Skip to main content
The RedisClusterSpec defines the desired state of a Redis replication cluster. This page documents all available fields with their types, validation rules, and default values.

Core Fields

instances
int32
default:"1"
required
Total number of Redis pods (1 primary + N-1 replicas).Validation: Minimum value is 1.Example:
spec:
  instances: 3  # 1 primary + 2 replicas
mode
ClusterMode
default:"standalone"
Redis operating mode.Allowed values:
  • standalone - Standard replication (1 primary, N replicas)
  • sentinel - Automatic failover via Redis Sentinel
  • cluster - Reserved for future use (currently rejected by webhook)
Example:
spec:
  mode: sentinel
imageName
string
default:"redis:7.2"
Redis container image. Compatible with Redis 7.2+ and Valkey 7.x/8.x.Example:
spec:
  imageName: "redis:7.4-alpine"
storage
StorageSpec
required
PVC template for /data volumes. See Storage Configuration for details.Example:
spec:
  storage:
    size: 10Gi
    storageClassName: fast-ssd

Redis Configuration

redis
map[string]string
Key-value pairs for redis.conf parameters. Applied via CONFIG SET on live instances.Common parameters:
  • maxmemory - Maximum memory (e.g., 2gb)
  • maxmemory-policy - Eviction policy (e.g., allkeys-lru)
  • save - RDB persistence (e.g., 900 1 300 10)
  • appendonly - Enable AOF (e.g., yes)
Example:
spec:
  redis:
    maxmemory: "2gb"
    maxmemory-policy: "allkeys-lru"
    save: "900 1 300 10 60 10000"
    appendonly: "yes"

Resource Management

resources
ResourceRequirements
CPU and memory requests/limits for Redis containers.Example:
spec:
  resources:
    requests:
      cpu: "1"
      memory: 2Gi
    limits:
      cpu: "2"
      memory: 4Gi

Replication Settings

minSyncReplicas
int32
default:"0"
Minimum number of synchronous replicas. Controls min-replicas-to-write.Validation: Minimum value is 0.Example:
spec:
  minSyncReplicas: 1  # Primary requires 1 replica ACK before write succeeds
maxSyncReplicas
int32
default:"0"
Maximum number of synchronous replicas. Controls min-replicas-max-lag.Validation: Minimum value is 0.Example:
spec:
  maxSyncReplicas: 2

Update Strategy

primaryUpdateStrategy
PrimaryUpdateStrategy
default:"unsupervised"
Controls whether primary replacement runs automatically or waits for approval during rolling updates.Allowed values:
  • unsupervised - Primary is automatically replaced after replicas are updated
  • supervised - Primary waits for manual approval via annotation
When supervised, the operator sets the PrimaryUpdateWaiting condition to True and waits for the user to add the annotation:
kubectl annotate rediscluster my-cluster redis.io/approve-primary-update=true
Example:
spec:
  primaryUpdateStrategy: supervised

High Availability

enablePodDisruptionBudget
*bool
default:"true"
Controls whether a PodDisruptionBudget is created. The PDB ensures at least (instances - 1) replicas remain during voluntary disruptions.Example:
spec:
  enablePodDisruptionBudget: false  # Disable PDB
primaryIsolation
PrimaryIsolationSpec
Runtime split-brain prevention for primary pods. See details below.Example:
spec:
  primaryIsolation:
    enabled: true
    apiServerTimeout: 3s
    peerTimeout: 3s

Secret References

All secret fields use LocalObjectReference with a single name field. Secrets must exist in the same namespace as the RedisCluster. See Secret Management for details.
authSecret
LocalObjectReference
References a Secret containing the Redis password in key password.If not set, the operator auto-generates a secret named <cluster-name>-auth.Example:
spec:
  authSecret:
    name: my-redis-password
aclConfigSecret
LocalObjectReference
References a Secret containing ACL rules in key acl.Example:
spec:
  aclConfigSecret:
    name: redis-acl-rules
Secret contents:
apiVersion: v1
kind: Secret
metadata:
  name: redis-acl-rules
stringData:
  acl: |
    user admin on >adminpass ~* &* +@all
    user readonly on >readpass ~* &* +@read
tlsSecret
LocalObjectReference
References a Secret containing tls.crt and tls.key for TLS encryption.Example:
spec:
  tlsSecret:
    name: redis-tls
caSecret
LocalObjectReference
References a Secret containing ca.crt for TLS client certificate verification.Example:
spec:
  caSecret:
    name: redis-ca
backupCredentialsSecret
LocalObjectReference
References a Secret containing object storage credentials for backups.Required keys depend on the backup destination:
  • S3: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
  • GCS: GOOGLE_APPLICATION_CREDENTIALS (JSON key)
Example:
spec:
  backupCredentialsSecret:
    name: s3-backup-creds

Scheduling

See Scheduling Configuration for detailed examples.
nodeSelector
map[string]string
Constrains pods to nodes with matching labels.Example:
spec:
  nodeSelector:
    disktype: ssd
    region: us-west
affinity
Affinity
Pod affinity/anti-affinity scheduling rules.Example:
spec:
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              redis.io/cluster: my-cluster
          topologyKey: kubernetes.io/hostname
tolerations
[]Toleration
Allow scheduling onto tainted nodes.Example:
spec:
  tolerations:
    - key: "dedicated"
      operator: "Equal"
      value: "redis"
      effect: "NoSchedule"
topologySpreadConstraints
[]TopologySpreadConstraint
Control how pods are spread across topology domains.Example:
spec:
  topologySpreadConstraints:
    - maxSkew: 1
      topologyKey: topology.kubernetes.io/zone
      whenUnsatisfiable: DoNotSchedule
      labelSelector:
        matchLabels:
          redis.io/cluster: my-cluster

Bootstrap and Disaster Recovery

bootstrap
BootstrapSpec
Defines how to initialize the cluster from a backup. Only applied during initial cluster creation.Example:
spec:
  bootstrap:
    backupName: prod-backup-2024-01-15
replicaMode
ReplicaModeSpec
Configures full-cluster external replication for disaster recovery. See Replica Mode for details.Example:
spec:
  replicaMode:
    enabled: true
    source:
      host: primary-cluster.us-east.example.com
      port: 6379
      clusterName: prod-us-east
      authSecretName: primary-cluster-auth

Maintenance

nodeMaintenanceWindow
NodeMaintenanceWindow
Controls planned node maintenance behavior.Example:
spec:
  nodeMaintenanceWindow:
    inProgress: true
    reusePVC: true

Complete Example

apiVersion: redis.io/v1
kind: RedisCluster
metadata:
  name: production-redis
  namespace: default
spec:
  # Core configuration
  instances: 5
  mode: sentinel
  imageName: redis:7.4-alpine
  primaryUpdateStrategy: supervised
  
  # Storage
  storage:
    size: 50Gi
    storageClassName: fast-ssd
  
  # Redis configuration
  redis:
    maxmemory: "8gb"
    maxmemory-policy: "allkeys-lru"
    save: "900 1 300 10 60 10000"
    appendonly: "yes"
  
  # Resources
  resources:
    requests:
      cpu: "2"
      memory: 10Gi
    limits:
      cpu: "4"
      memory: 12Gi
  
  # Replication
  minSyncReplicas: 1
  maxSyncReplicas: 2
  
  # Secrets
  authSecret:
    name: redis-password
  aclConfigSecret:
    name: redis-acl
  tlsSecret:
    name: redis-tls
  backupCredentialsSecret:
    name: s3-backup-creds
  
  # Scheduling
  nodeSelector:
    disktype: ssd
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              redis.io/cluster: production-redis
          topologyKey: kubernetes.io/hostname
  tolerations:
    - key: "dedicated"
      operator: "Equal"
      value: "redis"
      effect: "NoSchedule"
  
  # High availability
  enablePodDisruptionBudget: true
  primaryIsolation:
    enabled: true
    apiServerTimeout: 5s
    peerTimeout: 5s

Build docs developers (and LLMs) love

Get started for freeTalk to us