Redis Multi-Location

Overview

Redis Multi-Location deploys a master-replica Redis cluster with Redis Sentinel across multiple Control Plane locations, providing geographic distribution and automatic failover. Unlike the standard Redis template, this template creates its own GVC spanning the configured locations.

This template creates a new GVC. At least 2 locations are required.

What Gets Created

GVC — A new GVC spanning the configured locations.
Stateful Redis Workload — (RELEASE_NAME-redis): replica 0 starts as the primary; all others replicate from it. The per-location replica count is independently configurable.
Stateful Sentinel Workload — (RELEASE_NAME-sentinel): 1 replica per location monitors the Redis cluster and orchestrates automatic failover.
Volume Set — Persistent storage for Redis data (configurable capacity).
Volume Set — Persistent storage for Sentinel state (10 GiB, fixed).
Secret — An opaque secret containing the Redis configuration (redis.conf), mounted into each Redis container.
Secret — An opaque secret containing the Sentinel configuration (sentinel.conf), mounted into each Sentinel container.
Identity & Policy — Separate identities and policies for the Redis and Sentinel workloads, each with reveal access to their respective secrets.
Domain (optional) — One domain per workload when public access is enabled, exposing Redis and Sentinel at the configured hostnames.
Backup Cron Workload (optional) — A scheduled backup job that writes Redis snapshots to AWS S3 or GCS.

Installation

To install, follow the instructions for your preferred method:

UI

Browse, install, and manage templates visually

CLI

Manage templates from your terminal

Terraform

Declare templates in your Terraform configurations

Pulumi

Declare templates in your Pulumi programs

Configuration

The default values.yaml for this template:

gvc:
  name: my-redis-gvc
  locations: # Replica count applies to Redis workload only; Sentinel always runs 1 per location
    - name: aws-eu-central-1
      replicas: 2
    - name: aws-us-west-2
      replicas: 2
    - name: aws-us-east-1
      replicas: 2

redis:
  image: redis:7.2
  resources:
    cpu: 200m
    memory: 256Mi
  # serverCommand: redis-server  # Override for different Redis/Valkey image variants
  # extraArgs: "--maxclients 20000 --maxmemory 200mb --maxmemory-policy allkeys-lru"
  # password: your-redis-password
  publicAccess:
    enabled: false
    address: redis.example-cpln.com  # Custom domain to expose Redis publicly
  volumeset:
    initialCapacity: 20 # GiB
    autoscaling:
      enabled: false
      maxCapacity: 100 # GiB
      minFreePercentage: 10
      scalingFactor: 1.2

sentinel:
  image: redis:7.2
  resources:
    cpu: 200m
    memory: 256Mi
  quorum: 2
  # extraArgs: "--sentinel down-after-milliseconds mymaster 5000 --sentinel failover-timeout mymaster 10000"
  # password: your-sentinel-password
  publicAccess:
    enabled: false
    address: redis-sentinel.example-cpln.com  # Custom domain to expose Sentinel publicly

# Applies to both Redis and Sentinel workloads
firewall:
  internalAllowType: same-gvc # options: same-gvc, same-org, workload-list
  # externalInboundAllowCIDR: "0.0.0.0/0"  # Required when publicAccess is enabled. Comma-separated list.
  # externalOutboundAllowCIDR: "0.0.0.0/0"  # Comma-separated list.
  # workloads:
  #   - //gvc/GVC_NAME/workload/WORKLOAD_NAME

backup:
  enabled: false
  image: controlplanecorporation/redis-backup:1.0
  schedule: "0 2 * * *"  # daily at 2am UTC

  resources:
    cpu: 100m
    memory: 128Mi

  provider: aws # Options: aws or gcp

  aws:
    bucket: my-backup-bucket
    region: us-east-1
    cloudAccountName: my-backup-cloudaccount
    policyName: my-backup-policy
    prefix: "redis/backups"

  gcp:
    bucket: my-backup-bucket
    cloudAccountName: my-backup-cloudaccount
    prefix: "redis/backups"

Locations

gvc.name — Name of the GVC to create. Must be unique within your organization if deploying multiple instances.
gvc.locations — List of Control Plane locations to deploy into. At least 2 locations are required.
locations[].name — Location identifier (e.g. aws-us-east-1).
locations[].replicas — Number of Redis replicas to run in that location. Sentinel always runs exactly 1 replica per location regardless of this setting.

Authentication

Authentication is disabled by default. Redis and Sentinel can be configured with independent passwords.

redis.password — Password applied as both requirepass and masterauth in the Redis configuration.
sentinel.password — Optional separate password for Sentinel-to-Sentinel communication (requirepass on the Sentinel process).

Redis

redis.image — Redis (or Valkey) image to use.
redis.resources.cpu / redis.resources.memory — CPU and memory allocated per Redis replica.
redis.serverCommand — Override the server command (e.g. valkey-server for Valkey images).
redis.extraArgs — Additional server arguments appended to the startup command.

Sentinel

Sentinel monitors the Redis primary and promotes a replica on failure. The quorum must be set to a value that can form a majority across all running Sentinel instances.

sentinel.image — Redis (or Valkey) image to use for Sentinel.
sentinel.resources.cpu / sentinel.resources.memory — CPU and memory allocated per Sentinel replica.
sentinel.quorum — Number of Sentinel instances that must agree before a failover is initiated. For 3 locations (3 Sentinel replicas), a quorum of 2 is recommended.
sentinel.extraArgs — Additional Sentinel arguments (e.g. custom down-after-milliseconds or failover-timeout).

Storage

redis.volumeset.initialCapacity — Initial volume size in GiB for Redis data (default 20).
redis.volumeset.autoscaling.enabled — Automatically expand the volume as it fills. When enabled:
- maxCapacity — Maximum volume size in GiB.
- minFreePercentage — Trigger a scale-up when free space drops below this percentage.
- scalingFactor — Multiply current capacity by this factor when scaling up.

Sentinel state storage is always provisioned at 10 GiB with no autoscaling.

Public Access

Both Redis and Sentinel can be exposed publicly via a custom domain. When enabled, a Control Plane domain resource is created for the workload and traffic is routed to it at the standard port.

redis.publicAccess.enabled — Expose Redis publicly (default: false).
redis.publicAccess.address — The custom domain hostname for Redis (e.g. redis.example-cpln.com).
sentinel.publicAccess.enabled — Expose Sentinel publicly (default: false).
sentinel.publicAccess.address — The custom domain hostname for Sentinel (e.g. redis-sentinel.example-cpln.com).

firewall.externalInboundAllowCIDR must be set when public access is enabled. Without it, inbound external traffic will be blocked.

When public access is enabled, connect using the configured domain address at the standard port:

Workload	Public endpoint
Redis	`redis.publicAccess.address:6379`
Sentinel	`sentinel.publicAccess.address:26379`

Firewall

A single firewall configuration applies to both the Redis and Sentinel workloads.

firewall.internalAllowType — Controls which workloads can connect internally:

Value	Description
`same-gvc`	Allow access from all workloads in the same GVC (recommended)
`same-org`	Allow access from all workloads in the same organization
`workload-list`	Allow access only from specific workloads listed in `workloads`

firewall.workloads — List of specific workload links, used when internalAllowType is workload-list.
firewall.externalInboundAllowCIDR — Comma-separated list of CIDRs allowed to reach the workloads externally. Required when public access is enabled. Use 0.0.0.0/0 to allow all, or restrict to specific IP ranges.
firewall.externalOutboundAllowCIDR — Comma-separated list of CIDRs the workloads are allowed to connect to externally.

Connecting to Redis

Connect to Redis from within the same GVC using:

RELEASE_NAME-redis.GVC_NAME.cpln.local:6379

For Sentinel-aware clients, connect through Sentinel to always route to the current primary:

RELEASE_NAME-sentinel.GVC_NAME.cpln.local:26379

The Sentinel master name is mymaster.

Ports

Workload	Port	Protocol	Description
Redis	`6379`	TCP	Redis data port
Sentinel	`26379`	TCP	Sentinel discovery port

Backup

Backup is disabled by default. When enabled, a cron workload runs in the first configured location only and uploads a single compressed .rdb.gz snapshot to AWS S3 or GCS. The backup image is compatible with all Redis versions.

backup.enabled — Enable scheduled backups.
backup.schedule — Cron expression for backup frequency (default: daily at 2am UTC).
backup.provider — aws or gcp.
backup.resources.cpu / backup.resources.memory — Resources for the backup cron container.

AWS S3

Before enabling backup with provider: aws, complete the following in your AWS account:

Create an S3 bucket. Set backup.aws.bucket to its name and backup.aws.region to its region.
If you do not have a Cloud Account set up, refer to the docs to Create a Cloud Account. Set backup.aws.cloudAccountName to its name.
Create an IAM policy with the following JSON, replacing YOUR_BUCKET_NAME:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetObjectVersion",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME",
                "arn:aws:s3:::YOUR_BUCKET_NAME/*"
            ]
        }
    ]
}

Set backup.aws.policyName to the name of the policy created in step 3.
Set backup.aws.prefix to the folder path where backups will be stored.

GCS

Before enabling backup with provider: gcp, complete the following in your GCP account:

Create a GCS bucket. Set backup.gcp.bucket to its name.
If you do not have a Cloud Account set up, refer to the docs to Create a Cloud Account. Set backup.gcp.cloudAccountName to its name.
Add the Storage Admin role to the GCP service account associated with the Cloud Account.
Set backup.gcp.prefix to the folder path where backups will be stored.

Restoring a Backup

The backup produces a single file (redis-<timestamp>.rdb.gz). Download and decompress it, then copy it to /data/dump.rdb on the replica you want to restore and restart that replica. For GCS, replace aws s3 cp s3://... with gsutil cp gs://....

aws s3 cp s3://BUCKET_NAME/PREFIX/BACKUP_FILE.rdb.gz - \
  | gunzip > /tmp/dump.rdb

External References

Redis Documentation

Official Redis documentation

Redis Sentinel Documentation

Redis Sentinel setup and client configuration

Backup Image Source

Source code for the Redis backup container image