Skip to main content

Overview

Redis is a high-performance in-memory data store. This template deploys a Redis master-replica cluster with Redis Sentinel for automatic failover and leader election.
This template does not create a GVC. You must deploy it into an existing GVC.

What Gets Created

  • Stateful Workload — Redis (RELEASE_NAME-redis): a master-replica cluster. Replica 0 starts as the primary; all others replicate from it.
  • Stateful Workload — Sentinel (RELEASE_NAME-sentinel): monitors the Redis cluster and orchestrates automatic failover when the primary becomes unavailable.
  • Secret — An opaque secret containing the Redis server configuration (redis.conf), mounted into each Redis container.
  • Secret — An opaque secret containing the Sentinel configuration (sentinel.conf), mounted into each Sentinel container.
  • Secret (optional) — A dictionary secret holding the Redis auth password, created when redis.auth.password.enabled is true.
  • Secret (optional) — A dictionary secret holding the Sentinel auth password, created when sentinel.auth.password.enabled is true.
  • Identity & Policy — Separate identities and policies for the Redis and Sentinel workloads, each with reveal access to their respective secrets.
  • Volume Set (optional) — Persistent storage for Redis data, created when redis.persistence.enabled is true.
  • Volume Set (optional) — Persistent storage for Sentinel state, created when sentinel.persistence.enabled is true.
  • Domain (optional) — External domain resources for Redis and/or Sentinel when publicAccess.enabled is true.

Installation

To install, follow the instructions for your preferred method:

UI

Browse, install, and manage templates visually

CLI

Manage templates from your terminal

Terraform

Declare templates in your Terraform configurations

Pulumi

Declare templates in your Pulumi programs

Configuration

The default values.yaml for this template: 
redis:
  image: redis:7.4
  resources:
    cpu: 200m
    memory: 256Mi
    minCpu: 80m
    minMemory: 128Mi
  replicas: 2
  timeoutSeconds: 15
  multiZone: false
  replicaDirect: false
  auth:
    fromSecret:
      enabled: false
      name: example-redis-auth-password
      passwordKey: password
    password:
      enabled: false
      value: your-password
  serverCommand: redis-server
  # extraArgs: "--maxclients 20000 --maxmemory 200mb --maxmemory-policy allkeys-lru"
  publicAccess:
    enabled: false
    address: redis-test.example-cpln.com
  firewall:
    internal_inboundAllowType: same-gvc # Options: same-org / same-gvc / workload-list
    # external_inboundAllowCIDR: 0.0.0.0/0
    # inboundAllowWorkload:
    #   - //gvc/GVC_NAME/workload/WORKLOAD_NAME
    # external_outboundAllowCIDR: 0.0.0.0/0
  env: []
  dataDir: /data
  persistence:
    enabled: false
    volumes:
      data:
        initialCapacity: 10 # In GiB
        performanceClass: general-purpose-ssd # general-purpose-ssd / high-throughput-ssd (Min 1000 GiB)
        fileSystemType: ext4 # ext4 / xfs
        snapshots:
          retentionDuration: 7d
          schedule: "0 0 * * *" # UTC
        autoscaling:
          maxCapacity: 100 # In GiB
          minFreePercentage: 20
          scalingFactor: 1.2

sentinel:
  image: redis:7.4
  resources:
    cpu: 200m
    memory: 256Mi
    minCpu: 80m
    minMemory: 128Mi
  replicas: 3
  timeoutSeconds: 10
  multiZone: false
  replicaDirect: false
  quorumAutoCalculation: true # Quorum = (replicas / 2) + 1
  quorumOverride: null        # Only used if quorumAutoCalculation is false
  auth:
    fromSecret:
      enabled: false
      name: example-redis-auth-password
      passwordKey: password
    password:
      enabled: false
      value: your-password
  publicAccess:
    enabled: false
    address: redis-sentinel-test.example-cpln.com
  firewall:
    internal_inboundAllowType: same-gvc # Options: same-org / same-gvc
    # external_inboundAllowCIDR: 0.0.0.0/0
    # inboundAllowWorkload:
    #   - //gvc/GVC_NAME/workload/WORKLOAD_NAME
    # external_outboundAllowCIDR: 0.0.0.0/0
  env: []
  persistence:
    enabled: false
    volumes:
      data:
        initialCapacity: 10 # In GiB
        performanceClass: general-purpose-ssd
        fileSystemType: ext4
        snapshots:
          retentionDuration: 7d
          schedule: "0 0 * * *"
        autoscaling:
          maxCapacity: 50 # In GiB
          minFreePercentage: 20
          scalingFactor: 1.2

Authentication

Authentication is disabled by default. Both the Redis workload and the Sentinel workload support independent auth configuration. Only one method can be enabled at a time per workload. Option 1 — Inline password (creates a secret automatically): 
redis:
  auth:
    password:
      enabled: true
      value: your-password
Option 2 — Reference an existing secret: 
redis:
  auth:
    fromSecret:
      enabled: true
      name: my-redis-secret   # Name of an existing Control Plane secret
      passwordKey: password   # Key within the secret containing the password
Sentinel can be configured with a separate password for Sentinel-to-Sentinel communication using the same options under sentinel.auth.

Redis Cluster

  • redis.replicas — Number of Redis replicas. Replica 0 is always the initial primary.
  • redis.resources.cpu / redis.resources.memory — Maximum CPU and memory per replica.
  • redis.resources.minCpu / redis.resources.minMemory — Minimum CPU and memory guaranteed per replica.
  • redis.multiZone — Spread replicas across availability zones within the location.
  • redis.extraArgs — Additional Redis server arguments (e.g. --maxmemory 200mb --maxmemory-policy allkeys-lru).

Sentinel

Sentinel monitors the Redis cluster and automatically promotes a replica when the primary fails.
  • sentinel.replicas — Number of Sentinel replicas. A minimum of 3 is required for a majority quorum.
  • sentinel.quorumAutoCalculation — When true, the quorum is calculated automatically as (replicas / 2) + 1. Set to false to use sentinel.quorumOverride.
  • sentinel.quorumOverride — Manual quorum value, used only when quorumAutoCalculation is false.
  • sentinel.resources.cpu / sentinel.resources.memory — Maximum CPU and memory per Sentinel replica.
  • sentinel.resources.minCpu / sentinel.resources.minMemory — Minimum CPU and memory guaranteed per Sentinel replica.
  • sentinel.multiZone — Spread Sentinel replicas across availability zones.

Storage

Persistence is disabled by default. When enabled, a Volume Set is created to store data across restarts. Redis persistence:
  • redis.persistence.enabled — Enable persistent storage for Redis data.
  • redis.persistence.volumes.data.initialCapacity — Initial volume size in GiB. Minimum 1000 GiB for high-throughput-ssd.
  • redis.persistence.volumes.data.performanceClassgeneral-purpose-ssd or high-throughput-ssd.
  • redis.persistence.volumes.data.fileSystemTypeext4 or xfs.
  • redis.persistence.volumes.data.snapshots.retentionDuration — How long to retain volume snapshots.
  • redis.persistence.volumes.data.snapshots.schedule — Cron expression for snapshot frequency.
  • redis.persistence.volumes.data.autoscaling.maxCapacity — Maximum volume size in GiB.
  • redis.persistence.volumes.data.autoscaling.minFreePercentage — Trigger scaling when free space drops below this percentage.
  • redis.persistence.volumes.data.autoscaling.scalingFactor — Multiply current capacity by this factor when scaling up.
Sentinel persistence uses the same options under sentinel.persistence.

Firewall

Both Redis and Sentinel firewall settings are configured independently.
  • redis.firewall.internal_inboundAllowType / sentinel.firewall.internal_inboundAllowType:
ValueDescription
same-gvcAllow access from all workloads in the same GVC (recommended)
same-orgAllow access from all workloads in the same organization
workload-listAllow access only from specific workloads
  • redis.firewall.inboundAllowWorkload — List of specific workload links when using workload-list.
  • redis.firewall.external_inboundAllowCIDR — Comma-separated CIDR ranges for external inbound access.
  • redis.firewall.external_outboundAllowCIDR — Comma-separated CIDR ranges for external outbound access.

Public Access

When enabled, a Control Plane Domain resource is created and each replica is exposed on a dedicated port for external access.
  • redis.publicAccess.enabled — Expose Redis externally.
  • redis.publicAccess.address — The domain address to use (must be a CNAME-capable domain configured in your Control Plane org).
  • sentinel.publicAccess.enabled / sentinel.publicAccess.address — Same options for Sentinel.

Connecting to Redis

Once deployed, connect to Redis from within the same GVC using: 
RELEASE_NAME-redis.GVC_NAME.cpln.local:6379
For Sentinel-aware clients, connect through Sentinel to always reach the current primary: 
RELEASE_NAME-sentinel.GVC_NAME.cpln.local:26379
The Sentinel master name is mymaster.

Ports

WorkloadPortProtocolDescription
Redis6379TCPRedis data port
Sentinel26379TCPSentinel discovery port

External References

Redis Documentation

Official Redis documentation

Redis Sentinel Documentation

Redis Sentinel setup and client configuration

Redis Template

View the source files, default values, and chart definition