Init container tag
324
tag: latest@sha256:a4df82542624593a943071c90310653381295bb95494ff58a4650101aefeafaf
325
# -- sysctlImage Init container pull policy
326
pullPolicy: Always
327
# -- Mount the host `/sys` folder to `/host-sys`
328
mountHostSys: false
329
# -- sysctlImage resources
330
resources: {}
331
# -- Use an alternate scheduler, e.g. "stork".
332
# ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
333
schedulerName: ""
334
## Redis specific configuration options
335
redis:
336
# -- Port to access the redis service
337
port: 6379
338
# -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
339
masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated
340
# -- Allows overriding the redis container command
341
customCommand: []
342
# - bash
343
344
# -- Allows overriding the redis container arguments
345
customArgs: []
346
# - "custom-startup.sh"
347
348
# -- Load environment variables from ConfigMap/Secret
349
envFrom: []
350
# - secretRef:
351
# name: add-env-secret
352
353
# -- Configure the 'minReadySeconds' parameter to StatefulSet
354
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minreadyseconds
355
minReadySeconds: 0
356
## Configures redis with tls-port parameter
357
# -- (int) TLS Port to access the redis service
358
tlsPort: ~
359
# tlsPort: 6385
360
361
# -- (bool) Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf
362
tlsReplication: ~
363
# -- It is possible to disable client side certificates authentication when "authClients" is set to "no"
364
authClients: ""
365
# authClients: "no"
366
367
# -- Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s)
368
# ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced
369
terminationGracePeriodSeconds: 60
370
# -- Liveness probe parameters for redis container
371
livenessProbe:
372
# -- Enable the Liveness Probe
373
enabled: true
374
# -- Initial delay in seconds for liveness probe
375
initialDelaySeconds: 30
376
# -- Period in seconds after which liveness probe will be repeated
377
periodSeconds: 15
378
# -- Timeout seconds for liveness probe
379
timeoutSeconds: 15
380
# -- Success threshold for liveness probe
381
successThreshold: 1
382
# -- Failure threshold for liveness probe
383
failureThreshold: 5
384
# -- Readiness probe parameters for redis container
385
readinessProbe:
386
# -- Enable the Readiness Probe
387
enabled: true
388
# -- Initial delay in seconds for readiness probe
389
initialDelaySeconds: 30
390
# -- Period in seconds after which readiness probe will be repeated
391
periodSeconds: 15
392
# -- Timeout seconds for readiness probe
393
timeoutSeconds: 15
394
# -- Success threshold for readiness probe
395
successThreshold: 1
396
# -- Failure threshold for readiness probe
397
failureThreshold: 5
398
# -- Startup probe parameters for redis container
399
startupProbe:
400
# -- Enable Startup Probe
401
enabled: true
402
# -- Initial delay in seconds for startup probe
403
initialDelaySeconds: 30
404
# -- Period in seconds after which startup probe will be repeated
405
periodSeconds: 15
406
# -- Timeout seconds for startup probe
407
timeoutSeconds: 15
408
# -- Success threshold for startup probe
409
successThreshold: 1
410
# -- Failure threshold for startup probe
411
failureThreshold: 5
412
# -- Array with commands to disable
413
disableCommands:
414
- FLUSHDB
415
- FLUSHALL
416
# -- Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below)
417
# @default -- see values.yaml
418
config:
419
## -- Additional redis conf options can be added below
420
## -- For all available options see http://download.redis.io/redis-stable/redis.conf
421
min-replicas-to-write: 1
422
# -- Value in seconds
423
min-replicas-max-lag: 5
424
# -- Max memory to use for each redis instance. Default is unlimited.
425
maxmemory: "0"
426
# -- Max memory policy to use for each redis instance. Default is volatile-lru.
427
maxmemory-policy: "volatile-lru"
428
# -- Determines if scheduled RDB backups are created. Default is false.
429
# -- Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication.
430
save: "900 1"
431
# -- When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false.
432
repl-diskless-sync: "yes"
433
rdbcompression: "yes"
434
rdbchecksum: "yes"
435
# -- (string) Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored
436
customConfig: ~
437
# customConfig: |-
438
# Define configuration here
439
440
# -- CPU/Memory for master/slave nodes resource requests/limits
441
resources: {}
442
# requests:
443
# memory: 200Mi
444
# cpu: 100m
445
# limits:
446
# memory: 700Mi
447
448
# -- Container Lifecycle Hooks for redis container
449
# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
450
# @default -- see values.yaml
451
lifecycle:
452
preStop:
453
exec:
454
command: ["/bin/sh", "/readonly-config/trigger-failover-if-master.sh"]
455
# -- Annotations for the redis statefulset
456
annotations: {}
457
# -- Annotations to be added to the redis statefulset pods
458
podAnnotations: {}
459
# -- Update strategy for Redis StatefulSet
460
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
461
updateStrategy:
462
type: RollingUpdate
463
# -- additional volumeMounts for Redis container
464
extraVolumeMounts: []
465
# - name: empty
466
# mountPath: /empty
467
## Sentinel specific configuration options
468
sentinel:
469
# -- Port to access the sentinel service
470
port: 26379
471
## Configure the 'bind' directive to bind to a list of network interfaces
472
bind: ~
473
# bind: 0.0.0.0
474
475
## Configures sentinel with tls-port parameter
476
# -- (int) TLS Port to access the sentinel service
477
tlsPort: ~
478
# tlsPort: 26385
479
480
# -- (bool) Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf
481
tlsReplication: ~
482
# tlsReplication: true
483
484
# -- It is possible to disable client side certificates authentication when "authClients" is set to "no"
485
authClients: ""
486
# authClients: "no"
487
488
## Configures sentinel with AUTH (requirepass params)
489
# -- Enables or disables sentinel AUTH (Requires `sentinel.password` to be set)
490
auth: false
491
# -- (string) A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`)
492
password: ~
493
# password: password
494
495
# -- (bool) Configures sentinel with resolve-hostnames parameter, if true sets "resolve-hostnames yes" in sentinel.conf
496
resolveHostnames: ~
497
# resolveHostnames: true
498
499
# -- (bool) Configures sentinel with announce-hostnames parameter, if true sets "announce-hostnames yes" in sentinel.conf
500
announceHostnames: ~
501
# announceHostnames: true
502
503
# -- An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass`
504
# in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`)
505
# Supports templates like "{{ .Release.Name }}-sentinel-creds"
506
existingSecret: ""
507
## Defines the key holding the sentinel password in existing secret.
508
# -- The key holding the sentinel password in an existing secret.
509
authKey: sentinel-password
510
customCommand: []
511
customArgs: []
512
# liveness probe parameters for sentinel container
513
livenessProbe:
514
enabled: true
515
# -- Initial delay in seconds for liveness probe
516
initialDelaySeconds: 30
517
# -- Period in seconds after which liveness probe will be repeated
518
periodSeconds: 15
519
# -- Timeout seconds for liveness probe
520
timeoutSeconds: 15
521
# -- Success threshold for liveness probe
522
successThreshold: 1
523
# -- Failure threshold for liveness probe
524
failureThreshold: 5
525
# readiness probe parameters for sentinel container
526
readinessProbe:
527
enabled: true
528
# -- Initial delay in seconds for readiness probe
529
initialDelaySeconds: 30
530
# -- Period in seconds after which readiness probe will be repeated
531
periodSeconds: 15
532
# -- Timeout seconds for readiness probe
533
timeoutSeconds: 15
534
# -- Success threshold for readiness probe
535
successThreshold: 3
536
# -- Failure threshold for readiness probe
537
failureThreshold: 5
538
# -- Startup probe parameters for redis container
539
startupProbe:
540
# -- Enable Startup Probe
541
enabled: true
542
# -- Initial delay in seconds for startup probe
543
initialDelaySeconds: 5
544
# -- Period in seconds after which startup probe will be repeated
545
periodSeconds: 10
546
# -- Timeout seconds for startup probe
547
timeoutSeconds: 15
548
# -- Success threshold for startup probe
549
successThreshold: 1
550
# -- Failure threshold for startup probe
551
failureThreshold: 3
552
# -- Minimum number of nodes expected to be live.
553
quorum: 2
554
# -- Valid sentinel config options in this section will be applied as config options to each sentinel (see below)
555
# @default -- see values.yaml
556
config:
557
## Additional sentinel conf options can be added below. Only options that
558
## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will
559
## be properly templated expect maxclients option.
560
## For available options see http://download.redis.io/redis-stable/sentinel.conf
561
down-after-milliseconds: 10000
562
## Failover timeout value in milliseconds
563
failover-timeout: 180000
564
parallel-syncs: 5
565
maxclients: 10000
566
## Custom sentinel.conf files used to override default settings. If this file is
567
## specified then the sentinel.config above will be ignored.
568
# -- Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored
569
customConfig: ""
570
# customConfig: |-
571
# Define configuration here
572
573
# -- CPU/Memory for sentinel node resource requests/limits
574
resources: {}
575
# requests:
576
# memory: 200Mi
577
# cpu: 100m
578
# limits:
579
# memory: 200Mi
580
581
# -- Container Lifecycle Hooks for sentinel container.
582
# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
583
lifecycle: {}
584
# -- additional volumeMounts for Sentinel container
585
extraVolumeMounts: []
586
# - name: empty
587
# mountPath: /empty
588
# -- Security context to be added to the Redis StatefulSet.
589
securityContext:
590
runAsUser: 1000
591
fsGroup: 1000
592
runAsNonRoot: true
593
## Assuming your kubelet allows it, you can the following instructions to configure
594
## specific sysctl parameters
595
##
596
# sysctls:
597
# - name: net.core.somaxconn
598
# value: '10000'
599
# -- Security context to be added to the Redis containers.
600
containerSecurityContext:
601
runAsUser: 1000
602
runAsNonRoot: true
603
allowPrivilegeEscalation: false
604
seccompProfile:
605
type: RuntimeDefault
606
capabilities:
607
drop:
608
- ALL
609
## Node labels, affinity, and tolerations for pod assignment
610
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
611
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
612
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
613
# -- Node labels for pod assignment
614
nodeSelector: {}
615
## -- Tolerations for pod assignment
616
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
617
tolerations: []
618
# -- Whether the Redis server pods should be forced to run on separate nodes.
619
## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred.
620
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
621
hardAntiAffinity: true
622
# -- Additional affinities to add to the Redis server pods.
623
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
624
additionalAffinities: {}
625
##
626
## Example:
627
## nodeAffinity:
628
## preferredDuringSchedulingIgnoredDuringExecution:
629
## - weight: 50
630
## preference:
631
## matchExpressions:
632
## - key: spot
633
## operator: NotIn
634
## values:
635
## - "true"
636
##
637
638
# -- Override all other affinity settings for the Redis server pods with a string.
639
affinity: ""
640
##
641
## Example:
642
## affinity: |
643
## podAntiAffinity:
644
## requiredDuringSchedulingIgnoredDuringExecution:
645
## - labelSelector:
646
## matchLabels:
647
## app: {{ template "redis-ha.name" . }}
648
## release: {{ .Release.Name }}
649
## topologyKey: kubernetes.io/hostname
650
## preferredDuringSchedulingIgnoredDuringExecution:
651
## - weight: 100
652
## podAffinityTerm:
653
## labelSelector:
654
## matchLabels:
655
## app: {{ template "redis-ha.name" . }}
656
## release: {{ .Release.Name }}
657
## topologyKey: failure-domain.beta.kubernetes.io/zone
658
##
659
660
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
661
topologySpreadConstraints:
662
# -- Enable topology spread constraints
663
enabled: false
664
# -- Max skew of pods tolerated
665
maxSkew: ""
666
# -- Topology key for spread constraints
667
topologyKey: ""
668
# -- Enforcement policy, hard or soft
669
whenUnsatisfiable: ""
670
# Prometheus exporter specific configuration options
671
exporter:
672
# -- If `true`, the prometheus exporter sidecar is enabled
673
enabled: false
674
# -- Exporter image
675
image: cgr.dev/chainguard-private/prometheus-redis-exporter
676
# -- Exporter image tag
677
tag: latest@sha256:a728f1ed4fb5a901ea79dbc564f0e7e71c00bc80d9f3f5e0b170852b83ce49c0
678
# -- Exporter image pullPolicy
679
pullPolicy: IfNotPresent
680
# -- Exporter port
681
port: &exporter_port 9121
682
# -- Exporter port name
683
portName: exporter-port
684
# -- Exporter scrape path
685
scrapePath: &exporter_scrapePath /metrics
686
# -- Address/Host for Redis instance.
687
# Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments
688
address: localhost
689
## Set this to true if you want to connect to redis tls port
690
# sslEnabled: true
691
692
# -- cpu/memory resource limits/requests
693
resources: {}
694
# -- Additional args for redis exporter
695
extraArgs: {}
696
# -- A custom custom Lua script that will be mounted to exporter for collection of custom metrics.
697
# Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`.
698
script: ""
699
# Used to mount a LUA-Script via config map and use it for metrics-collection
700
# script: |
701
# -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua
702
# -- Example collect script for -script option
703
# -- This returns a Lua table with alternating keys and values.
704
# -- Both keys and values must be strings, similar to a HGETALL result.
705
# -- More info about Redis Lua scripting: https://redis.io/commands/eval
706
#
707
# local result = {}
708
#
709
# -- Add all keys and values from some hash in db 5
710
# redis.call("SELECT", 5)
711
# local r = redis.call("HGETALL", "some-hash-with-stats")
712
# if r ~= nil then
713
# for _,v in ipairs(r) do
714
# table.insert(result, v) -- alternating keys and values
715
# end
716
# end
717
#
718
# -- Set foo to 42
719
# table.insert(result, "foo")
720
# table.insert(result, "42") -- note the string, use tostring() if needed
721
#
722
# return result
723
724
serviceMonitor:
725
# -- When set true then use a ServiceMonitor to configure scraping
726
enabled: false
727
# -- Set the namespace the ServiceMonitor should be deployed
728
# @default -- `.Release.Namespace`
729
namespace: ""
730
# -- Set how frequently Prometheus should scrape (default is 30s)
731
interval: ""
732
# -- Set path to redis-exporter telemtery-path (default is /metrics)
733
telemetryPath: ""
734
# -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
735
labels: {}
736
# -- Set timeout for scrape (default is 10s)
737
timeout: ""
738
# -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more.
739
endpointAdditionalProperties: {}
740
# -- Disable API Check on ServiceMonitor
741
disableAPICheck: false
742
# RelabelConfigs to apply to samples before scraping.
743
relabelings: []
744
# - sourceLabels: [__meta_kubernetes_pod_node_name]
745
# separator: ;
746
# regex: ^(.*)$
747
# targetLabel: nodename
748
# replacement: $1
749
# action: replace
750
751
# MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
752
metricRelabelings: []
753
# - action: keep
754
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
755
# sourceLabels: [__name__]
756
# prometheus exporter SCANS redis db which can take some time
757
# allow different probe settings to not let container crashloop
758
livenessProbe:
759
httpGet:
760
# -- Exporter liveness probe httpGet path
761
path: *exporter_scrapePath
762
# -- Exporter liveness probe httpGet port
763
port: *exporter_port
764
# -- Initial delay in seconds for liveness probe of exporter
765
initialDelaySeconds: 15
766
# -- Timeout seconds for liveness probe of exporter
767
timeoutSeconds: 3
768
# -- Period in seconds after which liveness probe will be repeated
769
periodSeconds: 15
770
readinessProbe:
771
httpGet:
772
# -- Exporter readiness probe httpGet path
773
path: *exporter_scrapePath
774
# -- Exporter readiness probe httpGet port
775
port: *exporter_port
776
# -- Initial delay in seconds for readiness probe of exporter
777
initialDelaySeconds: 15
778
# -- Timeout seconds for readiness probe of exporter
779
timeoutSeconds: 3
780
# -- Period in seconds after which readiness probe will be repeated
781
periodSeconds: 15
782
# -- Success threshold for readiness probe of exporter
783
successThreshold: 2
784
# -- Pod Disruption Budget rules
785
podDisruptionBudget: {}
786
# Use only one of the two
787
# maxUnavailable: 1
788
# minAvailable: 1
789
790
# -- Configures redis with AUTH (requirepass & masterauth conf params)
791
auth: false
792
# -- (string) A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`)
793
redisPassword: ~
794
# -- Annotations for auth secret
795
authSecretAnnotations: {}
796
## Use existing secret containing key `authKey` (ignores redisPassword)
797
## Can also store AWS S3 or SSH secrets in this secret
798
## Supports templates like "{{ .Release.Name }}-creds"
799
# -- An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf
800
# parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`)
801
existingSecret: ~
802
# -- Defines the key holding the redis password in existing secret.
803
authKey: auth
804
persistentVolume:
805
# -- Enable persistent volume
806
enabled: true
807
## redis-ha data Persistent Volume Storage Class
808
## If defined, storageClassName: <storageClass>
809
## If set to "-", storageClassName: "", which disables dynamic provisioning
810
## If undefined (the default) or set to null, no storageClassName spec is
811
## set, choosing the default provisioner. (gp2 on AWS, standard on
812
## GKE, AWS & OpenStack)
813
##
814
# storageClass: "-"
815
# -- redis-ha data Persistent Volume Storage Class
816
storageClass: ~
817
# -- Persistent volume access modes
818
accessModes:
819
- ReadWriteOnce
820
# -- Persistent volume size
821
size: 10Gi
822
# -- Annotations for the volume
823
annotations: {}
824
# -- Labels for the volume
825
labels: {}
826
init:
827
# -- Extra init resources
828
resources: {}
829
# To use a hostPath for data, set persistentVolume.enabled to false
830
# and define hostPath.path.
831
# Warning: this might overwrite existing folders on the host system!
832
hostPath:
833
# -- Use this path on the host for data storage.
834
# path is evaluated as template so placeholders are replaced
835
path: ""
836
# path: "/data/{{ .Release.Name }}"
837
838
# -- if chown is true, an init-container with root permissions is launched to
839
# change the owner of the hostPath folder to the user defined in the
840
# security context
841
chown: true
842
# -- Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified
843
emptyDir: {}
844
tls:
845
## Fill the name of secret if you want to use your own TLS certificates.
846
## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file
847
## Supports templates like "{{ .Release.Name }}-tls"
848
## This secret will be generated using files from certs folder if the secretName is not set and redis.tlsPort is set
849
# secretName: tls-secret
850
851
# -- Name of certificate file
852
certFile: redis.crt
853
# -- Name of key file
854
keyFile: redis.key
855
# -- (string) Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh)
856
dhParamsFile: ~
857
# -- Name of CA certificate file
858
caCertFile: ca.crt
859
# restore init container is executed if restore.[s3|ssh].source is not false
860
# restore init container creates /data/dump.rdb_ from original if exists
861
# restore init container overrides /data/dump.rdb
862
# secrets are stored into environment of init container - stored encoded on k8s
863
# REQUIRED for s3 restore: AWS 'access_key' and 'secret_key' or stored in existingSecret
864
# EXAMPLE source for s3 restore: 's3://bucket/dump.rdb'
865
# REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----'
866
# EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb'
867
# REQUIRED for redis restore: 'source' should be in form of redis connection uri: 'redis://[username:password@]host:port[/db]'
868
# EXAMPLE source for redis restore: 'redis://username:password@localhost:6379'
869
restore:
870
# -- Timeout for the restore
871
timeout: 600
872
# -- Set existingSecret to true to use secret specified in existingSecret above
873
existingSecret: false
874
s3:
875
# -- Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false
876
source: ""
877
# If using existingSecret, that secret must contain:
878
# AWS_SECRET_ACCESS_KEY: <YOUR_ACCESS_KEY:>
879
# AWS_ACCESS_KEY_ID: <YOUR_KEY_ID>
880
# If not set the key and ID as strings below:
881
# -- Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source
882
access_key: ""
883
# -- Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source
884
secret_key: ""
885
# -- Restore init container - AWS AWS_REGION to access restore.s3.source
886
region: ""
887
ssh:
888
# -- Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false
889
source: ""
890
# -- Restore init container - SSH private key to scp restore.ssh.source to init container.
891
# Key should be in one line separated with \n.
892
# i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----`
893
key: ""
894
redis:
895
source: ""
896
## Custom PrometheusRule to be defined
897
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
898
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
899
prometheusRule:
900
# -- If true, creates a Prometheus Operator PrometheusRule.
901
enabled: false
902
# -- Additional labels to be set in metadata.
903
additionalLabels: {}
904
# -- Namespace which Prometheus is running in.
905
namespace:
906
# -- How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set).
907
interval: 10s
908
# -- Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule).
909
rules: []
910
# Example:
911
# - alert: RedisPodDown
912
# expr: |
913
# redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
914
# for: 5m
915
# labels:
916
# severity: critical
917
# annotations:
918
# description: Redis pod {{ "{{ $labels.pod }}" }} is down
919
# summary: Redis pod {{ "{{ $labels.pod }}" }} is down
920
# -- Extra init containers to include in StatefulSet
921
extraInitContainers: []
922
# - name: extraInit
923
# image: alpine
924
925
# -- Extra containers to include in StatefulSet
926
extraContainers: []
927
# - name: extra
928
# image: alpine
929
930
# -- Extra volumes to include in StatefulSet
931
extraVolumes: []
932
# - name: empty
933
# emptyDir: {}
934
935
# -- Labels added here are applied to all created resources
936
extraLabels: {}
937
networkPolicy:
938
# -- whether NetworkPolicy for Redis StatefulSets should be created.
939
# when enabled, inter-Redis connectivity is created
940
enabled: false
941
# -- Annotations for NetworkPolicy
942
annotations: {}
943
# -- Labels for NetworkPolicy
944
labels: {}
945
# -- User defined ingress rules that Redis should permit into.
946
# Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
947
ingressRules: []
948
# - selectors:
949
# - namespaceSelector:
950
# matchLabels:
951
# name: my-redis-client-namespace
952
# podSelector:
953
# matchLabels:
954
# application: redis-client
955
## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel)
956
# ports:
957
# - port: 6379
958
# protocol: TCP
959
# - port: 26379
960
# protocol: TCP
961
962
# -- user can define egress rules too, uses the same structure as ingressRules
963
egressRules:
964
- selectors:
965
# -- Allow all destinations for DNS traffic
966
- namespaceSelector: {}
967
- ipBlock:
968
# Cloud Provider often uses the local link local range to host managed DNS resolvers.
969
# We need to allow this range to ensure that the Redis pods can resolve DNS.
970
# Example architecture for GCP Cloud DNS: https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns#architecture
971
cidr: 169.254.0.0/16
972
ports:
973
- port: 53
974
protocol: UDP
975
- port: 53
976
protocol: TCP
977
splitBrainDetection:
978
# -- Interval between redis sentinel and server split brain checks (in seconds)
979
interval: 60
980
retryInterval: 10
981
# -- splitBrainDetection resources
982
resources: {}
983
# liveness probe parameters for split brain container
984
livenessProbe:
985
# -- Initial delay in seconds for liveness probe
986
initialDelaySeconds: 30
987
# -- Period in seconds after which liveness probe will be repeated
988
periodSeconds: 15
989
# -- Timeout seconds for liveness probe
990
timeoutSeconds: 15
991
# -- Success threshold for liveness probe
992
successThreshold: 1
993
# -- Failure threshold for liveness probe
994
failureThreshold: 5
995
exec:
996
command:
997
- cat
998
- /readonly-config/redis.conf
999
# readiness probe parameters for split brain container
1000
readinessProbe:
1001
# -- Initial delay in seconds for readiness probe
1002
initialDelaySeconds: 30
1003
# -- Period in seconds after which readiness probe will be repeated
1004
periodSeconds: 15
1005
# -- Timeout seconds for readiness probe
1006
timeoutSeconds: 15
1007
# -- Success threshold for readiness probe
1008
successThreshold: 1
1009
# -- Failure threshold for readiness probe
1010
failureThreshold: 5
1011
exec:
1012
command:
1013
- sh
1014
- -c
1015
- test -d /proc/1
1016
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.