Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.controlplane.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Redis is a high-performance in-memory data store. This template deploys a Redis master-replica cluster with Redis Sentinel for automatic failover and leader election.
This template does not create a GVC. You must deploy it into an existing GVC.

What Gets Created

  • Stateful Redis Workload — (RELEASE_NAME-redis): a master-replica cluster. Replica 0 starts as the primary; all others replicate from it.
  • Stateful Sentinel Workload — (RELEASE_NAME-sentinel): monitors the Redis cluster and orchestrates automatic failover when the primary becomes unavailable.
  • Secret — An opaque secret containing the Redis server configuration (redis.conf), mounted into each Redis container.
  • Secret — An opaque secret containing the Sentinel configuration (sentinel.conf), mounted into each Sentinel container.
  • Secret (optional) — A dictionary secret holding the Redis auth password, created when redis.auth.password.enabled is true.
  • Secret (optional) — A dictionary secret holding the Sentinel auth password, created when sentinel.auth.password.enabled is true.
  • Identity & Policy — Separate identities and policies for the Redis and Sentinel workloads, each with reveal access to their respective secrets, and cloud storage access when backup is enabled.
  • Volume Set (optional) — Persistent storage for Redis data, created when redis.persistence.enabled is true.
  • Volume Set (optional) — Persistent storage for Sentinel state, created when sentinel.persistence.enabled is true.
  • Domain (optional) — External domain resources for Redis and/or Sentinel when publicAccess.enabled is true.
  • Backup Cron Workload (optional) — A scheduled backup job that writes Redis snapshots to AWS S3 or GCS.

Installation

This template has no external prerequisites unless backup or public access is enabled. To install, follow the instructions for your preferred method:

UI

Browse, install, and manage templates visually

CLI

Manage templates from your terminal

Terraform

Declare templates in your Terraform configurations
Pulumi Icon Streamline Icon: https://streamlinehq.com

Pulumi

Declare templates in your Pulumi programs

Configuration

The default values.yaml for this template: 
redis:
  image: redis:7.4
  resources:
    cpu: 200m
    memory: 256Mi
    minCpu: 80m
    minMemory: 128Mi
  replicas: 2
  timeoutSeconds: 15
  multiZone: false
  replicaDirect: false
  auth:
    fromSecret:
      enabled: false
      name: example-redis-auth-password
      passwordKey: password
    password:
      enabled: false
      value: your-password
  serverCommand: redis-server
  # extraArgs: "--maxclients 20000 --maxmemory 200mb --maxmemory-policy allkeys-lru"
  publicAccess:
    enabled: false
    address: redis-test.example-cpln.com
  firewall:
    internal_inboundAllowType: same-gvc # Options: same-org / same-gvc / workload-list
    # external_inboundAllowCIDR: 0.0.0.0/0
    # inboundAllowWorkload:
    #   - //gvc/GVC_NAME/workload/WORKLOAD_NAME
    # external_outboundAllowCIDR: 0.0.0.0/0
  env: []
  dataDir: /data
  persistence:
    enabled: false
    volumes:
      data:
        initialCapacity: 10 # In GiB
        performanceClass: general-purpose-ssd # general-purpose-ssd / high-throughput-ssd (Min 1000 GiB)
        fileSystemType: ext4 # ext4 / xfs
        snapshots:
          retentionDuration: 7d
          schedule: "0 0 * * *" # UTC
        autoscaling:
          maxCapacity: 100 # In GiB
          minFreePercentage: 20
          scalingFactor: 1.2

sentinel:
  image: redis:7.4
  resources:
    cpu: 200m
    memory: 256Mi
    minCpu: 80m
    minMemory: 128Mi
  replicas: 3
  timeoutSeconds: 10
  multiZone: false
  replicaDirect: false
  quorumAutoCalculation: true # Quorum = (replicas / 2) + 1
  quorumOverride: null        # Only used if quorumAutoCalculation is false
  auth:
    fromSecret:
      enabled: false
      name: example-redis-auth-password
      passwordKey: password
    password:
      enabled: false
      value: your-password
  publicAccess:
    enabled: false
    address: redis-sentinel-test.example-cpln.com
  firewall:
    internal_inboundAllowType: same-gvc # Options: same-org / same-gvc
    # external_inboundAllowCIDR: 0.0.0.0/0
    # inboundAllowWorkload:
    #   - //gvc/GVC_NAME/workload/WORKLOAD_NAME
    # external_outboundAllowCIDR: 0.0.0.0/0
  env: []
  persistence:
    enabled: false
    volumes:
      data:
        initialCapacity: 10 # In GiB
        performanceClass: general-purpose-ssd
        fileSystemType: ext4
        snapshots:
          retentionDuration: 7d
          schedule: "0 0 * * *"
        autoscaling:
          maxCapacity: 50 # In GiB
          minFreePercentage: 20
          scalingFactor: 1.2

backup:
  enabled: false
  image: controlplanecorporation/redis-backup:1.0 # compatible with all Redis versions
  schedule: "0 2 * * *"   # daily at 2am UTC

  resources:
    cpu: 100m
    memory: 128Mi

  provider: aws # Options: aws or gcp

  aws:
    bucket: my-backup-bucket
    region: us-east-1
    cloudAccountName: my-backup-cloudaccount
    policyName: my-backup-policy
    prefix: redis/backups

  gcp:
    bucket: my-backup-bucket
    cloudAccountName: my-backup-cloudaccount
    prefix: redis/backups

Authentication

Authentication is disabled by default. Both the Redis workload and the Sentinel workload support independent auth configuration. Only one method can be enabled at a time per workload. Option 1 — Inline password (creates a secret automatically): 
redis:
  auth:
    password:
      enabled: true
      value: your-password
Option 2 — Reference an existing secret: 
redis:
  auth:
    fromSecret:
      enabled: true
      name: my-redis-secret   # Name of an existing Control Plane secret
      passwordKey: password   # Key within the secret containing the password
Sentinel can be configured with a separate password for Sentinel-to-Sentinel communication using the same options under sentinel.auth.

Redis Cluster

  • redis.replicas — Number of Redis replicas. Replica 0 is always the initial primary.
  • redis.resources.cpu / redis.resources.memory — Maximum CPU and memory per replica.
  • redis.resources.minCpu / redis.resources.minMemory — Minimum CPU and memory guaranteed per replica.
  • redis.multiZone — Spread replicas across availability zones within the location.
  • redis.extraArgs — Additional Redis server arguments (e.g. --maxmemory 200mb --maxmemory-policy allkeys-lru).

Sentinel

Sentinel monitors the Redis cluster and automatically promotes a replica when the primary fails.
  • sentinel.replicas — Number of Sentinel replicas. A minimum of 3 is required for a majority quorum.
  • sentinel.quorumAutoCalculation — When true, the quorum is calculated automatically as (replicas / 2) + 1. Set to false to use sentinel.quorumOverride.
  • sentinel.quorumOverride — Manual quorum value, used only when quorumAutoCalculation is false.
  • sentinel.resources.cpu / sentinel.resources.memory — Maximum CPU and memory per Sentinel replica.
  • sentinel.resources.minCpu / sentinel.resources.minMemory — Minimum CPU and memory guaranteed per Sentinel replica.
  • sentinel.multiZone — Spread Sentinel replicas across availability zones.

Storage

Persistence is disabled by default. When enabled, a Volume Set is created to store data across restarts. Redis persistence:
  • redis.persistence.enabled — Enable persistent storage for Redis data.
  • redis.persistence.volumes.data.initialCapacity — Initial volume size in GiB. Minimum 1000 GiB for high-throughput-ssd.
  • redis.persistence.volumes.data.performanceClassgeneral-purpose-ssd or high-throughput-ssd.
  • redis.persistence.volumes.data.fileSystemTypeext4 or xfs.
  • redis.persistence.volumes.data.snapshots.retentionDuration — How long to retain volume snapshots.
  • redis.persistence.volumes.data.snapshots.schedule — Cron expression for snapshot frequency.
  • redis.persistence.volumes.data.autoscaling.maxCapacity — Maximum volume size in GiB.
  • redis.persistence.volumes.data.autoscaling.minFreePercentage — Trigger scaling when free space drops below this percentage.
  • redis.persistence.volumes.data.autoscaling.scalingFactor — Multiply current capacity by this factor when scaling up.
Sentinel persistence uses the same options under sentinel.persistence.

Firewall

Both Redis and Sentinel firewall settings are configured independently.
  • redis.firewall.internal_inboundAllowType / sentinel.firewall.internal_inboundAllowType:
ValueDescription
same-gvcAllow access from all workloads in the same GVC (recommended)
same-orgAllow access from all workloads in the same organization
workload-listAllow access only from specific workloads
  • redis.firewall.inboundAllowWorkload — List of specific workload links when using workload-list.
  • redis.firewall.external_inboundAllowCIDR — Comma-separated CIDR ranges for external inbound access.
  • redis.firewall.external_outboundAllowCIDR — Comma-separated CIDR ranges for external outbound access.

Public Access

Redis and Sentinel can be exposed over the internet via TCP using Control Plane’s domain resource with per-replica port routing.

Prerequisites

  1. Enable Dedicated Load Balancer on your GVC — This is required for arbitrary TCP port routing. Navigate to your GVC settings in the Control Plane console and enable the Dedicated Load Balancer option.
  2. Add DNS records before deploying — Control Plane verifies domain ownership when the domain resource is first created. If the records are not in place, the deploy will fail with an Unable to apply domain error. Add the following records in your DNS provider for each address you configure, and disable any proxy (TCP must pass through directly):
TypeNameValue
TXT_cpln-<subdomain>Your Control Plane org name or org ID
CNAME<subdomain><gvc-alias>.cpln.app
Your GVC alias is visible under GVC settings in the Control Plane console.

Configuration

Enable public access for Redis and/or Sentinel, set the subdomain address, and open the external firewall: 
redis:
  publicAccess:
    enabled: true
    address: redis.your-domain.com
  firewall:
    internal_inboundAllowType: same-gvc
    external_inboundAllowCIDR: "0.0.0.0/0"  # or restrict to specific CIDRs

sentinel:
  publicAccess:
    enabled: true
    address: redis-sentinel.your-domain.com
  firewall:
    internal_inboundAllowType: same-gvc
    external_inboundAllowCIDR: "0.0.0.0/0"
external_inboundAllowCIDR must be set when public access is enabled — without it, inbound traffic from the internet will be blocked even though the domain is configured.

Port Mapping

Each replica is assigned its own external port. Port numbers increment per replica starting at:
  • Redis: 6380, 6381, 6382, … (replica 0, 1, 2, …)
  • Sentinel: 26380, 26381, 26382, … (replica 0, 1, 2, …)

Connecting Externally

# Redis replica 0 (append -a <password> if auth is enabled)
redis-cli -h redis.your-domain.com -p 6380 ping

# Redis replica 1
redis-cli -h redis.your-domain.com -p 6381 ping

# Sentinel replica 0
redis-cli -h redis-sentinel.your-domain.com -p 26380 ping
After deploying, verify the domain is resolving correctly: 
dig redis.your-domain.com CNAME   # should return <gvc-alias>.cpln.app
dig <gvc-alias>.cpln.app          # should return an IP address

Connecting to Redis

Connect to Redis internally from within the same GVC: 
RELEASE_NAME-redis.GVC_NAME.cpln.local:6379
For Sentinel-aware clients, connect through Sentinel to always reach the current primary: 
RELEASE_NAME-sentinel.GVC_NAME.cpln.local:26379
The Sentinel master name is mymaster.

Ports

WorkloadPortDescription
Redis6379Internal Redis data port
Sentinel26379Internal Sentinel discovery port
Redis (public)6380, 6381, …One port per replica when public access is enabled
Sentinel (public)26380, 26381, …One port per replica when public access is enabled

Backup

Backup is disabled by default. When enabled, a cron workload runs on the configured schedule and uploads a Redis snapshot to AWS S3 or GCS. The backup image is compatible with all Redis versions.
  • backup.enabled — Enable scheduled backups.
  • backup.schedule — Cron expression for backup frequency (default: daily at 2am UTC).
  • backup.provideraws or gcp.
  • backup.resources.cpu / backup.resources.memory — Resources for the backup cron container.

AWS S3

Before enabling backup with provider: aws, complete the following in your AWS account:
  1. Create an S3 bucket. Set backup.aws.bucket to its name and backup.aws.region to its region.
  2. If you do not have a Cloud Account set up, refer to the docs to Create a Cloud Account. Set backup.aws.cloudAccountName to its name.
  3. Create an IAM policy with the following JSON, replacing YOUR_BUCKET_NAME:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetObjectVersion",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME",
                "arn:aws:s3:::YOUR_BUCKET_NAME/*"
            ]
        }
    ]
}
  1. Set backup.aws.policyName to the name of the policy created in step 3.
  2. Set backup.aws.prefix to the folder path where backups will be stored.

GCS

Before enabling backup with provider: gcp, complete the following in your GCP account:
  1. Create a GCS bucket. Set backup.gcp.bucket to its name.
  2. If you do not have a Cloud Account set up, refer to the docs to Create a Cloud Account. Set backup.gcp.cloudAccountName to its name.
  3. Add the Storage Admin role to the GCP service account associated with the Cloud Account.
  4. Set backup.gcp.prefix to the folder path where backups will be stored.

Restoring a Backup

Download the .rdb backup file from your bucket and restore it into a running Redis instance. For GCS, replace aws s3 cp s3://... with gsutil cp gs://.... 
aws s3 cp s3://BUCKET_NAME/PREFIX/BACKUP_FILE.rdb /tmp/dump.rdb
redis-cli \
  -h RELEASE_NAME-redis.GVC_NAME.cpln.local \
  -p 6379 \
  --rdb /tmp/dump.rdb

External References

Redis Documentation

Official Redis documentation

Redis Sentinel Documentation

Redis Sentinel setup and client configuration

Backup Image Source

Source code for the Redis backup container image

Redis Template

View the source files, default values, and chart definition