dandydeveloper-redis-ha
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
## Globally shared configuration
2
global:
3
# -- Default priority class for all components
4
priorityClassName: ""
5
# -- Openshift compatibility options
6
compatibility:
7
openshift:
8
adaptSecurityContext: auto
9
## -- Image information for Redis HA
10
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
11
##
12
image:
13
# -- Redis image repository
14
repository: chainreg.biz/chainguard-private/redis
15
# -- Redis image tag
16
tag: latest@sha256:d0d6164caed0c9963b87b59b072830e556a3d50d667ff1d67b17c144a7ccefb4
17
# -- Redis image pull policy
18
pullPolicy: IfNotPresent
19
# -- Full name of the Redis HA Resources
20
fullnameOverride: ""
21
# -- Name override for Redis HA resources
22
nameOverride: ""
23
## Reference to one or more secrets to be used when pulling images
24
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
25
## This imagePullSecrets is only for redis images
26
##
27
# -- Reference to one or more secrets to be used when pulling redis images
28
imagePullSecrets: []
29
# - name: "image-pull-secret"
30
31
# -- Number of redis master/slave
32
replicas: 3
33
## Customize the statefulset pod management policy:
34
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
35
# -- The statefulset pod management policy
36
podManagementPolicy: OrderedReady
37
## read-only replicas
38
## indexed slaves get never promoted to be master
39
## index starts with 0 - which is master on init
40
## i.e. "8,9" means 8th and 9th slave will be replica with replica-priority=0
41
## see also: https://redis.io/topics/sentinel
42
# -- Comma separated list of slaves which never get promoted to be master.
43
# Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0.
44
ro_replicas: ""
45
# -- Kubernetes priorityClass name for the redis-ha-server pod
46
priorityClassName: ""
47
# -- Custom labels for the redis pod
48
labels: {}
49
# -- Custom labels for redis service
50
serviceLabels: {}
51
## Custom labels for the redis configmap
52
configmap:
53
# -- Custom labels for the redis configmap
54
labels: {}
55
## ConfigMap Test Parameters
56
configmapTest:
57
# -- Image for redis-ha-configmap-test hook
58
image:
59
# -- Repository of the configmap shellcheck test image.
60
repository: chainreg.biz/chainguard-private/busybox
61
# -- Tag of the configmap shellcheck test image.
62
tag: latest@sha256:655f0f89892d3134b1c3dfa0eded3c451b1f2d39916d829753f28c889a547bd5
63
# -- Resources for the ConfigMap test pod
64
resources: {}
65
## Pods Service Account
66
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
67
serviceAccount:
68
# -- Specifies whether a ServiceAccount should be created
69
create: true
70
# -- The name of the ServiceAccount to use.
71
# If not set and create is true, a name is generated using the redis-ha.fullname template
72
name: ""
73
# -- opt in/out of automounting API credentials into container.
74
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
75
automountToken: false
76
# -- Annotations to be added to the service account for the redis statefulset
77
annotations: {}
78
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
79
## Recommend for externally exposed Redis clusters.
80
## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
81
haproxy:
82
# -- Enabled HAProxy LoadBalancing/Proxy
83
enabled: false
84
# -- Modify HAProxy service port
85
servicePort: 6379
86
# -- Modify HAProxy deployment container port
87
containerPort: 6379
88
# -- Enable TLS termination on HAproxy, This will create a volume mount
89
tls:
90
# -- If "true" this will enable TLS termination on haproxy
91
enabled: false
92
# -- Secret containing the .pem file
93
# Supports templates like "{{ .Release.Name }}-haproxy-tls"
94
secretName: ""
95
# -- Key file name
96
keyName:
97
# -- Path to mount the secret that contains the certificates. haproxy
98
certMountPath: /tmp/
99
# -- Enable read-only redis-slaves
100
readOnly:
101
# -- Enable if you want a dedicated port in haproxy for redis-slaves
102
enabled: false
103
# -- Port for the read-only redis-slaves
104
port: 6380
105
# -- Additional ports to expose on HAProxy service and deployment
106
# Each port should have a name, containerPort, and optionally servicePort (defaults to containerPort)
107
additionalPorts: []
108
# Example:
109
# additionalPorts:
110
# - name: custom-port
111
# containerPort: 8080
112
# servicePort: 8080
113
# - name: another-port
114
# containerPort: 9090
115
# -- Number of HAProxy instances
116
replicas: 3
117
# -- Deployment strategy for the haproxy deployment
118
deploymentStrategy:
119
type: RollingUpdate
120
# rollingUpdate:
121
# maxSurge: 25%
122
# maxUnavailable: 25%
123
image:
124
# -- HAProxy Image Repository
125
repository: chainreg.biz/chainguard-private/haproxy
126
# -- HAProxy Image Tag
127
tag: latest@sha256:bca6d5d8a4829789d8ff3d0116161e57dd7801dd7407d02093dba985895cd653
128
# -- HAProxy Image PullPolicy
129
pullPolicy: IfNotPresent
130
# -- Custom labels for the haproxy pod
131
labels: {}
132
# -- Reference to one or more secrets to be used when pulling images
133
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
134
imagePullSecrets: []
135
# - name: "image-pull-secret"
136
137
# -- HAProxy template annotations
138
annotations: {}
139
# -- HAProxy deployment annotations
140
deploymentAnnotations: {}
141
# -- Annotations to be added to the HAProxy deployment pods
142
podAnnotations: {}
143
# -- HAProxy resources
144
resources: {}
145
# -- Configuration of `emptyDir`
146
emptyDir: {}
147
# -- Pod Disruption Budget
148
# ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
149
podDisruptionBudget: {}
150
# Use only one of the two
151
# maxUnavailable: 1
152
# minAvailable: 1
153
154
## Enable sticky sessions to Redis nodes via HAProxy
155
## Very useful for long-living connections as in case of Sentry for example
156
# -- HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown.
157
stickyBalancing: false
158
# -- Kubernetes priorityClass name for the haproxy pod
159
priorityClassName: ""
160
## Service for HAProxy
161
service:
162
# -- HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort"
163
type: ClusterIP
164
# -- HAProxy service clusterIP. Set to "None" to create a headless service.
165
clusterIP: ""
166
# -- (int) HAProxy service nodePort value (haproxy.service.type must be NodePort)
167
nodePort: ~
168
# -- HAProxy service loadbalancer IP
169
loadBalancerIP:
170
# -- (string) HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer)
171
externalTrafficPolicy: ~
172
# -- HAProxy external IPs
173
externalIPs: {}
174
# -- HAProxy service labels
175
labels: {}
176
# -- HAProxy service annotations
177
annotations: null
178
# -- List of CIDR's allowed to connect to LoadBalancer
179
loadBalancerSourceRanges: []
180
# -- HAProxy service IP family policy for dual-stack clusters
181
ipFamilyPolicy: ""
182
# -- HAProxy service IP families (e.g. ["IPv4", "IPv6"] for dual-stack)
183
ipFamilies: []
184
# -- HAProxy serviceAccountName
185
serviceAccountName: redis-sa
186
serviceAccount:
187
# -- Specifies whether a ServiceAccount should be created
188
create: true
189
automountToken: true
190
## Official HAProxy embedded prometheus metrics settings.
191
## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
192
##
193
metrics:
194
# -- HAProxy enable prometheus metric scraping
195
enabled: false
196
# -- HAProxy prometheus metrics scraping port
197
port: 9101
198
# -- HAProxy metrics scraping port name
199
portName: http-exporter-port
200
# -- HAProxy prometheus metrics scraping path
201
scrapePath: /metrics
202
serviceMonitor:
203
# -- When set true then use a ServiceMonitor to configure scraping
204
enabled: false
205
# -- Set the namespace the ServiceMonitor should be deployed
206
# @default -- `.Release.Namespace`
207
namespace: ""
208
# -- Set how frequently Prometheus should scrape (default is 30s)
209
interval: ""
210
# -- Set path to redis-exporter telemtery-path (default is /metrics)
211
telemetryPath: ""
212
# -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
213
labels: {}
214
# -- Set timeout for scrape (default is 10s)
215
timeout: ""
216
# -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more.
217
endpointAdditionalProperties: {}
218
# -- Disable API Check on ServiceMonitor
219
disableAPICheck: false
220
init:
221
# -- Extra init resources
222
resources: {}
223
timeout:
224
# -- haproxy.cfg `timeout connect` setting
225
connect: 4s
226
# -- haproxy.cfg `timeout server` setting
227
server: 330s
228
# -- haproxy.cfg `timeout client` setting
229
client: 330s
230
# -- haproxy.cfg `timeout check` setting
231
check: 2s
232
# -- haproxy.cfg `timeout tunnel` setting
233
tunnel: 1h
234
# -- haproxy.cfg `check inter` setting
235
checkInterval: 1s
236
# -- haproxy.cfg `check fall` setting
237
checkFall: 1
238
# -- Security context to be added to the HAProxy deployment.
239
securityContext:
240
runAsUser: 65532
241
fsGroup: 65532
242
runAsNonRoot: true
243
# -- Security context to be added to the HAProxy containers.
244
containerSecurityContext:
245
runAsNonRoot: true
246
allowPrivilegeEscalation: false
247
seccompProfile:
248
type: RuntimeDefault
249
capabilities:
250
drop:
251
- ALL
252
add:
253
- NET_BIND_SERVICE
254
# -- Whether the haproxy pods should be forced to run on separate nodes.
255
hardAntiAffinity: true
256
# -- Additional affinities to add to the haproxy pods.
257
additionalAffinities: {}
258
# -- Override all other affinity settings for the haproxy pods with a string.
259
affinity: ""
260
## Custom config-haproxy.cfg files used to override default settings. If this file is
261
## specified then the config-haproxy.cfg above will be ignored.
262
# -- (string) Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten
263
customConfig: ~
264
# customConfig: |-
265
# Define configuration here
266
267
## Place any additional configuration section to add to the default config-haproxy.cfg
268
# -- (string) Allows to place any additional configuration section to add to the default config-haproxy.cfg
269
extraConfig: ~
270
# extraConfig: |-
271
# Define configuration here
272
273
# -- Container lifecycle hooks.
274
# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
275
lifecycle: {}
276
## HAProxy test related options
277
tests:
278
# -- Pod resources for the tests against HAProxy.
279
resources: {}
280
## Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default.
281
IPv6:
282
# -- Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default.
283
enabled: true
284
networkPolicy:
285
# -- whether NetworkPolicy for Haproxy should be created
286
enabled: false
287
# -- Annotations for Haproxy NetworkPolicy
288
annotations: {}
289
# -- Labels for Haproxy NetworkPolicy
290
labels: {}
291
# -- user defined ingress rules that Haproxy should permit into.
292
# uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
293
ingressRules: []
294
# - selectors:
295
# - namespaceSelector:
296
# matchLabels:
297
# name: my-redis-client-namespace
298
# podSelector:
299
# matchLabels:
300
# application: redis-client
301
## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel)
302
# ports:
303
# - port: 6379
304
# protocol: TCP
305
# - port: 26379
306
# protocol: TCP
307
308
# -- user can define egress rules too, uses the same structure as ingressRules
309
egressRules: []
310
## Role Based Access
311
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
312
##
313
rbac:
314
# -- Create and use RBAC resources
315
create: true
316
# NOT RECOMMENDED: Additional container in which you can execute arbitrary commands to update sysctl parameters
317
# You can now use securityContext.sysctls to leverage this capability
318
# Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
319
##
320
sysctlImage:
321
# -- Enable an init container to modify Kernel settings
322
enabled: false
323
# -- sysctlImage command to execute
324
command: []
325
# -- sysctlImage Init container registry
326
registry: chainreg.biz
327
# -- sysctlImage Init container name
328
repository: chainguard-private/busybox
329
# -- sysctlImage Init container tag
330
tag: latest@sha256:655f0f89892d3134b1c3dfa0eded3c451b1f2d39916d829753f28c889a547bd5
331
# -- sysctlImage Init container pull policy
332
pullPolicy: Always
333
# -- Mount the host `/sys` folder to `/host-sys`
334
mountHostSys: false
335
# -- sysctlImage resources
336
resources: {}
337
# -- Use an alternate scheduler, e.g. "stork".
338
# ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
339
schedulerName: ""
340
## Redis specific configuration options
341
redis:
342
# -- Port to access the redis service
343
port: 6379
344
# -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
345
masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated
346
# -- Allows overriding the redis container command
347
customCommand: []
348
# - bash
349
350
# -- Allows overriding the redis container arguments
351
customArgs: []
352
# - "custom-startup.sh"
353
354
# -- Load environment variables from ConfigMap/Secret
355
envFrom: []
356
# - secretRef:
357
# name: add-env-secret
358
359
# -- Configure the 'minReadySeconds' parameter to StatefulSet
360
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minreadyseconds
361
minReadySeconds: 0
362
## Configures redis with tls-port parameter
363
# -- (int) TLS Port to access the redis service
364
tlsPort: ~
365
# tlsPort: 6385
366
367
# -- (bool) Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf
368
tlsReplication: ~
369
# -- It is possible to disable client side certificates authentication when "authClients" is set to "no"
370
authClients: ""
371
# authClients: "no"
372
373
# -- Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s)
374
# ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced
375
terminationGracePeriodSeconds: 60
376
# -- Liveness probe parameters for redis container
377
livenessProbe:
378
# -- Enable the Liveness Probe
379
enabled: true
380
# -- Initial delay in seconds for liveness probe
381
initialDelaySeconds: 30
382
# -- Period in seconds after which liveness probe will be repeated
383
periodSeconds: 15
384
# -- Timeout seconds for liveness probe
385
timeoutSeconds: 15
386
# -- Success threshold for liveness probe
387
successThreshold: 1
388
# -- Failure threshold for liveness probe
389
failureThreshold: 5
390
# -- Readiness probe parameters for redis container
391
readinessProbe:
392
# -- Enable the Readiness Probe
393
enabled: true
394
# -- Initial delay in seconds for readiness probe
395
initialDelaySeconds: 30
396
# -- Period in seconds after which readiness probe will be repeated
397
periodSeconds: 15
398
# -- Timeout seconds for readiness probe
399
timeoutSeconds: 15
400
# -- Success threshold for readiness probe
401
successThreshold: 1
402
# -- Failure threshold for readiness probe
403
failureThreshold: 5
404
# -- Startup probe parameters for redis container
405
startupProbe:
406
# -- Enable Startup Probe
407
enabled: true
408
# -- Initial delay in seconds for startup probe
409
initialDelaySeconds: 30
410
# -- Period in seconds after which startup probe will be repeated
411
periodSeconds: 15
412
# -- Timeout seconds for startup probe
413
timeoutSeconds: 15
414
# -- Success threshold for startup probe
415
successThreshold: 1
416
# -- Failure threshold for startup probe
417
failureThreshold: 5
418
# -- Array with commands to disable
419
disableCommands:
420
- FLUSHDB
421
- FLUSHALL
422
# -- Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below)
423
# @default -- see values.yaml
424
config:
425
## -- Additional redis conf options can be added below
426
## -- For all available options see http://download.redis.io/redis-stable/redis.conf
427
min-replicas-to-write: 1
428
# -- Value in seconds
429
min-replicas-max-lag: 5
430
# -- Max memory to use for each redis instance. Default is unlimited.
431
maxmemory: "0"
432
# -- Max memory policy to use for each redis instance. Default is volatile-lru.
433
maxmemory-policy: "volatile-lru"
434
# -- Determines if scheduled RDB backups are created. Default is false.
435
# -- Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication.
436
save: "900 1"
437
# -- When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false.
438
repl-diskless-sync: "yes"
439
rdbcompression: "yes"
440
rdbchecksum: "yes"
441
# -- (string) Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored
442
customConfig: ~
443
# customConfig: |-
444
# Define configuration here
445
446
# -- CPU/Memory for master/slave nodes resource requests/limits
447
resources: {}
448
# requests:
449
# memory: 200Mi
450
# cpu: 100m
451
# limits:
452
# memory: 700Mi
453
454
# -- Container Lifecycle Hooks for redis container
455
# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
456
# @default -- see values.yaml
457
lifecycle:
458
preStop:
459
exec:
460
command: ["/bin/sh", "/readonly-config/trigger-failover-if-master.sh"]
461
# -- Annotations for the redis statefulset
462
annotations: {}
463
# -- Annotations to be added to the redis statefulset pods
464
podAnnotations: {}
465
# -- Update strategy for Redis StatefulSet
466
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
467
updateStrategy:
468
type: RollingUpdate
469
# -- additional volumeMounts for Redis container
470
extraVolumeMounts: []
471
# - name: empty
472
# mountPath: /empty
473
## Sentinel specific configuration options
474
sentinel:
475
# -- Port to access the sentinel service
476
port: 26379
477
## Configure the 'bind' directive to bind to a list of network interfaces
478
bind: ~
479
# bind: 0.0.0.0
480
481
## Configures sentinel with tls-port parameter
482
# -- (int) TLS Port to access the sentinel service
483
tlsPort: ~
484
# tlsPort: 26385
485
486
# -- (bool) Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf
487
tlsReplication: ~
488
# tlsReplication: true
489
490
# -- It is possible to disable client side certificates authentication when "authClients" is set to "no"
491
authClients: ""
492
# authClients: "no"
493
494
## Configures sentinel with AUTH (requirepass params)
495
# -- Enables or disables sentinel AUTH (Requires `sentinel.password` to be set)
496
auth: false
497
# -- (string) A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`)
498
password: ~
499
# password: password
500
501
# -- (bool) Configures sentinel with resolve-hostnames parameter, if true sets "resolve-hostnames yes" in sentinel.conf
502
resolveHostnames: ~
503
# resolveHostnames: true
504
505
# -- (bool) Configures sentinel with announce-hostnames parameter, if true sets "announce-hostnames yes" in sentinel.conf
506
announceHostnames: ~
507
# announceHostnames: true
508
509
# -- An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass`
510
# in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`)
511
# Supports templates like "{{ .Release.Name }}-sentinel-creds"
512
existingSecret: ""
513
## Defines the key holding the sentinel password in existing secret.
514
# -- The key holding the sentinel password in an existing secret.
515
authKey: sentinel-password
516
customCommand: []
517
customArgs: []
518
# liveness probe parameters for sentinel container
519
livenessProbe:
520
enabled: true
521
# -- Initial delay in seconds for liveness probe
522
initialDelaySeconds: 30
523
# -- Period in seconds after which liveness probe will be repeated
524
periodSeconds: 15
525
# -- Timeout seconds for liveness probe
526
timeoutSeconds: 15
527
# -- Success threshold for liveness probe
528
successThreshold: 1
529
# -- Failure threshold for liveness probe
530
failureThreshold: 5
531
# readiness probe parameters for sentinel container
532
readinessProbe:
533
enabled: true
534
# -- Initial delay in seconds for readiness probe
535
initialDelaySeconds: 30
536
# -- Period in seconds after which readiness probe will be repeated
537
periodSeconds: 15
538
# -- Timeout seconds for readiness probe
539
timeoutSeconds: 15
540
# -- Success threshold for readiness probe
541
successThreshold: 3
542
# -- Failure threshold for readiness probe
543
failureThreshold: 5
544
# -- Startup probe parameters for redis container
545
startupProbe:
546
# -- Enable Startup Probe
547
enabled: true
548
# -- Initial delay in seconds for startup probe
549
initialDelaySeconds: 5
550
# -- Period in seconds after which startup probe will be repeated
551
periodSeconds: 10
552
# -- Timeout seconds for startup probe
553
timeoutSeconds: 15
554
# -- Success threshold for startup probe
555
successThreshold: 1
556
# -- Failure threshold for startup probe
557
failureThreshold: 3
558
# -- Minimum number of nodes expected to be live.
559
quorum: 2
560
# -- Valid sentinel config options in this section will be applied as config options to each sentinel (see below)
561
# @default -- see values.yaml
562
config:
563
## Additional sentinel conf options can be added below. Only options that
564
## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will
565
## be properly templated expect maxclients option.
566
## For available options see http://download.redis.io/redis-stable/sentinel.conf
567
down-after-milliseconds: 10000
568
## Failover timeout value in milliseconds
569
failover-timeout: 180000
570
parallel-syncs: 5
571
maxclients: 10000
572
## Custom sentinel.conf files used to override default settings. If this file is
573
## specified then the sentinel.config above will be ignored.
574
# -- Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored
575
customConfig: ""
576
# customConfig: |-
577
# Define configuration here
578
579
# -- CPU/Memory for sentinel node resource requests/limits
580
resources: {}
581
# requests:
582
# memory: 200Mi
583
# cpu: 100m
584
# limits:
585
# memory: 200Mi
586
587
# -- Container Lifecycle Hooks for sentinel container.
588
# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
589
lifecycle: {}
590
# -- additional volumeMounts for Sentinel container
591
extraVolumeMounts: []
592
# - name: empty
593
# mountPath: /empty
594
# -- Security context to be added to the Redis StatefulSet.
595
securityContext:
596
runAsUser: 1000
597
fsGroup: 1000
598
runAsNonRoot: true
599
## Assuming your kubelet allows it, you can the following instructions to configure
600
## specific sysctl parameters
601
##
602
# sysctls:
603
# - name: net.core.somaxconn
604
# value: '10000'
605
# -- Security context to be added to the Redis containers.
606
containerSecurityContext:
607
runAsUser: 1000
608
runAsNonRoot: true
609
allowPrivilegeEscalation: false
610
seccompProfile:
611
type: RuntimeDefault
612
capabilities:
613
drop:
614
- ALL
615
## Node labels, affinity, and tolerations for pod assignment
616
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
617
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
618
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
619
# -- Node labels for pod assignment
620
nodeSelector: {}
621
## -- Tolerations for pod assignment
622
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
623
tolerations: []
624
# -- Whether the Redis server pods should be forced to run on separate nodes.
625
## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred.
626
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
627
hardAntiAffinity: true
628
# -- Additional affinities to add to the Redis server pods.
629
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
630
additionalAffinities: {}
631
##
632
## Example:
633
## nodeAffinity:
634
## preferredDuringSchedulingIgnoredDuringExecution:
635
## - weight: 50
636
## preference:
637
## matchExpressions:
638
## - key: spot
639
## operator: NotIn
640
## values:
641
## - "true"
642
##
643
644
# -- Override all other affinity settings for the Redis server pods with a string.
645
affinity: ""
646
##
647
## Example:
648
## affinity: |
649
## podAntiAffinity:
650
## requiredDuringSchedulingIgnoredDuringExecution:
651
## - labelSelector:
652
## matchLabels:
653
## app: {{ template "redis-ha.name" . }}
654
## release: {{ .Release.Name }}
655
## topologyKey: kubernetes.io/hostname
656
## preferredDuringSchedulingIgnoredDuringExecution:
657
## - weight: 100
658
## podAffinityTerm:
659
## labelSelector:
660
## matchLabels:
661
## app: {{ template "redis-ha.name" . }}
662
## release: {{ .Release.Name }}
663
## topologyKey: failure-domain.beta.kubernetes.io/zone
664
##
665
666
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
667
topologySpreadConstraints:
668
# -- Enable topology spread constraints
669
enabled: false
670
# -- Max skew of pods tolerated
671
maxSkew: ""
672
# -- Topology key for spread constraints
673
topologyKey: ""
674
# -- Enforcement policy, hard or soft
675
whenUnsatisfiable: ""
676
# Prometheus exporter specific configuration options
677
exporter:
678
# -- If `true`, the prometheus exporter sidecar is enabled
679
enabled: false
680
# -- Exporter image
681
image: chainreg.biz/chainguard-private/prometheus-redis-exporter
682
# -- Exporter image tag
683
tag: latest@sha256:0eed87a35e06556f10be368b28be5541fa0dd07b609a677f8fd79c1710a358bc
684
# -- Exporter image pullPolicy
685
pullPolicy: IfNotPresent
686
# -- Exporter port
687
port: &exporter_port 9121
688
# -- Exporter port name
689
portName: exporter-port
690
# -- Exporter scrape path
691
scrapePath: &exporter_scrapePath /metrics
692
# -- Address/Host for Redis instance.
693
# Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments
694
address: localhost
695
## Set this to true if you want to connect to redis tls port
696
# sslEnabled: true
697
698
# -- cpu/memory resource limits/requests
699
resources: {}
700
# -- Additional args for redis exporter
701
extraArgs: {}
702
# -- A custom custom Lua script that will be mounted to exporter for collection of custom metrics.
703
# Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`.
704
script: ""
705
# Used to mount a LUA-Script via config map and use it for metrics-collection
706
# script: |
707
# -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua
708
# -- Example collect script for -script option
709
# -- This returns a Lua table with alternating keys and values.
710
# -- Both keys and values must be strings, similar to a HGETALL result.
711
# -- More info about Redis Lua scripting: https://redis.io/commands/eval
712
#
713
# local result = {}
714
#
715
# -- Add all keys and values from some hash in db 5
716
# redis.call("SELECT", 5)
717
# local r = redis.call("HGETALL", "some-hash-with-stats")
718
# if r ~= nil then
719
# for _,v in ipairs(r) do
720
# table.insert(result, v) -- alternating keys and values
721
# end
722
# end
723
#
724
# -- Set foo to 42
725
# table.insert(result, "foo")
726
# table.insert(result, "42") -- note the string, use tostring() if needed
727
#
728
# return result
729
730
serviceMonitor:
731
# -- When set true then use a ServiceMonitor to configure scraping
732
enabled: false
733
# -- Set the namespace the ServiceMonitor should be deployed
734
# @default -- `.Release.Namespace`
735
namespace: ""
736
# -- Set how frequently Prometheus should scrape (default is 30s)
737
interval: ""
738
# -- Set path to redis-exporter telemtery-path (default is /metrics)
739
telemetryPath: ""
740
# -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
741
labels: {}
742
# -- Set timeout for scrape (default is 10s)
743
timeout: ""
744
# -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more.
745
endpointAdditionalProperties: {}
746
# -- Disable API Check on ServiceMonitor
747
disableAPICheck: false
748
# RelabelConfigs to apply to samples before scraping.
749
relabelings: []
750
# - sourceLabels: [__meta_kubernetes_pod_node_name]
751
# separator: ;
752
# regex: ^(.*)$
753
# targetLabel: nodename
754
# replacement: $1
755
# action: replace
756
757
# MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
758
metricRelabelings: []
759
# - action: keep
760
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
761
# sourceLabels: [__name__]
762
# prometheus exporter SCANS redis db which can take some time
763
# allow different probe settings to not let container crashloop
764
livenessProbe:
765
httpGet:
766
# -- Exporter liveness probe httpGet path
767
path: *exporter_scrapePath
768
# -- Exporter liveness probe httpGet port
769
port: *exporter_port
770
# -- Initial delay in seconds for liveness probe of exporter
771
initialDelaySeconds: 15
772
# -- Timeout seconds for liveness probe of exporter
773
timeoutSeconds: 3
774
# -- Period in seconds after which liveness probe will be repeated
775
periodSeconds: 15
776
readinessProbe:
777
httpGet:
778
# -- Exporter readiness probe httpGet path
779
path: *exporter_scrapePath
780
# -- Exporter readiness probe httpGet port
781
port: *exporter_port
782
# -- Initial delay in seconds for readiness probe of exporter
783
initialDelaySeconds: 15
784
# -- Timeout seconds for readiness probe of exporter
785
timeoutSeconds: 3
786
# -- Period in seconds after which readiness probe will be repeated
787
periodSeconds: 15
788
# -- Success threshold for readiness probe of exporter
789
successThreshold: 2
790
# -- Pod Disruption Budget rules
791
podDisruptionBudget: {}
792
# Use only one of the two
793
# maxUnavailable: 1
794
# minAvailable: 1
795
796
# -- Configures redis with AUTH (requirepass & masterauth conf params)
797
auth: false
798
# -- (string) A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`)
799
redisPassword: ~
800
# -- Annotations for auth secret
801
authSecretAnnotations: {}
802
## Use existing secret containing key `authKey` (ignores redisPassword)
803
## Can also store AWS S3 or SSH secrets in this secret
804
## Supports templates like "{{ .Release.Name }}-creds"
805
# -- An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf
806
# parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`)
807
existingSecret: ~
808
# -- Defines the key holding the redis password in existing secret.
809
authKey: auth
810
persistentVolume:
811
# -- Enable persistent volume
812
enabled: true
813
## redis-ha data Persistent Volume Storage Class
814
## If defined, storageClassName: <storageClass>
815
## If set to "-", storageClassName: "", which disables dynamic provisioning
816
## If undefined (the default) or set to null, no storageClassName spec is
817
## set, choosing the default provisioner. (gp2 on AWS, standard on
818
## GKE, AWS & OpenStack)
819
##
820
# storageClass: "-"
821
# -- redis-ha data Persistent Volume Storage Class
822
storageClass: ~
823
# -- Persistent volume access modes
824
accessModes:
825
- ReadWriteOnce
826
# -- Persistent volume size
827
size: 10Gi
828
# -- Annotations for the volume
829
annotations: {}
830
# -- Labels for the volume
831
labels: {}
832
init:
833
# -- Extra init resources
834
resources: {}
835
# To use a hostPath for data, set persistentVolume.enabled to false
836
# and define hostPath.path.
837
# Warning: this might overwrite existing folders on the host system!
838
hostPath:
839
# -- Use this path on the host for data storage.
840
# path is evaluated as template so placeholders are replaced
841
path: ""
842
# path: "/data/{{ .Release.Name }}"
843
844
# -- if chown is true, an init-container with root permissions is launched to
845
# change the owner of the hostPath folder to the user defined in the
846
# security context
847
chown: true
848
# -- Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified
849
emptyDir: {}
850
tls:
851
## Fill the name of secret if you want to use your own TLS certificates.
852
## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file
853
## Supports templates like "{{ .Release.Name }}-tls"
854
## This secret will be generated using files from certs folder if the secretName is not set and redis.tlsPort is set
855
# secretName: tls-secret
856
857
# -- Name of certificate file
858
certFile: redis.crt
859
# -- Name of key file
860
keyFile: redis.key
861
# -- (string) Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh)
862
dhParamsFile: ~
863
# -- Name of CA certificate file
864
caCertFile: ca.crt
865
# restore init container is executed if restore.[s3|ssh].source is not false
866
# restore init container creates /data/dump.rdb_ from original if exists
867
# restore init container overrides /data/dump.rdb
868
# secrets are stored into environment of init container - stored encoded on k8s
869
# REQUIRED for s3 restore: AWS 'access_key' and 'secret_key' or stored in existingSecret
870
# EXAMPLE source for s3 restore: 's3://bucket/dump.rdb'
871
# REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----'
872
# EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb'
873
# REQUIRED for redis restore: 'source' should be in form of redis connection uri: 'redis://[username:password@]host:port[/db]'
874
# EXAMPLE source for redis restore: 'redis://username:password@localhost:6379'
875
restore:
876
# -- Timeout for the restore
877
timeout: 600
878
# -- Set existingSecret to true to use secret specified in existingSecret above
879
existingSecret: false
880
s3:
881
# -- Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false
882
source: ""
883
# If using existingSecret, that secret must contain:
884
# AWS_SECRET_ACCESS_KEY: <YOUR_ACCESS_KEY:>
885
# AWS_ACCESS_KEY_ID: <YOUR_KEY_ID>
886
# If not set the key and ID as strings below:
887
# -- Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source
888
access_key: ""
889
# -- Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source
890
secret_key: ""
891
# -- Restore init container - AWS AWS_REGION to access restore.s3.source
892
region: ""
893
ssh:
894
# -- Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false
895
source: ""
896
# -- Restore init container - SSH private key to scp restore.ssh.source to init container.
897
# Key should be in one line separated with \n.
898
# i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----`
899
key: ""
900
redis:
901
source: ""
902
## Custom PrometheusRule to be defined
903
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
904
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
905
prometheusRule:
906
# -- If true, creates a Prometheus Operator PrometheusRule.
907
enabled: false
908
# -- Additional labels to be set in metadata.
909
additionalLabels: {}
910
# -- Namespace which Prometheus is running in.
911
namespace:
912
# -- How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set).
913
interval: 10s
914
# -- Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule).
915
rules: []
916
# Example:
917
# - alert: RedisPodDown
918
# expr: |
919
# redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
920
# for: 5m
921
# labels:
922
# severity: critical
923
# annotations:
924
# description: Redis pod {{ "{{ $labels.pod }}" }} is down
925
# summary: Redis pod {{ "{{ $labels.pod }}" }} is down
926
# -- Extra init containers to include in StatefulSet
927
extraInitContainers: []
928
# - name: extraInit
929
# image: alpine
930
931
# -- Extra containers to include in StatefulSet
932
extraContainers: []
933
# - name: extra
934
# image: alpine
935
936
# -- Extra volumes to include in StatefulSet
937
extraVolumes: []
938
# - name: empty
939
# emptyDir: {}
940
941
# -- Labels added here are applied to all created resources
942
extraLabels: {}
943
networkPolicy:
944
# -- whether NetworkPolicy for Redis StatefulSets should be created.
945
# when enabled, inter-Redis connectivity is created
946
enabled: false
947
# -- Annotations for NetworkPolicy
948
annotations: {}
949
# -- Labels for NetworkPolicy
950
labels: {}
951
# -- User defined ingress rules that Redis should permit into.
952
# Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
953
ingressRules: []
954
# - selectors:
955
# - namespaceSelector:
956
# matchLabels:
957
# name: my-redis-client-namespace
958
# podSelector:
959
# matchLabels:
960
# application: redis-client
961
## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel)
962
# ports:
963
# - port: 6379
964
# protocol: TCP
965
# - port: 26379
966
# protocol: TCP
967
968
# -- user can define egress rules too, uses the same structure as ingressRules
969
egressRules:
970
- selectors:
971
# -- Allow all destinations for DNS traffic
972
- namespaceSelector: {}
973
- ipBlock:
974
# Cloud Provider often uses the local link local range to host managed DNS resolvers.
975
# We need to allow this range to ensure that the Redis pods can resolve DNS.
976
# Example architecture for GCP Cloud DNS: https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns#architecture
977
cidr: 169.254.0.0/16
978
ports:
979
- port: 53
980
protocol: UDP
981
- port: 53
982
protocol: TCP
983
splitBrainDetection:
984
# -- Interval between redis sentinel and server split brain checks (in seconds)
985
interval: 60
986
retryInterval: 10
987
# -- splitBrainDetection resources
988
resources: {}
989
# liveness probe parameters for split brain container
990
livenessProbe:
991
# -- Initial delay in seconds for liveness probe
992
initialDelaySeconds: 30
993
# -- Period in seconds after which liveness probe will be repeated
994
periodSeconds: 15
995
# -- Timeout seconds for liveness probe
996
timeoutSeconds: 15
997
# -- Success threshold for liveness probe
998
successThreshold: 1
999
# -- Failure threshold for liveness probe
1000
failureThreshold: 5
1001
exec:
1002
command:
1003
- cat
1004
- /readonly-config/redis.conf
1005
# readiness probe parameters for split brain container
1006
readinessProbe:
1007
# -- Initial delay in seconds for readiness probe
1008
initialDelaySeconds: 30
1009
# -- Period in seconds after which readiness probe will be repeated
1010
periodSeconds: 15
1011
# -- Timeout seconds for readiness probe
1012
timeoutSeconds: 15
1013
# -- Success threshold for readiness probe
1014
successThreshold: 1
1015
# -- Failure threshold for readiness probe
1016
failureThreshold: 5
1017
exec:
1018
command:
1019
- sh
1020
- -c
1021
- test -d /proc/1
1022
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.